Need help removing malware

Solved
By Nathan Dauth
Oct 11, 2012
  1. I need help removing some malware that redirects search results and changes my windows security settings. Windows defender has found Sirefef and Alureon on my machine if that helps.

    Here are my logs:

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org
    Database version: v2012.10.11.14
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    aliu :: ALVIN-LAPTOP [administrator]
    10/11/2012 2:18:29 PM
    mbam-log-2012-10-11 (14-18-29).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 200233
    Time elapsed: 1 minute(s), 28 second(s)
    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 2780 -> Delete on reboot.
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
    (end)

    GMER.log was blank...

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by aliu at 14:35:27 on 2012-10-11
    Microsoft Windows 7 Ultimate N 6.1.7601.1.1252.1.1033.18.3978.1898 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\ibmpmsvc.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
    C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
    C:\Windows\system32\CxAudMsg64.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
    C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
    C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
    C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
    C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
    C:\Windows\SysWOW64\SAsrv.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
    C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskhost.exe
    C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
    C:\Windows\system32\Dwm.exe
    C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\rundll32.exe
    C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Microsoft Device Center\itype.exe
    C:\Program Files\Microsoft Device Center\ipoint.exe
    C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Samsung\Kies\Kies.exe
    C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files (x86)\Microsoft Lync\communicator.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
    \\.\globalroot\systemroot\svchost.exe -netsvcs
    C:\Windows\system32\conhost.exe
    C:\Program Files\Microsoft Lync\UcMapi64.exe
    C:\Program Files\Microsoft Dynamics ERP\Management Reporter\2.1\Server\Services\MRServiceHost.exe
    C:\Program Files\Microsoft Dynamics ERP\Management Reporter\2.1\Server\Services\MRServiceHost.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mWinlogon: Userinit=userinit.exe,
    BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-2923e76605da} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: af0.Adblock.BHO: {90eff544-3981-4d46-85c9-c0361d0931d6} - mscoree.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
    uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
    mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
    StartupFolder: C:\Users\Aliu\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.100.106 192.168.100.115
    TCP: Interfaces\{6EB251FE-37B1-4AA5-BC07-DEAE96051880} : DhcpNameServer = 192.168.100.106 192.168.100.115
    TCP: Interfaces\{6EB251FE-37B1-4AA5-BC07-DEAE96051880}\14E64627F69646455647865627 : DhcpNameServer = 192.168.2.254
    TCP: Interfaces\{6EB251FE-37B1-4AA5-BC07-DEAE96051880}\24C6575644F6C6078696E6D27657563747 : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.33.1
    TCP: Interfaces\{6EB251FE-37B1-4AA5-BC07-DEAE96051880}\763736 : DhcpNameServer = 192.168.2.254
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
    BHO-X64: Lync add-on BHO - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: af0.Adblock.BHO: {90EFF544-3981-4d46-85C9-C0361D0931D6} - mscoree.dll
    BHO-X64: AdblockIE - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll
    TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun-x64: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
    mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
    AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]
    R1 MpKsl0ee0524c;MpKsl0ee0524c;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2E27EF75-FF19-4D10-8EAC-47B1836BA710}\MpKsl0ee0524c.sys [2012-10-11 35664]
    R1 nvkflt;nvkflt;C:\Windows\system32\DRIVERS\nvkflt.sys --> C:\Windows\system32\DRIVERS\nvkflt.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
    R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\system32\CxAudMsg64.exe --> C:\Windows\system32\CxAudMsg64.exe [?]
    R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-12-27 514048]
    R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-9-10 101736]
    R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-9-10 133992]
    R2 MR2012ApplicationService;Management Reporter 2012 Application Service;C:\Program Files\Microsoft Dynamics ERP\Management Reporter\2.1\Server\Services\MRServiceHost.exe [2012-7-24 19544]
    R2 MR2012ProcessService;Management Reporter 2012 Process Service;C:\Program Files\Microsoft Dynamics ERP\Management Reporter\2.1\Server\Services\MRServiceHost.exe [2012-7-24 19544]
    R2 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2008-7-10 214040]
    R2 msoidsvc;Microsoft Online Services Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2010-8-17 2024864]
    R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2008-7-10 2045464]
    R2 risdxc;risdxc;C:\Windows\system32\DRIVERS\risdxc64.sys --> C:\Windows\system32\DRIVERS\risdxc64.sys [?]
    R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SASrv.exe [2012-9-9 446592]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-3-7 382272]
    R2 SWGVCSvc;SonicWALL Global VPN Client Service;C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2009-3-5 284696]
    R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-9-10 145256]
    R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-9-10 142696]
    R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-12-27 979456]
    R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-6-25 3325232]
    R3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?]
    R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
    R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-7-10 34840]
    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\Netwsw00.sys --> C:\Windows\system32\DRIVERS\Netwsw00.sys [?]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 SmbDrvI;SmbDrvI;C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys --> C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S1 SWIPsec;SonicWALL IPsec Driver;\??\C:\Windows\system32\Drivers\SWIPsec.sys --> C:\Windows\system32\Drivers\SWIPsec.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-9-10 250808]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
    S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
    S3 SWVNIC;SonicWALL Virtual Miniport;C:\Windows\system32\DRIVERS\swvnic.sys --> C:\Windows\system32\DRIVERS\swvnic.sys [?]
    S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
    S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-9 61976]
    S4 RsFx0102;RsFx0102 Driver;C:\Windows\system32\DRIVERS\RsFx0102.sys --> C:\Windows\system32\DRIVERS\RsFx0102.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-10-11 21:24:49 20480 ----a-w- C:\Windows\svchost.exe
    2012-10-11 21:23:59 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2E27EF75-FF19-4D10-8EAC-47B1836BA710}\offreg.dll
    2012-10-11 21:23:54 35664 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2E27EF75-FF19-4D10-8EAC-47B1836BA710}\MpKsl0ee0524c.sys
    2012-10-11 21:17:37 -------- d-----w- C:\Users\Aliu\AppData\Roaming\Malwarebytes
    2012-10-11 21:17:21 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-10-11 21:17:20 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-10-11 21:17:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-10-11 21:14:53 -------- d-----w- C:\Users\Aliu\AppData\Roaming\DAEMON Tools Lite
    2012-10-11 20:39:32 972192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4605B198-7224-4C4F-BE49-CCCA7084A801}\gapaengine.dll
    2012-10-11 20:39:30 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2E27EF75-FF19-4D10-8EAC-47B1836BA710}\mpengine.dll
    2012-10-11 20:36:41 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2012-10-11 20:36:39 -------- d-----w- C:\Program Files\Microsoft Security Client
    2012-10-11 17:33:36 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E8039718-9CCD-414D-B6EB-FD80FC8E220D}\mpengine.dll
    2012-10-10 16:31:33 -------- d-----w- C:\Program Files (x86)\Citrix
    2012-10-09 23:18:06 5632 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\8ED5.tmp
    2012-10-09 23:18:06 5632 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\8ED4.tmp
    2012-10-09 21:46:05 -------- d-----w- C:\Windows\SysWow64\%APPDATA%
    2012-10-08 20:55:31 -------- d-----w- C:\Users\Aliu\AppData\Local\Cisco
    2012-10-08 20:49:52 -------- d-----w- C:\ProgramData\Cisco
    2012-10-05 01:50:49 -------- d-----w- C:\Program Files\Microsoft Lync
    2012-10-05 01:50:48 -------- d-----w- C:\Program Files (x86)\Microsoft Lync
    2012-10-05 01:48:24 -------- d-----w- C:\Users\Aliu\Tracing
    2012-10-05 01:48:24 -------- d-----w- C:\Program Files (x86)\OCSetup
    2012-09-28 21:29:03 -------- d-----w- C:\Users\Aliu\VSWebCache
    2012-09-28 03:04:54 -------- d-----w- C:\Program Files\Ventrilo
    2012-09-28 03:04:25 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2012-09-26 22:09:31 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-09-26 19:01:59 -------- d-----w- C:\Program Files (x86)\af0.net
    2012-09-26 16:20:13 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
    2012-09-24 20:43:19 -------- d-----w- C:\ProgramData\Blizzard Entertainment
    2012-09-24 20:43:19 -------- d-----w- C:\Program Files (x86)\World of Warcraft
    2012-09-24 20:43:19 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
    2012-09-24 20:42:30 -------- d-----w- C:\ProgramData\Battle.net
    2012-09-24 17:39:59 -------- d-----w- C:\Users\Aliu\AppData\Roaming\Microsoft Business Solutions
    2012-09-19 23:20:47 -------- d-----w- C:\Users\Aliu\AppData\Local\IsolatedStorage
    2012-09-19 17:02:08 102368 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
    2012-09-18 23:46:12 -------- d-----w- C:\Program Files\VideoLAN
    2012-09-18 19:46:31 -------- d-----w- C:\Users\Aliu\AppData\Roaming\SonicWALL
    2012-09-18 19:46:16 99352 ----a-w- C:\Windows\System32\drivers\SWIPsec.sys
    2012-09-18 19:46:11 -------- d-----w- C:\Program Files\SonicWALL
    2012-09-18 00:37:55 -------- d-----w- C:\Program Files\Common Files\Deterministic Networks
    2012-09-18 00:37:54 -------- d-----w- C:\Program Files (x86)\Cisco Systems
    2012-09-17 18:02:28 -------- d-----w- C:\Users\Aliu\AppData\Local\Microsoft Games
    2012-09-15 17:07:58 -------- d-----w- C:\Users\Aliu\AppData\Local\Bomgar
    2012-09-14 23:29:01 -------- d-----w- C:\Windows\System32\appmgmt
    2012-09-14 02:14:05 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2012-09-14 02:14:05 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2012-09-14 02:14:05 1139200 ----a-w- C:\Windows\System32\FntCache.dll
    2012-09-12 20:45:51 -------- d-----w- C:\Users\Aliu\AppData\Local\Diagnostics
    2012-09-12 18:57:52 -------- d-----w- C:\Users\Aliu\AppData\Roaming\Samsung
    2012-09-12 18:54:02 -------- d-----w- C:\Windows\SysWow64\Wat
    2012-09-12 18:54:02 -------- d-----w- C:\Windows\System32\Wat
    2012-09-12 18:54:00 -------- d-----w- C:\Windows\SysWow64\LogFiles
    2012-09-12 18:54:00 -------- d-----w- C:\Program Files\Windows Portable Devices
    2012-09-12 18:54:00 -------- d-----w- C:\Program Files (x86)\Windows Portable Devices
    2012-09-12 18:37:01 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
    2012-09-12 18:24:33 81408 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-09-12 18:24:33 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2012-09-12 18:24:33 5120 ----a-w- C:\Windows\System32\wmi.dll
    2012-09-12 18:24:33 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-09-12 18:24:33 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2012-09-12 18:24:33 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-09-12 18:24:33 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-09-12 18:11:41 203104 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
    2012-09-12 18:08:00 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
    2012-09-12 18:05:03 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll
    2012-09-12 18:05:03 -------- d-----w- C:\Program Files (x86)\MarkAny
    2012-09-12 18:02:25 -------- d-----w- C:\Users\Aliu\AppData\Local\Downloaded Installations
    2012-09-12 17:21:37 -------- d-----w- C:\Windows\SysWow64\NV
    2012-09-12 17:21:37 -------- d-----w- C:\Windows\System32\NV
    2012-09-12 17:06:18 -------- d-----w- C:\Users\Aliu\AppData\Local\ElevatedDiagnostics
    2012-09-12 16:46:55 -------- d-----w- C:\Program Files\SAMSUNG
    2012-09-12 16:46:42 -------- d-----w- C:\ProgramData\Samsung
    2012-09-12 16:33:36 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
    2012-09-12 16:33:36 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
    2012-09-12 16:33:36 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2012-09-12 16:33:36 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
    2012-09-12 16:33:36 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-09-12 16:33:36 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-09-12 16:33:36 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    .
    ==================== Find3M ====================
    .
    2012-10-11 19:38:22 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-11 19:38:22 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-09-10 01:05:48 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
    2012-08-31 05:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
    2012-08-31 05:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
    2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-07-30 20:32:08 708168 ----a-w- C:\Windows\System32\WinUSBCoInstaller.dll
    2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 14:35:50.45 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate N
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/9/2012 3:17:29 PM
    System Uptime: 10/11/2012 2:23:39 PM (0 hours ago)
    .
    Motherboard: LENOVO | | 4170CTO
    Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz | CPU | 2501/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 132 GiB total, 51.39 GiB free.
    D: is FIXED (NTFS) - 16 GiB total, 5.583 GiB free.
    E: is CDROM ()
    G: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: SonicWALL IPsec Driver
    Device ID: ROOT\LEGACY_SWIPSEC\0000
    Manufacturer:
    Name: SonicWALL IPsec Driver
    PNP Device ID: ROOT\LEGACY_SWIPSEC\0000
    Service: SWIPsec
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Cisco Systems VPN Adapter for 64-bit Windows
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco Systems VPN Adapter for 64-bit Windows
    PNP Device ID: ROOT\NET\0000
    Service: CVirtA
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: SonicWALL Virtual NIC
    Device ID: ROOT\SWVNIC\0000
    Manufacturer: SonicWALL
    Name: SonicWALL Virtual NIC
    PNP Device ID: ROOT\SWVNIC\0000
    Service: SWVNIC
    .
    ==== System Restore Points ===================
    .
    RP37: 10/4/2012 6:56:36 PM - Installed Microsoft Online Services Sign-in Assistant
    RP38: 10/4/2012 7:54:19 PM - Installed Microsoft Office Professional Plus 2010 Subscription
    RP39: 10/8/2012 12:24:40 PM - Windows Update
    RP40: 10/8/2012 1:49:36 PM - Installed Cisco AnyConnect VPN Client
    RP41: 10/10/2012 4:44:28 PM - Removed AdblockIE
    RP42: 10/11/2012 10:31:22 AM - Restore Operation
    RP44: 10/11/2012 11:43:08 AM - Windows Defender Checkpoint
    RP45: 10/11/2012 1:39:21 PM - Windows Update
    RP46: 10/11/2012 2:20:43 PM - Removed Java(TM) 6 Update 25
    .
    ==== Installed Programs ======================
    .
    AdblockIE
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.4)
    Amazon Kindle
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    DAEMON Tools Lite
    Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    Integrated Camera Driver Installer Package Ver.1.1.0.1147
    Integrated Camera TWAIN
    Intel(R) Processor Graphics
    Lenovo Patch Utility
    Malwarebytes Anti-Malware version 1.65.0.1400
    Microsoft Dynamics GP 2010
    Microsoft Lync 2010 SDK Runtime
    Microsoft Office 2003 Web Components
    Microsoft Silverlight
    Microsoft SQL Server 2008 Books Online (English)
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Policies
    Microsoft SQL Server Compact 3.5 SP1 English
    Microsoft SQL Server Compact 3.5 SP1 Query Tools English
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    NVIDIA Stereoscopic 3D Driver
    Open XML SDK 2.0 for Microsoft Office
    Pidgin
    Renesas Electronics USB 3.0 Host Controller Driver
    RICOH_Media_Driver_v2.14.18.01
    Samsung Kies
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Skype™ 5.10
    SnagIt 8
    ThinkPad Wireless LAN Adapter Software
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    WinRAR archiver
    WinZip
    World of Warcraft
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/9/2012 2:38:42 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    10/4/2012 10:32:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).
    10/11/2012 2:23:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SWIPsec
    10/11/2012 2:23:50 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain DM0 due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
    10/11/2012 2:00:42 PM, Error: NetBT [4311] - Initialization failed because the driver device could not be created. Use the string "2477037E4215" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name.
    10/11/2012 12:22:14 PM, Error: nvlddmkm [14] -
    10/11/2012 10:48:15 AM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
    10/10/2012 7:44:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    10/10/2012 7:41:54 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    10/10/2012 7:41:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    10/10/2012 7:41:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    10/10/2012 7:41:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    10/10/2012 7:41:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    10/10/2012 7:41:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    10/10/2012 7:41:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    10/10/2012 7:41:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/10/2012 7:41:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    10/10/2012 7:41:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache lenovo.smi NetBIOS NetBT nsiproxy Psched rdbss spldr SWIPsec tdx vwififlt Wanarpv6 WfpLwf
    10/10/2012 7:41:12 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/10/2012 7:41:12 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/10/2012 7:41:12 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    10/10/2012 7:41:12 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/10/2012 7:41:12 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/10/2012 7:41:12 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    10/10/2012 7:41:12 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/10/2012 7:41:12 PM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
    10/10/2012 7:41:12 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/10/2012 7:41:12 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/10/2012 7:41:12 PM, Error: Service Control Manager [7001] - The Conexant Audio Message Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
    10/10/2012 7:37:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
    10/10/2012 6:58:13 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    10/10/2012 6:58:13 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    10/10/2012 6:57:56 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa80049be010, 0xfffff8800f1b8928, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101012-9391-01.
    .
    ==== End Of File ===========================

    Thank you in advance for your help.
  2. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =========================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  3. Nathan Dauth

    Nathan Dauth Newcomer, in training Topic Starter Posts: 21

    There was one item to 'Cure'. Here is the log:

    17:10:17.0766 4320 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    17:10:18.0450 4320 ============================================================
    17:10:18.0450 4320 Current date / time: 2012/10/11 17:10:18.0450
    17:10:18.0450 4320 SystemInfo:
    17:10:18.0450 4320
    17:10:18.0450 4320 OS Version: 6.1.7601 ServicePack: 1.0
    17:10:18.0450 4320 Product type: Workstation
    17:10:18.0450 4320 ComputerName: ALVIN-LAPTOP
    17:10:18.0451 4320 UserName: aliu
    17:10:18.0451 4320 Windows directory: C:\Windows
    17:10:18.0451 4320 System windows directory: C:\Windows
    17:10:18.0451 4320 Running under WOW64
    17:10:18.0451 4320 Processor architecture: Intel x64
    17:10:18.0451 4320 Number of processors: 4
    17:10:18.0451 4320 Page size: 0x1000
    17:10:18.0451 4320 Boot type: Normal boot
    17:10:18.0451 4320 ============================================================
    17:10:18.0828 4320 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    17:10:18.0879 4320 ============================================================
    17:10:18.0879 4320 \Device\Harddisk0\DR0:
    17:10:18.0880 4320 MBR partitions:
    17:10:18.0880 4320 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
    17:10:18.0880 4320 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x107EA800
    17:10:18.0880 4320 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x10AD9000, BlocksNum 0x1F40000
    17:10:18.0880 4320 ============================================================
    17:10:18.0881 4320 C: <-> \Device\Harddisk0\DR0\Partition2
    17:10:18.0883 4320 D: <-> \Device\Harddisk0\DR0\Partition3
    17:10:18.0883 4320 ============================================================
    17:10:18.0883 4320 Initialize success
    17:10:18.0883 4320 ============================================================
    17:10:23.0626 4712 ============================================================
    17:10:23.0626 4712 Scan started
    17:10:23.0626 4712 Mode: Manual;
    17:10:23.0626 4712 ============================================================
    17:10:23.0746 4712 ================ Scan system memory ========================
    17:10:23.0746 4712 System memory - ok
    17:10:23.0747 4712 ================ Scan services =============================
    17:10:23.0795 4712 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    17:10:23.0799 4712 1394ohci - ok
    17:10:23.0805 4712 [ F4AF97702BAD85BFEF64B9A557F11B6F ] 5U877 C:\Windows\system32\DRIVERS\5U877.sys
    17:10:23.0807 4712 5U877 - ok
    17:10:23.0813 4712 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    17:10:23.0818 4712 ACPI - ok
    17:10:23.0821 4712 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    17:10:23.0822 4712 AcpiPmi - ok
    17:10:23.0828 4712 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    17:10:23.0829 4712 AdobeARMservice - ok
    17:10:23.0852 4712 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    17:10:23.0855 4712 AdobeFlashPlayerUpdateSvc - ok
    17:10:23.0865 4712 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    17:10:23.0871 4712 adp94xx - ok
    17:10:23.0882 4712 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
    17:10:23.0886 4712 adpahci - ok
    17:10:23.0892 4712 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    17:10:23.0897 4712 adpu320 - ok
    17:10:23.0905 4712 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    17:10:23.0906 4712 AeLookupSvc - ok
    17:10:23.0917 4712 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    17:10:23.0922 4712 AFD - ok
    17:10:23.0926 4712 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    17:10:23.0927 4712 agp440 - ok
    17:10:23.0932 4712 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    17:10:23.0934 4712 ALG - ok
    17:10:23.0937 4712 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    17:10:23.0938 4712 aliide - ok
    17:10:23.0942 4712 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    17:10:23.0944 4712 amdide - ok
    17:10:23.0947 4712 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    17:10:23.0949 4712 AmdK8 - ok
    17:10:23.0954 4712 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
    17:10:23.0957 4712 AmdPPM - ok
    17:10:23.0961 4712 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    17:10:23.0963 4712 amdsata - ok
    17:10:23.0971 4712 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    17:10:23.0974 4712 amdsbs - ok
    17:10:23.0980 4712 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    17:10:23.0983 4712 amdxata - ok
    17:10:23.0988 4712 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    17:10:23.0990 4712 AppID - ok
    17:10:23.0993 4712 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    17:10:23.0994 4712 AppIDSvc - ok
    17:10:24.0002 4712 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    17:10:24.0004 4712 Appinfo - ok
    17:10:24.0011 4712 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
    17:10:24.0013 4712 AppMgmt - ok
    17:10:24.0019 4712 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
    17:10:24.0021 4712 arc - ok
    17:10:24.0025 4712 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
    17:10:24.0027 4712 arcsas - ok
    17:10:24.0047 4712 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    17:10:24.0048 4712 aspnet_state - ok
    17:10:24.0052 4712 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    17:10:24.0054 4712 AsyncMac - ok
    17:10:24.0057 4712 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    17:10:24.0058 4712 atapi - ok
    17:10:24.0070 4712 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    17:10:24.0079 4712 AudioEndpointBuilder - ok
    17:10:24.0091 4712 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    17:10:24.0094 4712 AudioSrv - ok
    17:10:24.0100 4712 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    17:10:24.0103 4712 AxInstSV - ok
    17:10:24.0114 4712 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
    17:10:24.0120 4712 b06bdrv - ok
    17:10:24.0127 4712 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    17:10:24.0130 4712 b57nd60a - ok
    17:10:24.0138 4712 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    17:10:24.0139 4712 BDESVC - ok
    17:10:24.0143 4712 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    17:10:24.0144 4712 Beep - ok
    17:10:24.0159 4712 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    17:10:24.0168 4712 BFE - ok
    17:10:24.0183 4712 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    17:10:24.0191 4712 BITS - ok
    17:10:24.0195 4712 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    17:10:24.0197 4712 blbdrive - ok
    17:10:24.0205 4712 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    17:10:24.0207 4712 bowser - ok
    17:10:24.0211 4712 [ 409F3CC53ED16F9813ACA394821C82A5 ] bpenum C:\Windows\system32\DRIVERS\bpenum.sys
    17:10:24.0213 4712 bpenum - ok
    17:10:24.0218 4712 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    17:10:24.0220 4712 BrFiltLo - ok
    17:10:24.0223 4712 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    17:10:24.0224 4712 BrFiltUp - ok
    17:10:24.0229 4712 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    17:10:24.0231 4712 Browser - ok
    17:10:24.0240 4712 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    17:10:24.0243 4712 Brserid - ok
    17:10:24.0247 4712 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    17:10:24.0249 4712 BrSerWdm - ok
    17:10:24.0252 4712 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    17:10:24.0254 4712 BrUsbMdm - ok
    17:10:24.0257 4712 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    17:10:24.0259 4712 BrUsbSer - ok
    17:10:24.0262 4712 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    17:10:24.0264 4712 BTHMODEM - ok
    17:10:24.0272 4712 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    17:10:24.0273 4712 bthserv - ok
    17:10:24.0280 4712 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    17:10:24.0283 4712 cdfs - ok
    17:10:24.0288 4712 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    17:10:24.0291 4712 cdrom - ok
    17:10:24.0295 4712 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    17:10:24.0297 4712 CertPropSvc - ok
    17:10:24.0305 4712 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
    17:10:24.0306 4712 circlass - ok
    17:10:24.0314 4712 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    17:10:24.0318 4712 CLFS - ok
    17:10:24.0323 4712 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    17:10:24.0325 4712 clr_optimization_v2.0.50727_32 - ok
    17:10:24.0330 4712 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    17:10:24.0332 4712 clr_optimization_v2.0.50727_64 - ok
    17:10:24.0341 4712 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    17:10:24.0343 4712 clr_optimization_v4.0.30319_32 - ok
    17:10:24.0348 4712 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    17:10:24.0350 4712 clr_optimization_v4.0.30319_64 - ok
    17:10:24.0354 4712 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    17:10:24.0355 4712 CmBatt - ok
    17:10:24.0360 4712 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    17:10:24.0361 4712 cmdide - ok
    17:10:24.0371 4712 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    17:10:24.0377 4712 CNG - ok
    17:10:24.0396 4712 [ 5BEC441B6B91E874C987C06F98176D90 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
    17:10:24.0413 4712 CnxtHdAudService - ok
    17:10:24.0418 4712 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    17:10:24.0419 4712 Compbatt - ok
    17:10:24.0423 4712 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    17:10:24.0425 4712 CompositeBus - ok
    17:10:24.0428 4712 COMSysApp - ok
    17:10:24.0433 4712 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    17:10:24.0436 4712 crcdisk - ok
    17:10:24.0443 4712 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    17:10:24.0445 4712 CryptSvc - ok
    17:10:24.0458 4712 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
    17:10:24.0465 4712 CSC - ok
    17:10:24.0478 4712 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
    17:10:24.0487 4712 CscService - ok
    17:10:24.0490 4712 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
    17:10:24.0492 4712 CVirtA - ok
    17:10:24.0511 4712 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    17:10:24.0667 4712 CVPND - ok
    17:10:24.0675 4712 [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
    17:10:24.0696 4712 CVPNDRVA - ok
    17:10:24.0705 4712 [ 9D0D050170D47E778B624A28C90F23DE ] CxAudMsg C:\Windows\system32\CxAudMsg64.exe
    17:10:24.0991 4712 CxAudMsg - ok
    17:10:25.0001 4712 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    17:10:25.0007 4712 DcomLaunch - ok
    17:10:25.0014 4712 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    17:10:25.0018 4712 defragsvc - ok
    17:10:25.0023 4712 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    17:10:25.0026 4712 DfsC - ok
    17:10:25.0031 4712 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
    17:10:25.0034 4712 dg_ssudbus - ok
    17:10:25.0042 4712 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    17:10:25.0046 4712 Dhcp - ok
    17:10:25.0053 4712 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    17:10:25.0054 4712 discache - ok
    17:10:25.0059 4712 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
    17:10:25.0061 4712 Disk - ok
    17:10:25.0074 4712 [ DA386F821EEF05F96C38E104FD8004AC ] DMAgent C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    17:10:25.0159 4712 DMAgent - ok
    17:10:25.0164 4712 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
    17:10:25.0165 4712 dmvsc - ok
    17:10:25.0171 4712 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
    17:10:25.0173 4712 DNE - ok
    17:10:25.0179 4712 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    17:10:25.0182 4712 Dnscache - ok
    17:10:25.0189 4712 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    17:10:25.0192 4712 dot3svc - ok
    17:10:25.0198 4712 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    17:10:25.0202 4712 DPS - ok
    17:10:25.0208 4712 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    17:10:25.0209 4712 drmkaud - ok
    17:10:25.0217 4712 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    17:10:25.0220 4712 dtsoftbus01 - ok
    17:10:25.0237 4712 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    17:10:25.0248 4712 DXGKrnl - ok
    17:10:25.0260 4712 [ 03F4C5C12FC1C69F838DA723475EF650 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
    17:10:25.0264 4712 e1cexpress - ok
    17:10:25.0270 4712 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    17:10:25.0272 4712 EapHost - ok
    17:10:25.0308 4712 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
    17:10:25.0340 4712 ebdrv - ok
    17:10:25.0344 4712 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    17:10:25.0346 4712 EFS - ok
    17:10:25.0357 4712 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    17:10:25.0365 4712 elxstor - ok
    17:10:25.0369 4712 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    17:10:25.0370 4712 ErrDev - ok
    17:10:25.0383 4712 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    17:10:25.0388 4712 EventSystem - ok
    17:10:25.0401 4712 [ 6EB16C7286FBCD3AB206743BA813EC48 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    17:10:25.0429 4712 EvtEng - ok
    17:10:25.0438 4712 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    17:10:25.0440 4712 exfat - ok
    17:10:25.0446 4712 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    17:10:25.0450 4712 fastfat - ok
    17:10:25.0461 4712 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    17:10:25.0470 4712 Fax - ok
    17:10:25.0473 4712 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
    17:10:25.0475 4712 fdc - ok
    17:10:25.0479 4712 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    17:10:25.0481 4712 fdPHost - ok
    17:10:25.0485 4712 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    17:10:25.0487 4712 FDResPub - ok
    17:10:25.0491 4712 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    17:10:25.0492 4712 FileInfo - ok
    17:10:25.0495 4712 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    17:10:25.0497 4712 Filetrace - ok
    17:10:25.0504 4712 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
    17:10:25.0506 4712 flpydisk - ok
    17:10:25.0515 4712 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    17:10:25.0518 4712 FltMgr - ok
    17:10:25.0537 4712 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    17:10:25.0549 4712 FontCache - ok
    17:10:25.0555 4712 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    17:10:25.0556 4712 FontCache3.0.0.0 - ok
    17:10:25.0560 4712 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    17:10:25.0562 4712 FsDepends - ok
    17:10:25.0569 4712 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    17:10:25.0570 4712 Fs_Rec - ok
    17:10:25.0576 4712 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    17:10:25.0580 4712 fvevol - ok
    17:10:25.0584 4712 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    17:10:25.0586 4712 gagp30kx - ok
    17:10:25.0598 4712 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    17:10:25.0609 4712 gpsvc - ok
    17:10:25.0614 4712 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    17:10:25.0616 4712 hcw85cir - ok
    17:10:25.0623 4712 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    17:10:25.0627 4712 HdAudAddService - ok
    17:10:25.0634 4712 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    17:10:25.0636 4712 HDAudBus - ok
    17:10:25.0640 4712 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
    17:10:25.0642 4712 HidBatt - ok
    17:10:25.0647 4712 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
    17:10:25.0649 4712 HidBth - ok
    17:10:25.0654 4712 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
    17:10:25.0656 4712 HidIr - ok
    17:10:25.0659 4712 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    17:10:25.0661 4712 hidserv - ok
    17:10:25.0667 4712 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    17:10:25.0668 4712 HidUsb - ok
    17:10:25.0676 4712 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    17:10:25.0678 4712 hkmsvc - ok
    17:10:25.0685 4712 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    17:10:25.0688 4712 HomeGroupListener - ok
    17:10:25.0694 4712 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    17:10:25.0699 4712 HomeGroupProvider - ok
    17:10:25.0703 4712 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    17:10:25.0705 4712 HpSAMD - ok
    17:10:25.0716 4712 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    17:10:25.0726 4712 HTTP - ok
    17:10:25.0730 4712 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    17:10:25.0731 4712 hwpolicy - ok
    17:10:25.0738 4712 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    17:10:25.0740 4712 i8042prt - ok
    17:10:25.0752 4712 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    17:10:25.0757 4712 iaStorV - ok
    17:10:25.0761 4712 [ 22FEF6D8DDC3452EE5EC6FBD9920C74D ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
    17:10:25.0763 4712 IBMPMDRV - ok
    17:10:25.0767 4712 [ 8D61BB5A7D6E08E278C84F852D07D516 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
    17:10:25.0769 4712 IBMPMSVC - ok
    17:10:25.0783 4712 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    17:10:25.0792 4712 idsvc - ok
    17:10:25.0942 4712 [ 978D876A581D57E0DE6437674EB0014D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    17:10:26.0100 4712 igfx - ok
    17:10:26.0109 4712 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    17:10:26.0111 4712 iirsp - ok
    17:10:26.0126 4712 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    17:10:26.0136 4712 IKEEXT - ok
    17:10:26.0142 4712 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    17:10:26.0144 4712 intelide - ok
    17:10:26.0149 4712 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    17:10:26.0152 4712 intelppm - ok
    17:10:26.0156 4712 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    17:10:26.0159 4712 IPBusEnum - ok
    17:10:26.0165 4712 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    17:10:26.0167 4712 IpFilterDriver - ok
    17:10:26.0178 4712 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    17:10:26.0185 4712 iphlpsvc - ok
    17:10:26.0190 4712 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    17:10:26.0191 4712 IPMIDRV - ok
    17:10:26.0197 4712 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    17:10:26.0200 4712 IPNAT - ok
    17:10:26.0207 4712 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    17:10:26.0209 4712 IRENUM - ok
    17:10:26.0212 4712 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    17:10:26.0214 4712 isapnp - ok
    17:10:26.0221 4712 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    17:10:26.0224 4712 iScsiPrt - ok
    17:10:26.0228 4712 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    17:10:26.0231 4712 kbdclass - ok
    17:10:26.0236 4712 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    17:10:26.0237 4712 kbdhid - ok
    17:10:26.0241 4712 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    17:10:26.0242 4712 KeyIso - ok
    17:10:26.0247 4712 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    17:10:26.0249 4712 KSecDD - ok
    17:10:26.0254 4712 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    17:10:26.0257 4712 KSecPkg - ok
    17:10:26.0262 4712 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    17:10:26.0264 4712 ksthunk - ok
    17:10:26.0272 4712 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    17:10:26.0277 4712 KtmRm - ok
    17:10:26.0284 4712 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    17:10:26.0287 4712 LanmanServer - ok
    17:10:26.0292 4712 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    17:10:26.0295 4712 LanmanWorkstation - ok
    17:10:26.0307 4712 [ 340288B3B2EDC8AFD5FF127DF85142A7 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
    17:10:26.0309 4712 LENOVO.MICMUTE - ok
    17:10:26.0313 4712 [ 2B9D8555DC004E240082D18E7725CE20 ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys
    17:10:26.0315 4712 lenovo.smi - ok
    17:10:26.0319 4712 [ F7DE50781DC4D162C1005EB30D98F931 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
    17:10:26.0321 4712 Lenovo.VIRTSCRLSVC - ok
    17:10:26.0326 4712 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    17:10:26.0327 4712 lltdio - ok
    17:10:26.0338 4712 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    17:10:26.0341 4712 lltdsvc - ok
    17:10:26.0347 4712 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    17:10:26.0349 4712 lmhosts - ok
    17:10:26.0354 4712 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    17:10:26.0356 4712 LSI_FC - ok
    17:10:26.0361 4712 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    17:10:26.0365 4712 LSI_SAS - ok
    17:10:26.0369 4712 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
    17:10:26.0371 4712 LSI_SAS2 - ok
    17:10:26.0375 4712 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    17:10:26.0377 4712 LSI_SCSI - ok
    17:10:26.0383 4712 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    17:10:26.0385 4712 luafv - ok
    17:10:26.0389 4712 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
    17:10:26.0390 4712 megasas - ok
    17:10:26.0397 4712 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
    17:10:26.0402 4712 MegaSR - ok
    17:10:26.0408 4712 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    17:10:26.0410 4712 MEIx64 - ok
    17:10:26.0421 4712 Microsoft SharePoint Workspace Audit Service - ok
    17:10:26.0426 4712 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    17:10:26.0428 4712 MMCSS - ok
    17:10:26.0435 4712 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    17:10:26.0436 4712 Modem - ok
    17:10:26.0440 4712 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    17:10:26.0441 4712 monitor - ok
    17:10:26.0445 4712 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    17:10:26.0447 4712 mouclass - ok
    17:10:26.0452 4712 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    17:10:26.0454 4712 mouhid - ok
    17:10:26.0458 4712 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    17:10:26.0460 4712 mountmgr - ok
    17:10:26.0468 4712 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    17:10:26.0470 4712 MpFilter - ok
    17:10:26.0475 4712 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    17:10:26.0477 4712 mpio - ok
    17:10:26.0484 4712 [ 0EBB390B7AEEC45EC061D9870A34FD42 ] MpKsl927113ab c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{33FF4951-7618-4653-AAFD-652A786A71CE}\MpKsl927113ab.sys
    17:10:26.0484 4712 MpKsl927113ab - ok
    17:10:26.0488 4712 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    17:10:26.0490 4712 mpsdrv - ok
    17:10:26.0505 4712 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    17:10:26.0515 4712 MpsSvc - ok
    17:10:26.0520 4712 [ B3FE07D214446BBFD1D91D0723A0AB11 ] MR2012ApplicationService C:\Program Files\Microsoft Dynamics ERP\Management Reporter\2.1\Server\Services\MRServiceHost.exe
    17:10:26.0521 4712 MR2012ApplicationService - ok
    17:10:26.0524 4712 [ B3FE07D214446BBFD1D91D0723A0AB11 ] MR2012ProcessService C:\Program Files\Microsoft Dynamics ERP\Management Reporter\2.1\Server\Services\MRServiceHost.exe
    17:10:26.0525 4712 MR2012ProcessService - ok
    17:10:26.0531 4712 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    17:10:26.0534 4712 MRxDAV - ok
    17:10:26.0539 4712 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    17:10:26.0541 4712 mrxsmb - ok
    17:10:26.0549 4712 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    17:10:26.0553 4712 mrxsmb10 - ok
    17:10:26.0558 4712 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    17:10:26.0560 4712 mrxsmb20 - ok
    17:10:26.0567 4712 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    17:10:26.0568 4712 msahci - ok
    17:10:26.0573 4712 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    17:10:26.0575 4712 msdsm - ok
    17:10:26.0580 4712 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    17:10:26.0583 4712 MSDTC - ok
    17:10:26.0593 4712 [ 0C02096E686E9EB2A3D37DFF9B42D946 ] MsDtsServer100 C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
    17:10:26.0596 4712 MsDtsServer100 - ok
    17:10:26.0603 4712 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    17:10:26.0605 4712 Msfs - ok
    17:10:26.0609 4712 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    17:10:26.0610 4712 mshidkmdf - ok
    17:10:26.0614 4712 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    17:10:26.0615 4712 msisadrv - ok
    17:10:26.0620 4712 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    17:10:26.0623 4712 MSiSCSI - ok
    17:10:26.0625 4712 msiserver - ok
    17:10:26.0633 4712 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    17:10:26.0634 4712 MSKSSRV - ok
    17:10:26.0640 4712 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    17:10:26.0640 4712 MsMpSvc - ok
    17:10:26.0674 4712 [ B0F062A952DA37DA2ED5DFE40F57E9E8 ] msoidsvc C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
    17:10:26.0696 4712 msoidsvc - ok
    17:10:26.0701 4712 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    17:10:26.0702 4712 MSPCLOCK - ok
    17:10:26.0706 4712 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    17:10:26.0707 4712 MSPQM - ok
    17:10:26.0715 4712 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    17:10:26.0719 4712 MsRPC - ok
    17:10:26.0729 4712 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    17:10:26.0730 4712 mssmbios - ok
    17:10:26.0736 4712 [ 6286605FE7C87DDC628E3CE41A15FFA6 ] MSSQLFDLauncher C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
    17:10:26.0738 4712 MSSQLFDLauncher - ok
    17:10:26.0741 4712 MSSQLSERVER - ok
    17:10:26.0748 4712 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
    17:10:26.0750 4712 MSSQLServerADHelper100 - ok
    17:10:26.0755 4712 MSSQLServerOLAPService - ok
    17:10:26.0760 4712 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    17:10:26.0762 4712 MSTEE - ok
    17:10:26.0766 4712 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
    17:10:26.0768 4712 MTConfig - ok
    17:10:26.0772 4712 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    17:10:26.0773 4712 Mup - ok
    17:10:26.0783 4712 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    17:10:26.0790 4712 napagent - ok
    17:10:26.0799 4712 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    17:10:26.0803 4712 NativeWifiP - ok
    17:10:26.0819 4712 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    17:10:26.0831 4712 NDIS - ok
    17:10:26.0835 4712 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
  4. Nathan Dauth

    Nathan Dauth Newcomer, in training Topic Starter Posts: 21

    17:10:26.0836 4712 NdisCap - ok
    17:10:26.0840 4712 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    17:10:26.0841 4712 NdisTapi - ok
    17:10:26.0846 4712 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    17:10:26.0848 4712 Ndisuio - ok
    17:10:26.0855 4712 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    17:10:26.0857 4712 NdisWan - ok
    17:10:26.0862 4712 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    17:10:26.0864 4712 NDProxy - ok
    17:10:26.0868 4712 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    17:10:26.0870 4712 NetBIOS - ok
    17:10:26.0877 4712 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    17:10:26.0880 4712 NetBT - ok
    17:10:26.0884 4712 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    17:10:26.0885 4712 Netlogon - ok
    17:10:26.0894 4712 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    17:10:26.0901 4712 Netman - ok
    17:10:26.0907 4712 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:10:26.0909 4712 NetMsmqActivator - ok
    17:10:26.0913 4712 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:10:26.0914 4712 NetPipeActivator - ok
    17:10:26.0924 4712 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    17:10:26.0932 4712 netprofm - ok
    17:10:26.0936 4712 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:10:26.0937 4712 NetTcpActivator - ok
    17:10:26.0941 4712 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:10:26.0942 4712 NetTcpPortSharing - ok
    17:10:27.0076 4712 [ 219A40EEEA50D638BA9D08680C354A0C ] NETwNs64 C:\Windows\system32\DRIVERS\Netwsw00.sys
    17:10:27.0222 4712 NETwNs64 - ok
    17:10:27.0229 4712 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    17:10:27.0231 4712 nfrd960 - ok
    17:10:27.0236 4712 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    17:10:27.0238 4712 NisDrv - ok
    17:10:27.0246 4712 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
    17:10:27.0250 4712 NisSrv - ok
    17:10:27.0259 4712 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    17:10:27.0265 4712 NlaSvc - ok
    17:10:27.0270 4712 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    17:10:27.0272 4712 Npfs - ok
    17:10:27.0275 4712 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    17:10:27.0277 4712 nsi - ok
    17:10:27.0281 4712 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    17:10:27.0282 4712 nsiproxy - ok
    17:10:27.0306 4712 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    17:10:27.0322 4712 Ntfs - ok
    17:10:27.0328 4712 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    17:10:27.0331 4712 Null - ok
    17:10:27.0337 4712 [ 69FCDECD0215195261EC5362AB4A1520 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
    17:10:27.0339 4712 nusb3hub - ok
    17:10:27.0345 4712 [ F813EA99DA158FB4079622D882873D63 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
    17:10:27.0348 4712 nusb3xhc - ok
    17:10:27.0355 4712 [ C51EF670D03394BEAF0C3F46FD658082 ] nvkflt C:\Windows\system32\DRIVERS\nvkflt.sys
    17:10:27.0358 4712 nvkflt - ok
    17:10:27.0509 4712 [ FB48D71925996ACA512F0B63BCEC80B8 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    17:10:27.0647 4712 nvlddmkm - ok
    17:10:27.0655 4712 [ CC67D12C1B8127B77AAA846264C80F56 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
    17:10:27.0658 4712 nvpciflt - ok
    17:10:27.0665 4712 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    17:10:27.0667 4712 nvraid - ok
    17:10:27.0673 4712 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    17:10:27.0675 4712 nvstor - ok
    17:10:27.0692 4712 [ 3EEF9BB446E6FD0B1AAB02329638A540 ] nvsvc C:\Windows\system32\nvvsvc.exe
    17:10:27.0704 4712 nvsvc - ok
    17:10:27.0710 4712 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    17:10:27.0712 4712 nv_agp - ok
    17:10:27.0717 4712 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    17:10:27.0719 4712 ohci1394 - ok
    17:10:27.0724 4712 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    17:10:27.0727 4712 ose64 - ok
    17:10:27.0784 4712 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    17:10:27.0837 4712 osppsvc - ok
    17:10:27.0849 4712 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    17:10:27.0854 4712 p2pimsvc - ok
    17:10:27.0864 4712 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    17:10:27.0869 4712 p2psvc - ok
    17:10:27.0874 4712 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
    17:10:27.0876 4712 Parport - ok
    17:10:27.0882 4712 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    17:10:27.0883 4712 partmgr - ok
    17:10:27.0890 4712 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    17:10:27.0894 4712 PcaSvc - ok
    17:10:27.0901 4712 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    17:10:27.0904 4712 pci - ok
    17:10:27.0909 4712 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    17:10:27.0911 4712 pciide - ok
    17:10:27.0916 4712 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    17:10:27.0919 4712 pcmcia - ok
    17:10:27.0923 4712 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    17:10:27.0925 4712 pcw - ok
    17:10:27.0938 4712 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    17:10:27.0949 4712 PEAUTH - ok
    17:10:27.0969 4712 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    17:10:27.0985 4712 PeerDistSvc - ok
    17:10:28.0006 4712 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    17:10:28.0007 4712 PerfHost - ok
    17:10:28.0029 4712 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    17:10:28.0044 4712 pla - ok
    17:10:28.0053 4712 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    17:10:28.0060 4712 PlugPlay - ok
    17:10:28.0066 4712 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    17:10:28.0068 4712 PNRPAutoReg - ok
    17:10:28.0075 4712 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    17:10:28.0078 4712 PNRPsvc - ok
    17:10:28.0082 4712 [ 32D374C60778253B81FA76C2FE19E155 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
    17:10:28.0083 4712 Point64 - ok
    17:10:28.0093 4712 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    17:10:28.0101 4712 PolicyAgent - ok
    17:10:28.0110 4712 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    17:10:28.0113 4712 Power - ok
    17:10:28.0118 4712 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    17:10:28.0120 4712 PptpMiniport - ok
    17:10:28.0125 4712 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
    17:10:28.0130 4712 Processor - ok
    17:10:28.0136 4712 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    17:10:28.0139 4712 ProfSvc - ok
    17:10:28.0143 4712 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    17:10:28.0144 4712 ProtectedStorage - ok
    17:10:28.0150 4712 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    17:10:28.0152 4712 Psched - ok
    17:10:28.0170 4712 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    17:10:28.0185 4712 ql2300 - ok
    17:10:28.0190 4712 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    17:10:28.0193 4712 ql40xx - ok
    17:10:28.0203 4712 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    17:10:28.0207 4712 QWAVE - ok
    17:10:28.0212 4712 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    17:10:28.0213 4712 QWAVEdrv - ok
    17:10:28.0216 4712 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    17:10:28.0218 4712 RasAcd - ok
    17:10:28.0222 4712 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    17:10:28.0224 4712 RasAgileVpn - ok
    17:10:28.0229 4712 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    17:10:28.0233 4712 RasAuto - ok
    17:10:28.0237 4712 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    17:10:28.0239 4712 Rasl2tp - ok
    17:10:28.0247 4712 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    17:10:28.0252 4712 RasMan - ok
    17:10:28.0257 4712 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    17:10:28.0261 4712 RasPppoe - ok
    17:10:28.0266 4712 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    17:10:28.0268 4712 RasSstp - ok
    17:10:28.0274 4712 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    17:10:28.0278 4712 rdbss - ok
    17:10:28.0282 4712 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    17:10:28.0283 4712 rdpbus - ok
    17:10:28.0286 4712 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    17:10:28.0287 4712 RDPCDD - ok
    17:10:28.0297 4712 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    17:10:28.0301 4712 RDPDR - ok
    17:10:28.0307 4712 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    17:10:28.0307 4712 RDPENCDD - ok
    17:10:28.0313 4712 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    17:10:28.0313 4712 RDPREFMP - ok
    17:10:28.0319 4712 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
    17:10:28.0320 4712 RdpVideoMiniport - ok
    17:10:28.0326 4712 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    17:10:28.0330 4712 RDPWD - ok
    17:10:28.0336 4712 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    17:10:28.0339 4712 rdyboost - ok
    17:10:28.0345 4712 [ F09087C51C6AE42AE7DABE1EB3E44C17 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    17:10:28.0364 4712 RegSrvc - ok
    17:10:28.0369 4712 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    17:10:28.0371 4712 RemoteAccess - ok
    17:10:28.0377 4712 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    17:10:28.0380 4712 RemoteRegistry - ok
    17:10:28.0410 4712 [ 54E230D1E2D0AB724A5402632784539B ] ReportServer C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
    17:10:28.0431 4712 ReportServer - ok
    17:10:28.0436 4712 [ 5A227511ED22DDFEDF7EF7323C8F7D2F ] risdxc C:\Windows\system32\DRIVERS\risdxc64.sys
    17:10:28.0439 4712 risdxc - ok
    17:10:28.0443 4712 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    17:10:28.0446 4712 RpcEptMapper - ok
    17:10:28.0450 4712 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    17:10:28.0452 4712 RpcLocator - ok
    17:10:28.0460 4712 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    17:10:28.0465 4712 RpcSs - ok
    17:10:28.0473 4712 [ 21EB2B83702285594DE893734A56B008 ] RsFx0102 C:\Windows\system32\DRIVERS\RsFx0102.sys
    17:10:28.0477 4712 RsFx0102 - ok
    17:10:28.0481 4712 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    17:10:28.0483 4712 rspndr - ok
    17:10:28.0487 4712 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    17:10:28.0488 4712 s3cap - ok
    17:10:28.0491 4712 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    17:10:28.0492 4712 SamSs - ok
    17:10:28.0497 4712 SAService - ok
    17:10:28.0506 4712 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    17:10:28.0509 4712 sbp2port - ok
    17:10:28.0515 4712 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    17:10:28.0519 4712 SCardSvr - ok
    17:10:28.0522 4712 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    17:10:28.0523 4712 scfilter - ok
    17:10:28.0541 4712 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    17:10:28.0553 4712 Schedule - ok
    17:10:28.0558 4712 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    17:10:28.0560 4712 SCPolicySvc - ok
    17:10:28.0567 4712 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    17:10:28.0570 4712 SDRSVC - ok
    17:10:28.0574 4712 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    17:10:28.0576 4712 secdrv - ok
    17:10:28.0580 4712 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    17:10:28.0582 4712 seclogon - ok
    17:10:28.0586 4712 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    17:10:28.0588 4712 SENS - ok
    17:10:28.0594 4712 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    17:10:28.0597 4712 SensrSvc - ok
    17:10:28.0604 4712 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    17:10:28.0607 4712 Serenum - ok
    17:10:28.0612 4712 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    17:10:28.0614 4712 Serial - ok
    17:10:28.0617 4712 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    17:10:28.0619 4712 sermouse - ok
    17:10:28.0630 4712 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    17:10:28.0634 4712 SessionEnv - ok
    17:10:28.0637 4712 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    17:10:28.0638 4712 sffdisk - ok
    17:10:28.0642 4712 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    17:10:28.0644 4712 sffp_mmc - ok
    17:10:28.0648 4712 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    17:10:28.0649 4712 sffp_sd - ok
    17:10:28.0653 4712 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    17:10:28.0655 4712 sfloppy - ok
    17:10:28.0662 4712 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    17:10:28.0668 4712 SharedAccess - ok
    17:10:28.0676 4712 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    17:10:28.0681 4712 ShellHWDetection - ok
    17:10:28.0685 4712 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
    17:10:28.0687 4712 SiSRaid2 - ok
    17:10:28.0691 4712 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    17:10:28.0694 4712 SiSRaid4 - ok
    17:10:28.0704 4712 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    17:10:28.0706 4712 SkypeUpdate - ok
    17:10:28.0711 4712 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    17:10:28.0713 4712 Smb - ok
    17:10:28.0717 4712 [ 8B4B5E4C0382D7ECBB48DC989AE20FA6 ] SmbDrvI C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
    17:10:28.0718 4712 SmbDrvI - ok
    17:10:28.0725 4712 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    17:10:28.0729 4712 SNMPTRAP - ok
    17:10:28.0733 4712 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    17:10:28.0735 4712 spldr - ok
    17:10:28.0745 4712 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    17:10:28.0752 4712 Spooler - ok
    17:10:28.0795 4712 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    17:10:28.0838 4712 sppsvc - ok
    17:10:28.0843 4712 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    17:10:28.0845 4712 sppuinotify - ok
    17:10:28.0852 4712 [ 99DE6ACFA5CA83FAD6A765C81C6F129F ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    17:10:28.0856 4712 SQLBrowser - ok
    17:10:28.0866 4712 [ 95F9538A05857307E73348AEAE00C1E0 ] SQLSERVERAGENT C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
    17:10:28.0872 4712 SQLSERVERAGENT - ok
    17:10:28.0879 4712 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    17:10:28.0882 4712 SQLWriter - ok
    17:10:28.0892 4712 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    17:10:28.0899 4712 srv - ok
    17:10:28.0911 4712 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    17:10:28.0916 4712 srv2 - ok
    17:10:28.0921 4712 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    17:10:28.0924 4712 srvnet - ok
    17:10:28.0933 4712 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    17:10:28.0936 4712 SSDPSRV - ok
    17:10:28.0940 4712 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    17:10:28.0944 4712 SstpSvc - ok
    17:10:28.0950 4712 [ 74425FFA11C133D045E1C3BE2EAD481D ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
    17:10:28.0952 4712 ssudmdm - ok
    17:10:28.0960 4712 [ 031D7EA82EC111F9B15B63F2EF1DEE8D ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    17:10:28.0967 4712 Stereo Service - ok
    17:10:28.0971 4712 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
    17:10:28.0972 4712 stexstor - ok
    17:10:28.0984 4712 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    17:10:28.0993 4712 stisvc - ok
    17:10:28.0998 4712 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    17:10:29.0000 4712 storflt - ok
    17:10:29.0007 4712 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
    17:10:29.0009 4712 storvsc - ok
    17:10:29.0013 4712 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    17:10:29.0015 4712 swenum - ok
    17:10:29.0022 4712 [ BA41A448446FDF839A32E27A8DCB7C9D ] SWGVCSvc C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
    17:10:29.0067 4712 SWGVCSvc - ok
    17:10:29.0072 4712 [ 1E036F98E6C780DD7669F516E8BE0CEA ] SWIPsec C:\Windows\system32\Drivers\SWIPsec.sys
    17:10:29.0086 4712 SWIPsec - ok
    17:10:29.0097 4712 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    17:10:29.0106 4712 swprv - ok
    17:10:29.0110 4712 [ DCF11E08A8524B19EC47515C22BE492E ] SWVNIC C:\Windows\system32\DRIVERS\swvnic.sys
    17:10:29.0111 4712 SWVNIC - ok
    17:10:29.0115 4712 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
    17:10:29.0117 4712 Synth3dVsc - ok
    17:10:29.0127 4712 [ 9A17BF37F3B2FB9B686214780E4F8223 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    17:10:29.0133 4712 SynTP - ok
    17:10:29.0154 4712 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    17:10:29.0173 4712 SysMain - ok
    17:10:29.0178 4712 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    17:10:29.0180 4712 TabletInputService - ok
    17:10:29.0188 4712 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    17:10:29.0193 4712 TapiSrv - ok
    17:10:29.0200 4712 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    17:10:29.0204 4712 TBS - ok
    17:10:29.0230 4712 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    17:10:29.0248 4712 Tcpip - ok
    17:10:29.0272 4712 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    17:10:29.0283 4712 TCPIP6 - ok
    17:10:29.0289 4712 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    17:10:29.0293 4712 tcpipreg - ok
    17:10:29.0301 4712 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    17:10:29.0304 4712 TDPIPE - ok
    17:10:29.0309 4712 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    17:10:29.0311 4712 TDTCP - ok
    17:10:29.0315 4712 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    17:10:29.0317 4712 tdx - ok
    17:10:29.0321 4712 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    17:10:29.0323 4712 TermDD - ok
    17:10:29.0330 4712 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys
    17:10:29.0332 4712 terminpt - ok
    17:10:29.0345 4712 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    17:10:29.0354 4712 TermService - ok
    17:10:29.0358 4712 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    17:10:29.0362 4712 Themes - ok
    17:10:29.0367 4712 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    17:10:29.0368 4712 THREADORDER - ok
    17:10:29.0374 4712 [ 83415782D47F8064FCAFEA308ABB2246 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
    17:10:29.0377 4712 TPHKLOAD - ok
    17:10:29.0381 4712 [ C04BB65441913AB621C58A8BD3169B23 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    17:10:29.0383 4712 TPHKSVC - ok
    17:10:29.0388 4712 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
    17:10:29.0391 4712 TPM - ok
    17:10:29.0400 4712 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    17:10:29.0404 4712 TrkWks - ok
    17:10:29.0413 4712 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    17:10:29.0436 4712 TrustedInstaller - ok
    17:10:29.0444 4712 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    17:10:29.0446 4712 tssecsrv - ok
    17:10:29.0450 4712 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    17:10:29.0452 4712 TsUsbFlt - ok
    17:10:29.0457 4712 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
    17:10:29.0459 4712 TsUsbGD - ok
    17:10:29.0465 4712 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
    17:10:29.0468 4712 tsusbhub - ok
    17:10:29.0474 4712 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    17:10:29.0477 4712 tunnel - ok
    17:10:29.0481 4712 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    17:10:29.0482 4712 uagp35 - ok
    17:10:29.0491 4712 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    17:10:29.0496 4712 udfs - ok
    17:10:29.0509 4712 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    17:10:29.0511 4712 UI0Detect - ok
    17:10:29.0516 4712 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    17:10:29.0518 4712 uliagpkx - ok
    17:10:29.0523 4712 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    17:10:29.0525 4712 umbus - ok
    17:10:29.0531 4712 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
    17:10:29.0533 4712 UmPass - ok
    17:10:29.0539 4712 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
    17:10:29.0543 4712 UmRdpService - ok
    17:10:29.0551 4712 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    17:10:29.0557 4712 upnphost - ok
    17:10:29.0564 4712 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    17:10:29.0566 4712 usbccgp - ok
    17:10:29.0571 4712 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    17:10:29.0573 4712 usbcir - ok
    17:10:29.0578 4712 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
    17:10:29.0579 4712 usbehci - ok
    17:10:29.0587 4712 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    17:10:29.0592 4712 usbhub - ok
    17:10:29.0599 4712 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    17:10:29.0602 4712 usbohci - ok
    17:10:29.0606 4712 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
    17:10:29.0607 4712 usbprint - ok
    17:10:29.0612 4712 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
    17:10:29.0614 4712 USBSTOR - ok
    17:10:29.0618 4712 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    17:10:29.0619 4712 usbuhci - ok
    17:10:29.0627 4712 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    17:10:29.0630 4712 usbvideo - ok
    17:10:29.0634 4712 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    17:10:29.0637 4712 UxSms - ok
    17:10:29.0641 4712 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    17:10:29.0642 4712 VaultSvc - ok
    17:10:29.0646 4712 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    17:10:29.0648 4712 vdrvroot - ok
    17:10:29.0659 4712 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    17:10:29.0667 4712 vds - ok
    17:10:29.0670 4712 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    17:10:29.0672 4712 vga - ok
    17:10:29.0676 4712 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    17:10:29.0677 4712 VgaSave - ok
    17:10:29.0680 4712 VGPU - ok
    17:10:29.0687 4712 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    17:10:29.0690 4712 vhdmp - ok
    17:10:29.0696 4712 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    17:10:29.0699 4712 viaide - ok
    17:10:29.0707 4712 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
    17:10:29.0710 4712 vmbus - ok
    17:10:29.0714 4712 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    17:10:29.0715 4712 VMBusHID - ok
    17:10:29.0719 4712 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    17:10:29.0721 4712 volmgr - ok
    17:10:29.0730 4712 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    17:10:29.0734 4712 volmgrx - ok
    17:10:29.0742 4712 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    17:10:29.0745 4712 volsnap - ok
    17:10:29.0751 4712 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    17:10:29.0754 4712 vsmraid - ok
    17:10:29.0777 4712 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    17:10:29.0797 4712 VSS - ok
    17:10:29.0803 4712 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    17:10:29.0804 4712 vwifibus - ok
    17:10:29.0809 4712 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    17:10:29.0811 4712 vwififlt - ok
    17:10:29.0814 4712 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
    17:10:29.0816 4712 vwifimp - ok
    17:10:29.0824 4712 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    17:10:29.0832 4712 W32Time - ok
    17:10:29.0838 4712 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    17:10:29.0839 4712 WacomPen - ok
    17:10:29.0844 4712 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    17:10:29.0846 4712 WANARP - ok
    17:10:29.0850 4712 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    17:10:29.0851 4712 Wanarpv6 - ok
    17:10:29.0870 4712 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    17:10:29.0883 4712 WatAdminSvc - ok
    17:10:29.0907 4712 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    17:10:29.0925 4712 wbengine - ok
    17:10:29.0931 4712 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    17:10:29.0935 4712 WbioSrvc - ok
    17:10:29.0944 4712 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    17:10:29.0951 4712 wcncsvc - ok
    17:10:29.0955 4712 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    17:10:29.0957 4712 WcsPlugInService - ok
    17:10:29.0962 4712 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
    17:10:29.0964 4712 Wd - ok
    17:10:29.0976 4712 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    17:10:29.0985 4712 Wdf01000 - ok
    17:10:29.0991 4712 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    17:10:29.0994 4712 WdiServiceHost - ok
    17:10:29.0997 4712 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    17:10:29.0999 4712 WdiSystemHost - ok
    17:10:30.0006 4712 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    17:10:30.0013 4712 WebClient - ok
    17:10:30.0020 4712 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    17:10:30.0024 4712 Wecsvc - ok
    17:10:30.0028 4712 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    17:10:30.0030 4712 wercplsupport - ok
    17:10:30.0035 4712 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    17:10:30.0037 4712 WerSvc - ok
    17:10:30.0041 4712 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    17:10:30.0043 4712 WfpLwf - ok
    17:10:30.0057 4712 [ 25BDE93A976ECEDF36432E39BD275150 ] WiMAXAppSrv C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    17:10:30.0118 4712 WiMAXAppSrv - ok
    17:10:30.0123 4712 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    17:10:30.0124 4712 WIMMount - ok
    17:10:30.0126 4712 WinDefend - ok
    17:10:30.0134 4712 WinHttpAutoProxySvc - ok
    17:10:30.0146 4712 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    17:10:30.0172 4712 Winmgmt - ok
    17:10:30.0199 4712 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    17:10:30.0224 4712 WinRM - ok
    17:10:30.0232 4712 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
    17:10:30.0234 4712 WinUSB - ok
    17:10:30.0248 4712 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    17:10:30.0257 4712 Wlansvc - ok
    17:10:30.0267 4712 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    17:10:30.0270 4712 WmiAcpi - ok
    17:10:30.0281 4712 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    17:10:30.0301 4712 wmiApSrv - ok
    17:10:30.0304 4712 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    17:10:30.0308 4712 WPCSvc - ok
    17:10:30.0314 4712 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    17:10:30.0317 4712 WPDBusEnum - ok
    17:10:30.0322 4712 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    17:10:30.0324 4712 ws2ifsl - ok
    17:10:30.0328 4712 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    17:10:30.0331 4712 wscsvc - ok
    17:10:30.0334 4712 WSearch - ok
    17:10:30.0367 4712 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    17:10:30.0391 4712 wuauserv - ok
    17:10:30.0397 4712 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    17:10:30.0399 4712 WudfPf - ok
    17:10:30.0405 4712 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    17:10:30.0408 4712 WUDFRd - ok
    17:10:30.0413 4712 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    17:10:30.0415 4712 wudfsvc - ok
    17:10:30.0422 4712 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    17:10:30.0427 4712 WwanSvc - ok
    17:10:30.0464 4712 [ 5BCB1F6CB749B6826BE1C0F16FF2F600 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    17:10:30.0553 4712 ZeroConfigService - ok
    17:10:30.0570 4712 ================ Scan global ===============================
    17:10:30.0575 4712 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    17:10:30.0583 4712 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    17:10:30.0591 4712 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    17:10:30.0597 4712 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    17:10:30.0605 4712 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    17:10:30.0609 4712 [Global] - ok
    17:10:30.0610 4712 ================ Scan MBR ==================================
    17:10:30.0612 4712 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    17:10:30.0612 4712 Suspicious mbr (Forged): \Device\Harddisk0\DR0
    17:10:30.0613 4712 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    17:10:30.0613 4712 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    17:10:30.0614 4712 ================ Scan VBR ==================================
    17:10:30.0616 4712 [ 2AE14AEEFAA2D43C1127127C6621DCC4 ] \Device\Harddisk0\DR0\Partition1
    17:10:30.0617 4712 \Device\Harddisk0\DR0\Partition1 - ok
    17:10:30.0620 4712 [ E057B02D1737EA781240D49D9ADD220E ] \Device\Harddisk0\DR0\Partition2
    17:10:30.0621 4712 \Device\Harddisk0\DR0\Partition2 - ok
    17:10:30.0624 4712 [ 03CA3E1B1C19DE4221647236790EBC88 ] \Device\Harddisk0\DR0\Partition3
    17:10:30.0625 4712 \Device\Harddisk0\DR0\Partition3 - ok
    17:10:30.0625 4712 ============================================================
    17:10:30.0625 4712 Scan finished
    17:10:30.0625 4712 ============================================================
    17:10:30.0633 8104 Detected object count: 1
    17:10:30.0633 8104 Actual detected object count: 1
    17:10:39.0810 8104 \Device\Harddisk0\DR0\# - copied to quarantine
    17:10:39.0826 8104 \Device\Harddisk0\DR0 - copied to quarantine
    17:10:41.0485 8104 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    17:10:41.0513 8104 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    17:10:41.0534 8104 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    17:10:42.0273 8104 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    17:10:42.0290 8104 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    17:10:42.0295 8104 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    17:10:42.0298 8104 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    17:10:42.0447 8104 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    17:10:42.0469 8104 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    17:10:42.0478 8104 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    17:10:42.0481 8104 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    17:10:42.0485 8104 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    17:10:42.0497 8104 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    17:10:42.0498 8104 \Device\Harddisk0\DR0 - ok
    17:10:42.0505 8104 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    17:11:01.0124 8072 Deinitialize success
  5. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    Good :)

    Re-run MBAM and post new log.

    Then....

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  6. Nathan Dauth

    Nathan Dauth Newcomer, in training Topic Starter Posts: 21

    Here's the MBAM report, I'm working on roguekiller now.
  7. Nathan Dauth

    Nathan Dauth Newcomer, in training Topic Starter Posts: 21

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org
    Database version: v2012.10.11.14
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    aliu :: ALVIN-LAPTOP [administrator]
    10/11/2012 5:28:46 PM
    mbam-log-2012-10-11 (17-28-46).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 199225
    Time elapsed: 1 minute(s), 14 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    (end)
  8. Nathan Dauth

    Nathan Dauth Newcomer, in training Topic Starter Posts: 21

    RogueKiller V8.1.1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : aliu [Admin rights]
    Mode : Remove -- Date : 10/12/2012 09:29:04
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 4 ¤¤¤
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    [Del.Parent][FILE] 00000004.@ : C:\$recycle.bin\S-1-5-18\$114f045185919f3ffc3ace6479948bfb\U\00000004.@ --> REMOVED
    [Del.Parent][FILE] 00000008.@ : C:\$recycle.bin\S-1-5-18\$114f045185919f3ffc3ace6479948bfb\U\00000008.@ --> REMOVED
    [Del.Parent][FILE] 000000cb.@ : C:\$recycle.bin\S-1-5-18\$114f045185919f3ffc3ace6479948bfb\U\000000cb.@ --> REMOVED
    [Del.Parent][FILE] 80000000.@ : C:\$recycle.bin\S-1-5-18\$114f045185919f3ffc3ace6479948bfb\U\80000000.@ --> REMOVED
    [Del.Parent][FILE] 80000064.@ : C:\$recycle.bin\S-1-5-18\$114f045185919f3ffc3ace6479948bfb\U\80000064.@ --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$114f045185919f3ffc3ace6479948bfb\U --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1354656034-2485363117-3333568910-1309\$114f045185919f3ffc3ace6479948bfb\U --> REMOVED
    [Del.Parent][FILE] 00000004.@ : C:\$recycle.bin\S-1-5-18\$114f045185919f3ffc3ace6479948bfb\L\00000004.@ --> REMOVED
    [Del.Parent][FILE] 201d3dde : C:\$recycle.bin\S-1-5-18\$114f045185919f3ffc3ace6479948bfb\L\201d3dde --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$114f045185919f3ffc3ace6479948bfb\L --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1354656034-2485363117-3333568910-1309\$114f045185919f3ffc3ace6479948bfb\L --> REMOVED
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ Infection : ZeroAccess ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: INTEL SSDSA2BW160G3L ATA Device +++++
    --- User ---
    [MBR] 2664ec4df2ced356b1f88af412af292b
    [BSP] 51a5da2d6ebaf966b9cc0442d1b3422d : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 135125 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 279810048 | Size: 16000 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
  9. Nathan Dauth

    Nathan Dauth Newcomer, in training Topic Starter Posts: 21

    Here's the final log.

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-12 09:30:43
    -----------------------------
    09:30:43.829 OS Version: Windows x64 6.1.7601 Service Pack 1
    09:30:43.829 Number of processors: 4 586 0x2A07
    09:30:43.829 ComputerName: ALVIN-LAPTOP UserName: aliu
    09:30:44.038 Initialize success
    09:32:38.353 AVAST engine defs: 12101200
    09:53:28.259 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    09:53:28.263 Disk 0 Vendor: INTEL_SSDSA2BW160G3L 4PC1LE05 Size: 152627MB BusType: 11
    09:53:28.266 Disk 0 MBR read successfully
    09:53:28.269 Disk 0 MBR scan
    09:53:28.274 Disk 0 Windows 7 default MBR code
    09:53:28.276 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 2048
    09:53:28.295 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 135125 MB offset 3074048
    09:53:28.314 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16000 MB offset 279810048
    09:53:28.351 Disk 0 scanning C:\Windows\system32\drivers
    09:53:34.117 Service scanning
    09:53:52.904 Modules scanning
    09:53:52.920 Disk 0 trace - called modules:
    09:53:52.924 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    09:53:52.928 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d4b060]
    09:53:52.931 3 CLASSPNP.SYS[fffff8800191f43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004a50060]
    09:53:53.126 AVAST engine scan C:\Windows
    09:53:53.978 AVAST engine scan C:\Windows\system32
    09:56:21.953 AVAST engine scan C:\Windows\system32\drivers
    09:56:28.584 AVAST engine scan C:\Users\Aliu
    09:57:53.448 File: C:\Users\Aliu\AppData\Local\Temp\vytnsc\fdgsiq:wiutjq **INFECTED** Win32:Alureon-AXO [Trj]
    10:01:59.243 AVAST engine scan C:\ProgramData
    10:02:26.713 File: C:\ProgramData\Microsoft\Windows\DRM\8ED5.tmp **INFECTED** Win32:Malware-gen
    10:02:44.390 Scan finished successfully
    10:27:22.930 Disk 0 MBR has been saved successfully to "C:\Users\Aliu\Desktop\MBR.dat"
    10:27:22.969 The log file has been saved successfully to "C:\Users\Aliu\Desktop\aswMBR.txt"
  10. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
  11. Nathan Dauth

    Nathan Dauth Newcomer, in training Topic Starter Posts: 21

    When I go into "repair your computer" in the boot menu, and after I select a language, it does not ask me to choose an OS. Instead it takes me straight to the System Recovery Options, where theres is only one option "Startup Repair." Please advise.
     
  12. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    Let's try something else...

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ==================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  13. Nathan Dauth

    Nathan Dauth Newcomer, in training Topic Starter Posts: 21

    COMBOFIX: (Those files it deleted aren't anything I'm going to miss are they?)

    ComboFix 12-10-12.01 - aliu 10/12/2012 13:08:17.1.4 - x64
    Microsoft Windows 7 Ultimate N 6.1.7601.1.1252.1.1033.18.3978.1647 [GMT -7:00]
    Running from: c:\users\Aliu\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
    c:\programdata\Roaming
    c:\windows\SysWow64\muzapp.exe
    D:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-12 to 2012-10-12 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-12 20:11 . 2012-10-12 20:11 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-10-12 18:43 . 2012-10-12 18:43 -------- d-----w- c:\users\Aliu\AppData\Local\Google
    2012-10-12 18:43 . 2012-10-12 18:43 -------- d-----w- c:\users\Aliu\AppData\Local\Deployment
    2012-10-12 18:43 . 2012-10-12 18:43 -------- d-----w- c:\users\Aliu\AppData\Local\Apps
    2012-10-12 18:34 . 2012-10-12 18:34 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33FF4951-7618-4653-AAFD-652A786A71CE}\offreg.dll
    2012-10-12 00:10 . 2012-10-12 00:10 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-10-11 21:36 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33FF4951-7618-4653-AAFD-652A786A71CE}\mpengine.dll
    2012-10-11 21:17 . 2012-10-11 21:17 -------- d-----w- c:\users\Aliu\AppData\Roaming\Malwarebytes
    2012-10-11 21:17 . 2012-10-11 21:17 -------- d-----w- c:\programdata\Malwarebytes
    2012-10-11 21:17 . 2012-10-11 21:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-10-11 21:17 . 2012-09-08 00:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-11 21:14 . 2012-10-11 21:14 -------- d-----w- c:\users\Aliu\AppData\Roaming\DAEMON Tools Lite
    2012-10-11 20:39 . 2012-10-11 20:39 972192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4605B198-7224-4C4F-BE49-CCCA7084A801}\gapaengine.dll
    2012-10-11 20:36 . 2012-10-11 20:36 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-10-11 20:36 . 2012-10-11 20:36 -------- d-----w- c:\program files\Microsoft Security Client
    2012-10-11 17:33 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E8039718-9CCD-414D-B6EB-FD80FC8E220D}\mpengine.dll
    2012-10-10 16:31 . 2012-10-10 16:31 -------- d-----w- c:\program files (x86)\Citrix
    2012-10-09 23:18 . 2012-10-09 23:18 5632 ----a-w- c:\programdata\Microsoft\Windows\DRM\8ED5.tmp
    2012-10-09 23:18 . 2012-10-09 23:18 5632 ----a-w- c:\programdata\Microsoft\Windows\DRM\8ED4.tmp
    2012-10-09 21:46 . 2012-10-09 21:46 -------- d-----w- c:\windows\SysWow64\%APPDATA%
    2012-10-08 20:55 . 2012-10-08 20:55 -------- d-----w- c:\users\Aliu\AppData\Local\Cisco
    2012-10-08 20:49 . 2012-10-08 20:49 -------- d-----w- c:\programdata\Cisco
    2012-10-05 01:50 . 2012-10-05 01:50 -------- d-----w- c:\program files\Microsoft Lync
    2012-10-05 01:50 . 2012-10-05 01:50 -------- d-----w- c:\program files (x86)\Microsoft Lync
    2012-10-05 01:48 . 2012-10-12 18:34 -------- d-----w- c:\users\Aliu\Tracing
    2012-10-05 01:48 . 2012-10-05 01:48 -------- d-----w- c:\program files (x86)\OCSetup
    2012-10-02 03:03 . 2012-10-02 03:05 -------- d-----w- c:\users\Aliu\AppData\Roaming\Ventrilo
    2012-09-28 21:29 . 2012-09-28 21:29 -------- d-----w- c:\users\Aliu\VSWebCache
    2012-09-28 03:04 . 2012-09-28 03:04 -------- d-----w- c:\program files\Ventrilo
    2012-09-28 03:04 . 2012-09-28 03:04 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
    2012-09-26 22:09 . 2012-09-26 22:09 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-09-26 19:01 . 2012-10-11 17:32 -------- d-----w- c:\program files (x86)\af0.net
    2012-09-26 16:20 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    2012-09-24 20:43 . 2012-10-11 20:19 -------- d-----w- c:\program files (x86)\World of Warcraft
    2012-09-24 20:43 . 2012-09-24 20:43 -------- d-----w- c:\programdata\Blizzard Entertainment
    2012-09-24 20:43 . 2012-09-24 20:43 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
    2012-09-24 20:42 . 2012-09-24 20:42 -------- d-----w- c:\programdata\Battle.net
    2012-09-24 17:39 . 2012-09-24 17:39 -------- d-----w- c:\users\Aliu\AppData\Roaming\Microsoft Business Solutions
    2012-09-19 23:20 . 2012-09-19 23:20 -------- d-----w- c:\users\Aliu\AppData\Local\IsolatedStorage
    2012-09-19 17:02 . 2012-09-19 17:02 102368 ----a-w- c:\windows\system32\drivers\ssudbus.sys
    2012-09-18 23:46 . 2012-09-18 23:48 -------- d-----w- c:\users\Aliu\AppData\Roaming\vlc
    2012-09-18 23:46 . 2012-09-18 23:46 -------- d-----w- c:\program files\VideoLAN
    2012-09-18 19:46 . 2012-09-18 19:46 -------- d-----w- c:\users\Aliu\AppData\Roaming\SonicWALL
    2012-09-18 19:46 . 2009-03-06 06:51 99352 ----a-w- c:\windows\system32\drivers\SWIPsec.sys
    2012-09-18 19:46 . 2012-09-18 19:46 -------- d-----w- c:\program files\SonicWALL
    2012-09-18 00:37 . 2012-09-18 00:37 -------- d-----w- c:\program files\Common Files\Deterministic Networks
    2012-09-18 00:37 . 2012-09-18 00:37 -------- d-----w- c:\program files (x86)\Cisco Systems
    2012-09-17 18:02 . 2012-09-17 18:02 -------- d-----w- c:\users\Aliu\AppData\Local\Microsoft Games
    2012-09-15 17:07 . 2012-09-15 17:07 -------- d-----w- c:\users\Aliu\AppData\Local\Bomgar
    2012-09-14 23:31 . 2012-09-14 23:31 -------- d-----w- c:\program files (x86)\Common Files\Adobe
    2012-09-14 23:29 . 2012-09-14 23:29 -------- d-----w- c:\windows\system32\appmgmt
    2012-09-14 02:14 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
    2012-09-14 02:14 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
    2012-09-14 02:14 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
    2012-09-12 20:45 . 2012-09-12 20:45 -------- d-----w- c:\users\Aliu\AppData\Local\Diagnostics
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-11 19:38 . 2012-09-10 16:34 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-11 19:38 . 2012-09-10 16:34 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-05 01:56 . 2010-07-20 12:09 18208 ----a-w- c:\programdata\Microsoft\MSOIdentityCRL\production\msoidconfig.dll
    2012-09-10 02:22 . 2012-09-10 02:22 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
    2012-09-10 01:05 . 2012-09-10 01:05 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2012-09-09 23:06 . 2012-09-09 23:06 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-09-09 23:06 . 2012-09-09 23:06 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-09-09 23:06 . 2012-09-09 23:06 89088 ----a-w- c:\windows\system32\ie4uinit.exe
    2012-09-09 23:06 . 2012-09-09 23:06 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2012-09-09 23:06 . 2012-09-09 23:06 85504 ----a-w- c:\windows\system32\iesetup.dll
    2012-09-09 23:06 . 2012-09-09 23:06 82432 ----a-w- c:\windows\system32\icardie.dll
    2012-09-09 23:06 . 2012-09-09 23:06 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-09-09 23:06 . 2012-09-09 23:06 76800 ----a-w- c:\windows\system32\tdc.ocx
    2012-09-09 23:06 . 2012-09-09 23:06 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-09-09 23:06 . 2012-09-09 23:06 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2012-09-09 23:06 . 2012-09-09 23:06 65024 ----a-w- c:\windows\system32\pngfilt.dll
    2012-09-09 23:06 . 2012-09-09 23:06 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2012-09-09 23:06 . 2012-09-09 23:06 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
    2012-09-09 23:06 . 2012-09-09 23:06 534528 ----a-w- c:\windows\system32\ieapfltr.dll
    2012-09-09 23:06 . 2012-09-09 23:06 49664 ----a-w- c:\windows\system32\imgutil.dll
    2012-09-09 23:06 . 2012-09-09 23:06 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2012-09-09 23:06 . 2012-09-09 23:06 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2012-09-09 23:06 . 2012-09-09 23:06 452608 ----a-w- c:\windows\system32\dxtmsft.dll
    2012-09-09 23:06 . 2012-09-09 23:06 448512 ----a-w- c:\windows\system32\html.iec
    2012-09-09 23:06 . 2012-09-09 23:06 403248 ----a-w- c:\windows\system32\iedkcs32.dll
    2012-09-09 23:06 . 2012-09-09 23:06 39936 ----a-w- c:\windows\system32\iernonce.dll
    2012-09-09 23:06 . 2012-09-09 23:06 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
    2012-09-09 23:06 . 2012-09-09 23:06 367104 ----a-w- c:\windows\SysWow64\html.iec
    2012-09-09 23:06 . 2012-09-09 23:06 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2012-09-09 23:06 . 2012-09-09 23:06 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2012-09-09 23:06 . 2012-09-09 23:06 282112 ----a-w- c:\windows\system32\dxtrans.dll
    2012-09-09 23:06 . 2012-09-09 23:06 267776 ----a-w- c:\windows\system32\ieaksie.dll
    2012-09-09 23:06 . 2012-09-09 23:06 249344 ----a-w- c:\windows\system32\webcheck.dll
    2012-09-09 23:06 . 2012-09-09 23:06 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2012-09-09 23:06 . 2012-09-09 23:06 222208 ----a-w- c:\windows\system32\msls31.dll
    2012-09-09 23:06 . 2012-09-09 23:06 197120 ----a-w- c:\windows\system32\msrating.dll
    2012-09-09 23:06 . 2012-09-09 23:06 165888 ----a-w- c:\windows\system32\iexpress.exe
    2012-09-09 23:06 . 2012-09-09 23:06 163840 ----a-w- c:\windows\system32\ieakui.dll
    2012-09-09 23:06 . 2012-09-09 23:06 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2012-09-09 23:06 . 2012-09-09 23:06 160256 ----a-w- c:\windows\system32\wextract.exe
    2012-09-09 23:06 . 2012-09-09 23:06 160256 ----a-w- c:\windows\system32\ieakeng.dll
    2012-09-09 23:06 . 2012-09-09 23:06 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2012-09-09 23:06 . 2012-09-09 23:06 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2012-09-09 23:06 . 2012-09-09 23:06 149504 ----a-w- c:\windows\system32\occache.dll
    2012-09-09 23:06 . 2012-09-09 23:06 145920 ----a-w- c:\windows\system32\iepeers.dll
    2012-09-09 23:06 . 2012-09-09 23:06 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-09-09 23:06 . 2012-09-09 23:06 12288 ----a-w- c:\windows\system32\mshta.exe
    2012-09-09 23:06 . 2012-09-09 23:06 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2012-09-09 23:06 . 2012-09-09 23:06 114176 ----a-w- c:\windows\system32\admparse.dll
    2012-09-09 23:06 . 2012-09-09 23:06 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2012-09-09 23:06 . 2012-09-09 23:06 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2012-09-09 23:06 . 2012-09-09 23:06 10752 ----a-w- c:\windows\system32\msfeedssync.exe
    2012-09-09 23:06 . 2012-09-09 23:06 103936 ----a-w- c:\windows\system32\inseng.dll
    2012-09-09 23:06 . 2012-09-09 23:06 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2012-08-31 05:03 . 2012-08-31 05:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2012-08-31 05:03 . 2012-08-31 05:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    2012-08-28 17:05 . 2012-09-12 18:08 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
    2012-08-28 17:04 . 2012-08-28 17:04 90112 ----a-w- c:\windows\MAMCityDownload.ocx
    2012-08-28 17:04 . 2012-08-28 17:04 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
    2012-08-28 17:04 . 2012-08-28 17:04 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
    2012-08-28 17:04 . 2012-08-28 17:04 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
    2012-08-28 17:04 . 2012-08-28 17:04 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
    2012-08-28 17:04 . 2012-08-28 17:04 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
    2012-08-28 17:04 . 2012-08-28 17:04 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
    2012-08-28 17:04 . 2012-08-28 17:04 330240 ----a-w- c:\windows\MASetupCaller.dll
    2012-08-28 17:04 . 2012-08-28 17:04 30568 ----a-w- c:\windows\MusiccityDownload.exe
    2012-08-28 17:04 . 2012-08-28 17:04 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
    2012-08-28 17:04 . 2012-08-28 17:04 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
    2012-08-28 17:04 . 2012-08-28 17:04 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
    2012-08-28 17:04 . 2012-08-28 17:04 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
    2012-08-28 17:04 . 2012-08-28 17:04 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
    2012-08-28 17:04 . 2012-08-28 17:04 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
    2012-08-28 17:04 . 2012-09-12 18:05 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
    2012-08-28 17:04 . 2012-08-28 17:04 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
    2012-08-28 17:04 . 2012-08-28 17:04 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
    2012-08-28 17:04 . 2012-08-28 17:04 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
    2012-08-28 17:04 . 2012-08-28 17:04 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
    2012-08-28 17:04 . 2012-08-28 17:04 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
    2012-08-28 17:04 . 2012-08-28 17:04 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
    2012-08-28 17:04 . 2012-08-28 17:04 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
    2012-08-28 17:04 . 2012-08-28 17:04 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
    2012-08-28 17:04 . 2012-08-28 17:04 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
    2012-08-28 17:04 . 2012-08-28 17:04 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
    2012-08-28 17:04 . 2012-08-28 17:04 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
    2012-08-28 17:04 . 2012-08-28 17:04 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
    2012-08-28 17:04 . 2012-08-28 17:04 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
    2012-08-22 18:12 . 2012-09-12 16:33 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-08-22 18:12 . 2012-09-12 16:33 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-08-22 18:12 . 2012-09-12 16:33 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-08-22 18:12 . 2012-09-12 16:33 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-02 17:58 . 2012-09-12 16:33 574464 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-08-02 16:57 . 2012-09-12 16:33 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    2012-07-31 10:42 . 2012-09-12 18:11 203104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
    2012-07-30 20:32 . 2012-07-30 20:32 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
    2012-07-18 18:15 . 2012-09-10 16:42 3148800 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-08-31 964024]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
    "RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
    "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-08-31 3524536]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2012-06-12 12099672]
    .
    c:\users\Aliu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 245120]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R1 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\Drivers\SWIPsec.sys [2009-03-06 99352]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-11 250808]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-19 102368]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-31 203104]
    R3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\DRIVERS\swvnic.sys [2009-03-05 24600]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-12 1255736]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 61976]
    R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 314904]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-03-08 28992]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-10 283200]
    S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
    S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-03-08 249152]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-17 198784]
    S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2011-12-27 514048]
    S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
    S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
    S2 MR2012ApplicationService;Management Reporter 2012 Application Service;c:\program files\Microsoft Dynamics ERP\Management Reporter\2.1\Server\Services\MRServiceHost.exe [2012-07-24 19544]
    S2 MR2012ProcessService;Management Reporter 2012 Process Service;c:\program files\Microsoft Dynamics ERP\Management Reporter\2.1\Server\Services\MRServiceHost.exe [2012-07-24 19544]
    S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2008-07-10 214040]
    S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2010-08-17 2024864]
    S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2008-07-10 2045464]
    S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2011-05-26 101888]
    S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-03-07 382272]
    S2 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2009-03-06 284696]
    S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
    S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
    S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2011-12-27 979456]
    S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-06-25 3325232]
    S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-03-05 166016]
    S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-12-02 84480]
    S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2012-01-11 360624]
    S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
    S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-07-10 34840]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\Netwsw00.sys [2012-06-03 11499008]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2012-05-10 97792]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2012-05-10 217600]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
    S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2012-07-06 27960]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-12 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-10 19:38]
    .
    2012-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1354656034-2485363117-3333568910-1309Core.job
    - c:\users\Aliu\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-12 18:43]
    .
    2012-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1354656034-2485363117-3333568910-1309UA.job
    - c:\users\Aliu\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-12 18:43]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
    "IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
    "ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-14 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-14 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-14 416024]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.100.106 192.168.100.115
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
    SafeBoot-74655954.sys
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MR2012ApplicationService]
    "ImagePath"="\"c:\program files\Microsoft Dynamics ERP\Management Reporter\2.1\Server\Services\MRServiceHost.exe\" /s: /sn:ApplicationService"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MR2012ProcessService]
    "ImagePath"="\"c:\program files\Microsoft Dynamics ERP\Management Reporter\2.1\Server\Services\MRServiceHost.exe\" /s: /sn:processService"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-10-12 13:12:36
    ComboFix-quarantined-files.txt 2012-10-12 20:12
    .
    Pre-Run: 57,935,130,624 bytes free
    Post-Run: 58,861,600,768 bytes free
    .
    - - End Of File - - 126C90CCCB14B19757F14294AAF5F1D7
  14. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    Looks good :)

    How is computer doing?

    ==========================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  15. Nathan Dauth

    Nathan Dauth Newcomer, in training Topic Starter Posts: 21

    OTL.txt

    OTL logfile created on: 10/12/2012 4:21:31 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Aliu\Desktop
    64bit- Ultimate Edition N Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.88 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 47.87% Memory free
    7.77 Gb Paging File | 5.20 Gb Available in Paging File | 67.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 131.96 Gb Total Space | 54.86 Gb Free Space | 41.58% Space Free | Partition Type: NTFS
    Drive D: | 15.62 Gb Total Space | 5.58 Gb Free Space | 35.73% Space Free | Partition Type: NTFS
    Drive G: | 313.26 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: ALVIN-LAPTOP | User Name: aliu | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/12 16:19:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Aliu\Desktop\OTL.exe
    PRC - [2012/10/11 12:38:22 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
    PRC - [2012/08/31 09:52:14 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    PRC - [2012/08/31 09:52:12 | 000,964,024 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
    PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/07/27 03:07:46 | 000,879,800 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    PRC - [2012/07/27 03:05:02 | 000,380,088 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    PRC - [2012/07/26 18:17:56 | 001,374,112 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
    PRC - [2012/07/18 16:10:04 | 000,052,192 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
    PRC - [2012/06/11 21:01:32 | 012,099,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Lync\communicator.exe
    PRC - [2012/03/07 15:01:08 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2011/11/04 15:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    PRC - [2011/09/16 14:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    PRC - [2011/07/12 17:17:04 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
    PRC - [2011/07/12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
    PRC - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
    PRC - [2010/11/20 20:24:47 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    PRC - [2010/11/18 13:47:52 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
    PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/09/12 13:08:54 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll
    MOD - [2012/09/12 13:08:47 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\63bc6e391de5014965039e100ce1e9d5\System.Runtime.Remoting.ni.dll
    MOD - [2012/09/12 13:08:25 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
    MOD - [2012/09/12 11:58:06 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/09/12 11:57:48 | 012,549,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\da08652740e99059522e994b7b420f39\System.Windows.Forms.ni.dll
    MOD - [2012/09/12 11:57:43 | 001,595,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a4007b2b168a660d6427d05247344a98\System.Drawing.ni.dll
    MOD - [2012/09/12 11:57:35 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2012/09/12 11:44:30 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
    MOD - [2012/09/12 11:44:21 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
    MOD - [2012/09/12 11:44:13 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
    MOD - [2012/09/12 11:42:36 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
    MOD - [2012/09/12 11:42:33 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
    MOD - [2012/09/12 11:42:29 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll
    MOD - [2012/09/12 11:42:28 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
    MOD - [2012/09/12 11:40:57 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
    MOD - [2012/03/07 18:42:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
    MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2012/07/24 13:47:08 | 000,019,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Dynamics ERP\Management Reporter\2.1\Server\Services\MRServiceHost.exe -- (MR2012ProcessService)
    SRV:64bit: - [2012/07/24 13:47:08 | 000,019,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Dynamics ERP\Management Reporter\2.1\Server\Services\MRServiceHost.exe -- (MR2012ApplicationService)
    SRV:64bit: - [2012/06/25 16:06:30 | 003,325,232 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
    SRV:64bit: - [2012/06/25 16:05:54 | 000,628,016 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2012/06/25 16:05:28 | 000,149,296 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2012/04/11 16:27:06 | 000,047,440 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
    SRV:64bit: - [2011/12/27 14:24:08 | 000,514,048 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
    SRV:64bit: - [2011/12/27 14:18:34 | 000,979,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
    SRV:64bit: - [2011/07/12 16:53:58 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
    SRV:64bit: - [2011/07/12 16:53:40 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
    SRV:64bit: - [2011/07/12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
    SRV:64bit: - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
    SRV:64bit: - [2010/12/17 05:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2009/03/05 23:51:34 | 000,284,696 | ---- | M] (SonicWALL, Inc.) [Auto | Running] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe -- (SWGVCSvc)
    SRV - [2012/10/11 12:38:22 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/03/07 15:01:08 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2010/11/18 13:47:52 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
    SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/09/19 10:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
    DRV:64bit: - [2012/09/09 18:05:48 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/07/31 03:42:48 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
    DRV:64bit: - [2012/07/05 21:43:24 | 000,443,192 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2012/07/05 21:43:24 | 000,027,960 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
    DRV:64bit: - [2012/06/26 21:38:30 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2012/06/05 18:40:42 | 001,580,704 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
    DRV:64bit: - [2012/06/03 08:33:44 | 011,499,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
    DRV:64bit: - [2012/05/10 16:33:56 | 000,217,600 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2012/05/10 16:33:54 | 000,097,792 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2012/04/25 08:03:30 | 000,093,272 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
    DRV:64bit: - [2012/04/11 16:27:04 | 000,042,280 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
    DRV:64bit: - [2012/03/07 18:42:00 | 000,249,152 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt)
    DRV:64bit: - [2012/03/07 18:42:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/01/11 12:30:58 | 000,360,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
    DRV:64bit: - [2011/12/01 17:37:48 | 000,084,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
    DRV:64bit: - [2011/09/26 02:40:28 | 012,309,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/05/25 17:23:00 | 000,101,888 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/03/04 18:18:42 | 000,166,016 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
    DRV:64bit: - [2010/11/20 20:25:08 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/11/20 20:25:00 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 20:24:16 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
    DRV:64bit: - [2010/11/20 20:24:16 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
    DRV:64bit: - [2010/11/20 20:24:16 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
    DRV:64bit: - [2010/11/20 20:24:15 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 20:24:15 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010/11/20 20:24:14 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/09/07 14:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
    DRV:64bit: - [2010/03/23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
    DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 16:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/03/05 23:51:50 | 000,099,352 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SWIPsec.sys -- (SWIPsec)
    DRV:64bit: - [2009/03/04 18:03:32 | 000,024,600 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWVNIC.sys -- (SWVNIC)
    DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
    DRV:64bit: - [2008/07/10 05:25:42 | 000,314,904 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0102.sys -- (RsFx0102)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1354656034-2485363117-3333568910-1309\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-1354656034-2485363117-3333568910-1309\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-1354656034-2485363117-3333568910-1309\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9B F0 99 D2 77 8F CD 01 [binary data]
    IE - HKU\S-1-5-21-1354656034-2485363117-3333568910-1309\..\SearchScopes,DefaultScope = {B465499A-915C-41E3-8B15-09B774EB0A31}
    IE - HKU\S-1-5-21-1354656034-2485363117-3333568910-1309\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1354656034-2485363117-3333568910-1309\..\SearchScopes\{B465499A-915C-41E3-8B15-09B774EB0A31}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-1354656034-2485363117-3333568910-1309\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20120918-0402: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Aliu\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Aliu\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Aliu\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Aliu\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)


    [2012/06/11 20:59:16 | 000,031,848 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

    O1 HOSTS File: ([2012/10/12 13:11:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
    O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
    O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
    O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
    O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe ()
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
    O4 - HKLM..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" File not found
    O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
    O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
    O4 - HKU\S-1-5-21-1354656034-2485363117-3333568910-1309..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-1354656034-2485363117-3333568910-1309..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
    O4 - Startup: C:\Users\Aliu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1354656034-2485363117-3333568910-1309\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1354656034-2485363117-3333568910-1309\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.106 192.168.100.115
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dm.int
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EB251FE-37B1-4AA5-BC07-DEAE96051880}: DhcpNameServer = 192.168.100.106 192.168.100.115
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
    O18:64bit: - Protocol\Filter\ica - No CLSID value found
    O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
    O20 - AppInit_DLLs: (C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll) - C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O30:64bit: - LSA: Security Packages - (msoidssp) - C:\Windows\SysNative\msoidssp.dll (Microsoft Corp.)
    O30 - LSA: Security Packages - (msoidssp) - C:\Windows\SysWow64\msoidssp.dll (Microsoft Corp.)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
  16. Nathan Dauth

    Nathan Dauth Newcomer, in training Topic Starter Posts: 21

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/12 16:19:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Aliu\Desktop\OTL.exe
    [2012/10/12 16:02:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/10/12 13:46:52 | 000,000,000 | ---D | C] -- C:\Users\Aliu\AppData\Roaming\ICAClient
    [2012/10/12 13:46:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
    [2012/10/12 13:46:40 | 000,000,000 | ---D | C] -- C:\Users\Aliu\AppData\Local\Citrix
    [2012/10/12 13:46:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Citrix
    [2012/10/12 13:12:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/10/12 13:07:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/10/12 13:07:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/10/12 13:07:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/10/12 13:07:39 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/12 13:07:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/10/12 13:05:20 | 004,771,502 | R--- | C] (Swearware) -- C:\Users\Aliu\Desktop\ComboFix.exe
    [2012/10/12 11:43:47 | 000,000,000 | ---D | C] -- C:\Users\Aliu\AppData\Roaming\Mozilla
    [2012/10/12 11:43:24 | 000,000,000 | ---D | C] -- C:\Users\Aliu\AppData\Local\Google
    [2012/10/12 11:43:14 | 000,000,000 | ---D | C] -- C:\Users\Aliu\AppData\Local\Deployment
    [2012/10/12 11:43:14 | 000,000,000 | ---D | C] -- C:\Users\Aliu\AppData\Local\Apps
    [2012/10/12 09:30:30 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Aliu\Desktop\aswMBR.exe
    [2012/10/12 09:28:21 | 000,000,000 | ---D | C] -- C:\Users\Aliu\Desktop\RK_Quarantine
    [2012/10/11 17:10:39 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/10/11 17:10:05 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Aliu\Desktop\TDSSKiller.exe
    [2012/10/11 14:35:18 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Aliu\Desktop\dds.com
    [2012/10/11 14:17:37 | 000,000,000 | ---D | C] -- C:\Users\Aliu\AppData\Roaming\Malwarebytes
    [2012/10/11 14:17:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/10/11 14:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/10/11 14:17:20 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/10/11 14:17:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/10/11 14:16:10 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Aliu\Desktop\mbam-setup-1.65.0.1400.exe
    [2012/10/11 14:14:53 | 000,000,000 | ---D | C] -- C:\Users\Aliu\AppData\Roaming\DAEMON Tools Lite
    [2012/10/11 13:36:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/10/11 13:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/10/10 09:31:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
    [2012/10/09 14:46:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\%APPDATA%
    [2012/10/08 13:55:31 | 000,000,000 | ---D | C] -- C:\Users\Aliu\AppData\Local\Cisco
    [2012/10/08 13:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
    [2012/10/04 18:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Lync
    [2012/10/04 18:50:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/10/04 18:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Lync
    [2012/10/04 18:50:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Lync
    [2012/10/04 18:48:24 | 000,000,000 | ---D | C] -- C:\Users\Aliu\Tracing
    [2012/10/04 18:48:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OCSetup
    [2012/10/03 15:24:13 | 000,000,000 | R--D | C] -- C:\Users\Aliu\Documents\DM FTP server
    [2012/10/01 20:03:47 | 000,000,000 | ---D | C] -- C:\Users\Aliu\AppData\Roaming\Ventrilo
    [2012/09/28 14:29:03 | 000,000,000 | ---D | C] -- C:\Users\Aliu\VSWebCache
    [2012/09/27 20:04:55 | 000,000,000 | ---D | C] -- C:\Users\Aliu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo
    [2012/09/27 20:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
    [2012/09/27 20:04:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    [2012/09/26 15:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2012/09/26 12:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\af0.net
    [2012/09/24 13:57:44 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2012/09/24 13:43:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
    [2012/09/24 13:43:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
    [2012/09/24 13:43:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
    [2012/09/24 13:43:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
    [2012/09/24 13:42:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
    [2012/09/24 10:39:59 | 000,000,000 | ---D | C] -- C:\Users\Aliu\AppData\Roaming\Microsoft Business Solutions
    [2012/09/20 18:10:08 | 000,000,000 | ---D | C] -- C:\Users\Aliu\Documents\Client Documents
    [2012/09/19 16:20:47 | 000,000,000 | ---D | C] -- C:\Users\Aliu\AppData\Local\IsolatedStorage
    [2012/09/19 10:02:08 | 000,102,368 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
    [2012/09/18 16:46:50 | 000,000,000 | ---D | C] -- C:\Users\Aliu\AppData\Roaming\vlc
    [2012/09/18 16:46:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2012/09/18 16:46:12 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
    [2012/09/18 12:46:31 | 000,000,000 | ---D | C] -- C:\Users\Aliu\AppData\Roaming\SonicWALL
    [2012/09/18 12:46:16 | 000,099,352 | ---- | C] (SonicWALL, Inc.) -- C:\Windows\SysNative\drivers\SWIPsec.sys
    [2012/09/18 12:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\SonicWALL
    [2012/09/17 17:37:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks
    [2012/09/17 17:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client
    [2012/09/17 17:37:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
    [2012/09/17 11:02:28 | 000,000,000 | ---D | C] -- C:\Users\Aliu\AppData\Local\Microsoft Games
    [2012/09/15 10:07:58 | 000,000,000 | ---D | C] -- C:\Users\Aliu\AppData\Local\Bomgar
    [2012/09/14 16:31:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
    [2012/09/14 16:31:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
    [2012/09/14 16:29:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
    [2012/09/13 13:51:09 | 000,000,000 | ---D | C] -- C:\Users\Aliu\Documents\GP Reference

    ========== Files - Modified Within 30 Days ==========

    [2012/10/12 16:19:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Aliu\Desktop\OTL.exe
    [2012/10/12 16:15:17 | 000,001,266 | ---- | M] () -- C:\Users\Aliu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    [2012/10/12 16:10:09 | 000,020,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/12 16:10:09 | 000,020,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/12 16:06:57 | 000,934,244 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/10/12 16:06:57 | 000,767,998 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/10/12 16:06:57 | 000,164,002 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/10/12 16:02:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/10/12 16:02:34 | 3128,610,816 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/12 15:53:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1354656034-2485363117-3333568910-1309UA.job
    [2012/10/12 15:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/10/12 13:11:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/10/12 13:05:26 | 004,771,502 | R--- | M] (Swearware) -- C:\Users\Aliu\Desktop\ComboFix.exe
    [2012/10/12 11:53:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1354656034-2485363117-3333568910-1309Core.job
    [2012/10/12 11:28:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2012/10/12 10:27:22 | 000,000,512 | ---- | M] () -- C:\Users\Aliu\Desktop\MBR.dat
    [2012/10/12 09:30:34 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Aliu\Desktop\aswMBR.exe
    [2012/10/12 09:27:56 | 001,422,336 | ---- | M] () -- C:\Users\Aliu\Desktop\RogueKiller.exe
    [2012/10/11 17:09:45 | 002,193,278 | ---- | M] () -- C:\Users\Aliu\Desktop\tdsskiller.zip
    [2012/10/11 14:35:18 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Aliu\Desktop\dds.com
    [2012/10/11 14:29:15 | 000,302,592 | ---- | M] () -- C:\Users\Aliu\Desktop\qkijjpqn.exe
    [2012/10/11 14:16:29 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Aliu\Desktop\mbam-setup-1.65.0.1400.exe
    [2012/10/11 13:36:45 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/10/09 10:58:57 | 000,002,050 | -H-- | M] () -- C:\Users\Aliu\Documents\Default.rdp
    [2012/09/27 20:04:56 | 000,000,262 | ---- | M] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2012/09/24 15:28:21 | 504,791,916 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/09/19 10:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
    [2012/09/17 19:25:14 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Aliu\Desktop\TDSSKiller.exe
    [2012/09/17 17:38:14 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF
    [2012/09/17 11:31:59 | 000,000,254 | ---- | M] () -- C:\Windows\ODBC.INI

    ========== Files Created - No Company Name ==========

    [2012/10/12 13:46:58 | 000,001,508 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
    [2012/10/12 13:07:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/10/12 13:07:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/10/12 13:07:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/10/12 13:07:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/10/12 13:07:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/10/12 11:43:26 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1354656034-2485363117-3333568910-1309UA.job
    [2012/10/12 11:43:26 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1354656034-2485363117-3333568910-1309Core.job
    [2012/10/12 11:28:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2012/10/12 10:27:22 | 000,000,512 | ---- | C] () -- C:\Users\Aliu\Desktop\MBR.dat
    [2012/10/12 09:27:56 | 001,422,336 | ---- | C] () -- C:\Users\Aliu\Desktop\RogueKiller.exe
    [2012/10/11 17:09:45 | 002,193,278 | ---- | C] () -- C:\Users\Aliu\Desktop\tdsskiller.zip
    [2012/10/11 14:29:15 | 000,302,592 | ---- | C] () -- C:\Users\Aliu\Desktop\qkijjpqn.exe
    [2012/10/11 13:36:45 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2012/10/11 13:36:42 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/10/11 12:20:34 | 000,000,995 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
    [2012/09/27 20:04:53 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2012/09/24 13:57:43 | 504,791,916 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/09/18 12:46:12 | 000,002,715 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SonicWALL Global VPN Client.lnk
    [2012/09/17 17:38:14 | 000,001,594 | ---- | C] () -- C:\Windows\VPNInstall.MIF
    [2012/09/14 16:31:13 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    [2012/09/10 15:00:22 | 000,000,408 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
    [2012/09/10 14:53:34 | 000,923,876 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/09/10 14:13:39 | 000,000,254 | ---- | C] () -- C:\Windows\ODBC.INI
    [2012/09/10 10:01:06 | 000,002,412 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2012/09/09 16:18:15 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2012/09/09 16:18:14 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2012/09/09 16:18:13 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2012/09/09 16:18:12 | 013,903,360 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2012/09/09 16:18:12 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2012/08/28 10:04:34 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
    [2012/08/28 10:04:34 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
    [2012/08/28 10:04:34 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
    [2012/08/28 10:04:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
    [2012/08/28 10:04:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
    [2012/03/07 15:01:20 | 000,417,600 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

    ========== ZeroAccess Check ==========

    [2009/07/13 22:00:09 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:46 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/10/12 16:02:04 | 000,000,000 | ---D | M] -- C:\Users\Aliu\AppData\Roaming\.purple
    [2012/10/11 14:14:54 | 000,000,000 | ---D | M] -- C:\Users\Aliu\AppData\Roaming\DAEMON Tools Lite
    [2012/09/19 11:36:47 | 000,000,000 | ---D | M] -- C:\Users\Aliu\AppData\Roaming\gtk-2.0
    [2012/10/12 16:02:05 | 000,000,000 | ---D | M] -- C:\Users\Aliu\AppData\Roaming\ICAClient
    [2012/09/12 11:57:52 | 000,000,000 | ---D | M] -- C:\Users\Aliu\AppData\Roaming\Samsung

    ========== Purity Check ==========

    < End of report >
  17. Nathan Dauth

    Nathan Dauth Newcomer, in training Topic Starter Posts: 21

    OTL Extras logfile created on: 10/12/2012 4:21:31 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Aliu\Desktop
    64bit- Ultimate Edition N Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.88 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 47.87% Memory free
    7.77 Gb Paging File | 5.20 Gb Available in Paging File | 67.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 131.96 Gb Total Space | 54.86 Gb Free Space | 41.58% Space Free | Partition Type: NTFS
    Drive D: | 15.62 Gb Total Space | 5.58 Gb Free Space | 35.73% Space Free | Partition Type: NTFS
    Drive G: | 313.26 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: ALVIN-LAPTOP | User Name: aliu | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 61 01 DA 5A 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{94371DE4-2FCE-4BA7-8C08-4EF7E95D708E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
    "{BE1182FA-A0EE-4AA3-B5A9-05FB30814CE2}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00FD4E8F-EB13-4E07-888E-E2D3C6F985A7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
    "{0D64C1AE-3C6D-4AD6-BE04-87C64A0C244E}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
    "{10E94D9D-1788-4098-843C-5D3003FE05C3}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
    "{147D8150-165E-4F72-B452-D705858B09D9}" = dir=in | app=c:\program files (x86)\microsoft lync\communicator.exe |
    "{1EE6AFC7-F202-4B0B-BEAB-6743D181BE4E}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{1F6E5079-7B09-4958-9845-8D813D400BE6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
    "{25C7FF1B-0AEC-4AB9-AC75-1FC36175A61A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
    "{2C3E479A-BB0E-45A6-86B4-302AF3BF0E1F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{327F1C8B-1F82-467B-9D03-F3F12CCE5B0E}" = dir=in | app=c:\program files\microsoft lync\ucmapi64.exe |
    "{36FD7BFF-AD2C-4FBB-9EBF-E6921D995F9B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{468F429E-8A05-46F8-B922-9578ACAF9351}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{56912B15-437B-4737-A7AB-6B9E6EDC571F}" = dir=in | app=c:\program files (x86)\microsoft lync\ucmapi.exe |
    "{638992DE-A72C-47D8-AE0C-75E7F95259A3}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
    "{64523622-5A28-48EC-BC64-6183B289F01D}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
    "{7E03B190-867D-48EF-BB1B-978CE01840E5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
    "{944E31AC-2AD3-4E4F-93A7-5DC075103E48}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
    "{9CED9D9E-0DC9-42E9-BCA4-47AAD2530FD9}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
    "{A0496323-1EA9-4643-B96E-B915050DF5BF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
    "{B686CAE9-F407-4BA1-A45F-A462793D684E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{C2A4F3C3-82A2-4C19-AF55-8E8817249C37}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{C3C51393-D7E0-46D0-B4D0-398BC983FCF5}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
    "{E40175C2-D676-437E-891E-F0F69BB036F0}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{F1109001-BECC-4D66-BE5D-EB371B8BC6B6}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
    "{F593BC14-2A6A-454B-A02F-859EF0AF9FE1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
    "TCP Query User{245DCA98-9016-4C36-ADEC-409D1563A32A}C:\program files\sonicwall\sonicwall global vpn client\swgvc.exe" = protocol=6 | dir=in | app=c:\program files\sonicwall\sonicwall global vpn client\swgvc.exe |
    "TCP Query User{A9807972-F8E0-4578-A6E4-A268C37E02BC}C:\program files\sonicwall\sonicwall global vpn client\swgvc.exe" = protocol=6 | dir=in | app=c:\program files\sonicwall\sonicwall global vpn client\swgvc.exe |
    "UDP Query User{1C4039BF-6D5D-470C-BFA4-3CC5F659276D}C:\program files\sonicwall\sonicwall global vpn client\swgvc.exe" = protocol=17 | dir=in | app=c:\program files\sonicwall\sonicwall global vpn client\swgvc.exe |
    "UDP Query User{B717B89E-A497-48A1-858A-78F2C4A83F35}C:\program files\sonicwall\sonicwall global vpn client\swgvc.exe" = protocol=17 | dir=in | app=c:\program files\sonicwall\sonicwall global vpn client\swgvc.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
    "{0C270C59-8706-42B8-A2AD-6E5EE18BC90B}" = Microsoft SQL Server 2008 Reporting Services
    "{0C6C4C8A-3B96-4681-90BA-0E15CDE96298}" = Microsoft SQL Server 2008 Management Studio
    "{108C8C1D-DA02-4A6C-94CD-5603F6A6FC72}" = Microsoft SQL Server 2008 Management Studio
    "{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}" = Intel® PROSet/Wireless WiFi Software
    "{2453DBC8-ACC4-4711-BD03-0C15353AA3D8}" = Microsoft SQL Server 2008 Reporting Services
    "{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
    "{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit
    "{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
    "{53D7A054-4598-4947-A159-E8FCC77720AB}" = Microsoft Sync Framework Runtime v1.0 (x64)
    "{5D62CA9E-C68A-4BED-A1E9-7D38D9DDC2DB}" = Microsoft Online Services Sign-in Assistant
    "{5E2D889D-FAFC-4E76-A851-3695ABA1A76F}" = SonicWALL Global VPN Client
    "{5F588B19-C575-4750-86FD-6ED2B76E61F1}" = Intel® PROSet/Wireless WiMAX Software
    "{67C816AF-93F0-4C11-A355-AABC5FC00083}" = Microsoft SQL Server 2008 BI Development Studio
    "{6E2EE862-FEF9-408A-90BB-F5B4EC129C8E}" = Microsoft SQL Server 2008 Analysis Services
    "{817BCC2B-76A8-4C8B-8B55-FD916C6969CC}" = Microsoft Sync Services for ADO.NET v2.0 (x64)
    "{81BE0B17-563B-45D4-B198-5721E6C665CD}" = Microsoft Lync 2010
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUS_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
    "{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
    "{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUS_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{910A147A-75D7-4ECD-A00D-727AAC0FD0E7}" = Microsoft SQL Server 2008 Client Tools
    "{91730409-8000-11D3-8CFE-0150048383C9}" = Microsoft Application Error Reporting
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9DFA5914-C275-42E0-810E-C88E46A7F9EA}" = Microsoft SQL Server 2008 Full text search
    "{AE479CE0-753F-49C0-B8E6-79A37403999F}" = Microsoft SQL Server 2008 BI Development Studio
    "{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft Mouse and Keyboard Center
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.20
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.20
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.20
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B702C53B-D809-4DD3-8C77-23EC0C948959}" = Microsoft SQL Server 2008 Integration Services
    "{BAACB61F-43E0-4E70-BDC9-F81CC3B22970}" = Microsoft SQL Server 2008 Client Tools
    "{BCF5E733-D8A0-58DA-E667-37512D7871F2}" = Microsoft Dynamics ERP Management Reporter 2012 Server
    "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
    "{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}" = Microsoft SQL Server 2008 Native Client
    "{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D16D4F2A-C26C-4968-8285-3A2769E8C5C3}" = Microsoft Dynamics ERP Management Reporter 2012 Client
    "{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
    "{E35C24C7-231F-4AAB-8B22-A59F9A00BED3}" = Microsoft SQL Server 2008 RsFx Driver
    "{EB0A3BCB-B9DF-4906-B066-BDEC6E213B91}" = Microsoft SQL Server 2008 Setup Support Files (English)
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F01EC9B9-21B4-441E-958A-1E01098B03BE}" = Microsoft SQL Server 2008 Analysis Services
    "{F4264106-F90E-4076-98CF-1B878DB14513}" = SQL Server System CLR Types
    "{F5459EB2-A662-4EB3-AD94-E771DC2F542A}" = Dexterity Shared Components 11.0 (64-bit)
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F5FEEB7E-F647-4D18-85BA-096750A15547}" = Microsoft SQL Server 2008 Integration Services
    "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
    "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
    "Bomgar Representative Console [helpdesk.dynamicmethods.net]" = Bomgar Representative Console [helpdesk.dynamicmethods.net]
    "CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD
    "EA1C8ECD4E416637C38F0079F98C8C7B0A112265" = Windows Driver Package - Intel (NETwLv64) net (10/07/2010 13.4.0.139)
    "LENOVO.SMIIF" = Lenovo System Interface Driver
    "LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "OnScreenDisplay" = On Screen Display
    "Power Management Driver" = Lenovo Power Management Driver
    "ProInst" = Intel PROSet Wireless
    "PROSet" = Intel(R) Network Connections Drivers
    "SynTPDeinstKey" = ThinkPad UltraNav Driver
    "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
    "VLC media player" = VLC media player 2.1.0-git-20120918-0402

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01C5A10F-AD9B-405B-853A-6659841A1242}" = Microsoft SQL Server 2008 Policies
    "{0A561DC3-36F0-4EBA-961D-531F82D053C9}" = Self-service Plug-in
    "{0EB183F5-17C6-45AA-96EC-888C615AD53C}" = Citrix Receiver (HDX Flash Redirection)
    "{0F0447B4-6DDD-4831-933A-1EDF52091150}" = SnagIt 8
    "{171D8D76-3F05-455A-A8AF-C561C2679905}" = Open XML SDK 2.0 for Microsoft Office
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{234AB115-C6C4-4ACB-A029-8845120E4F37}" = Online Plug-in
    "{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
    "{3431A7A3-6287-46B0-8AF1-BE2452A1FE62}" = Microsoft SQL Server 2008 Books Online (English)
    "{36B6CCCF-97C3-4BC3-8890-A2E778C0037E}" = Citrix Receiver Updater
    "{37334614-FAB1-4C67-9973-BC6C1DF82DAE}" = Citrix Receiver(USB)
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "{5508128A-2C7B-46B5-81F9-58E8E8115F0B}" = AdblockIE
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}" = Microsoft SQL Server Compact 3.5 SP1 Query Tools English
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8AF10E19-4330-4077-A1B5-491ACDC24B08}" = Microsoft Lync 2010 SDK Runtime
    "{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
    "{9D3D2C60-A55F-4fed-B2B9-17311226DF01}" = ThinkPad Wireless LAN Adapter Software
    "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
    "{ABD43F00-91CA-4BDC-A28E-CB3271A39386}" = Citrix Receiver(DV)
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1147
    "{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}" = Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
    "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
    "{DC90A0A6-2D90-493E-8D13-D54AD123B9FD}" = Microsoft Dynamics GP 2010
    "{DC90A0A6-2D90-493E-8D13-D54AD123B9FD}_Ex" = Microsoft Dynamics GP 2010
    "{DD60885C-0CBE-40D8-AA14-11D8EDD7D97C}" = Citrix Receiver Inside
    "{DD811185-0A2F-460A-B1DD-D786E6034011}" = Citrix Receiver(Aero)
    "{DFD30824-6BD0-34E1-ABE8-308AD3CBB9A0}" = Google Talk Plugin
    "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
    "{E8FC7C4A-FE4E-4356-A1B7-4DC57620DD5C}" = Citrix Authentication Manager
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.14.18.01
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "CitrixOnlinePluginPackWeb" = Citrix Receiver
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Pidgin" = Pidgin
    "WinRAR archiver" = WinRAR archiver
    "WinZip" = WinZip
    "World of Warcraft" = World of Warcraft

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1354656034-2485363117-3333568910-1309\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Amazon Kindle" = Amazon Kindle

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 10/12/2012 2:34:24 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = Report Server Windows Service (MSSQLSERVER) | ID = 107
    Description = Report Server Windows Service (MSSQLSERVER) cannot connect to the
    report server database.

    Error - 10/12/2012 2:34:26 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = Report Server Windows Service (MSSQLSERVER) | ID = 107
    Description = Report Server Windows Service (MSSQLSERVER) cannot connect to the
    report server database.

    Error - 10/12/2012 7:02:50 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = WinMgmt | ID = 10
    Description =

    Error - 10/12/2012 7:02:55 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = MSSQLSERVER | ID = 17187
    Description = SQL Server is not ready to accept new client connections. Wait a few
    minutes before trying again. If you have access to the error log, look for the
    informational message that indicates that SQL Server is ready before trying to connect
    again. [CLIENT: 192.168.100.33]

    Error - 10/12/2012 7:02:55 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = Report Server Windows Service (MSSQLSERVER) | ID = 107
    Description = Report Server Windows Service (MSSQLSERVER) cannot connect to the
    report server database.

    Error - 10/12/2012 7:02:56 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = Report Server Windows Service (MSSQLSERVER) | ID = 107
    Description = Report Server Windows Service (MSSQLSERVER) cannot connect to the
    report server database.

    Error - 10/12/2012 7:03:04 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = Management Reporter Report Designer | ID = 0
    Description =

    Error - 10/12/2012 7:03:04 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = Management Reporter Report Designer | ID = 0
    Description = Microsoft.Dynamics.Performance.Reporting.Common.ReportingServerNotFoundException:
    The server could not be found. Make sure the server address is correct. at Microsoft.Dynamics.Performance.Reporting.Common.Service.ClientBase.Execute[TExec](Func`1
    executor, Action`1 handler) at Microsoft.Dynamics.Performance.Reporting.Security.Client.InformationClient.HostIdentity()
    at Microsoft.Dynamics.Performance.Reporting.Security.Client.SecurityManager.<>c__DisplayClassc.<TestServiceConnection>b__a()
    at Microsoft.Dynamics.Performance.Reporting.Common.ExceptionHandling.<>c__DisplayClass1`2.<MakeHandler>b__0(Func`1
    execute)

    Error - 10/12/2012 7:03:06 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = Management Reporter Report Designer | ID = 0
    Description =

    Error - 10/12/2012 7:03:06 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = Management Reporter Report Designer | ID = 0
    Description = Microsoft.Dynamics.Performance.Reporting.Common.ReportingServerNotFoundException:
    The server could not be found. Make sure the server address is correct. at Microsoft.Dynamics.Performance.Reporting.Common.Service.ClientBase.Execute[TExec](Func`1
    executor, Action`1 handler) at Microsoft.Dynamics.Performance.Reporting.Security.Client.InformationClient.HostIdentity()
    at Microsoft.Dynamics.Performance.Reporting.Security.Client.SecurityManager.<>c__DisplayClassc.<TestServiceConnection>b__a()
    at Microsoft.Dynamics.Performance.Reporting.Common.ExceptionHandling.<>c__DisplayClass1`2.<MakeHandler>b__0(Func`1
    execute)

    [ System Events ]
    Error - 10/12/2012 12:09:49 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = Microsoft-Windows-GroupPolicy | ID = 1129
    Description = The processing of Group Policy failed because of lack of network connectivity
    to a domain controller. This may be a transient condition. A success message would
    be generated once the machine gets connected to the domain controller and Group
    Policy has succesfully processed. If you do not see a success message for several
    hours, then contact your administrator.

    Error - 10/12/2012 12:09:49 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = Microsoft-Windows-GroupPolicy | ID = 1129
    Description = The processing of Group Policy failed because of lack of network connectivity
    to a domain controller. This may be a transient condition. A success message would
    be generated once the machine gets connected to the domain controller and Group
    Policy has succesfully processed. If you do not see a success message for several
    hours, then contact your administrator.

    Error - 10/12/2012 2:34:14 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = NETLOGON | ID = 5719
    Description = This computer was not able to set up a secure session with a domain
    controller
    in domain DM0 due to the following: %%1311 This may lead to authentication problems.
    Make sure that this computer is connected to the network. If the problem persists,
    please
    contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
    for the specified domain, it sets up the secure session to the primary domain controller
    emulator in the specified domain. Otherwise, this computer sets up the secure session
    to any domain controller in the specified domain.

    Error - 10/12/2012 2:34:27 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SWIPsec

    Error - 10/12/2012 3:51:14 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = DCOM | ID = 10010
    Description =

    Error - 10/12/2012 4:09:30 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 10/12/2012 4:10:51 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 10/12/2012 4:11:15 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 10/12/2012 7:02:43 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = NETLOGON | ID = 5719
    Description = This computer was not able to set up a secure session with a domain
    controller
    in domain DM0 due to the following: %%1311 This may lead to authentication problems.
    Make sure that this computer is connected to the network. If the problem persists,
    please
    contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
    for the specified domain, it sets up the secure session to the primary domain controller
    emulator in the specified domain. Otherwise, this computer sets up the secure session
    to any domain controller in the specified domain.

    Error - 10/12/2012 7:02:57 PM | Computer Name = ALVIN-LAPTOP.dm.int | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SWIPsec


    < End of report >
  18. Nathan Dauth

    Nathan Dauth Newcomer, in training Topic Starter Posts: 21

    Windows firewall is running again, and I haven't gotten any search redirects. Functionality seems to be restored, although I'm occasionally getting a problem when I open up an application. It gives me an error regarding registry entries, although restarting seems to clear up the problem. Also I'm having trouble with adobe pdf previewer in outlook. Do I need to reinstall some of my programs? I'll keep testing and let you know what else I find.

    Thanks so much for your help.
  19. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    It's a good chance that some programs got corrupted so you may need to reinstall those.

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
      O4 - Startup: C:\Users\Aliu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found
      [2009/07/13 22:00:09 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:46 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ===================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  20. Nathan Dauth

    Nathan Dauth Newcomer, in training Topic Starter Posts: 21

    Log from the custom fix:

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    C:\Users\Aliu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk moved successfully.
    C:\Windows\assembly\Desktop.ini moved successfully.
    File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
    File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
    File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
    File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
    File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
    Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
    Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Aliu
    ->Temp folder emptied: 4068682 bytes
    ->Temporary Internet Files folder emptied: 327826947 bytes
    ->Java cache emptied: 102096 bytes
    ->Flash cache emptied: 2084 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 11600 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 317.00 mb


    [EMPTYJAVA]

    User: Aliu
    ->Java cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Aliu
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 10122012_203335
    Files\Folders moved on Reboot...
    C:\Users\Aliu\AppData\Local\Temp\ExchangePerflog_8484fa310d6c5a69cfcccd43.dat moved successfully.
    C:\Users\Aliu\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Aliu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TYNV1LZI\ads[1].htm moved successfully.
    C:\Users\Aliu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TYNV1LZI\need-help-removing-malware[2].htm moved successfully.
    C:\Users\Aliu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TYNV1LZI\p-01-0VIaSjnOLg[1].gif moved successfully.
    C:\Users\Aliu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DUXI2KKW\partner[1].htm moved successfully.
    C:\Users\Aliu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DJ56EX58\918[1].htm moved successfully.
    C:\Users\Aliu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DJ56EX58\fights[1].htm moved successfully.
    C:\Users\Aliu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B1FS9LEX\iframe[1].htm moved successfully.
    C:\Users\Aliu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AEQ7KMJ7\partner[3].htm moved successfully.
    C:\Users\Aliu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5DT3067S\ads[1].htm moved successfully.
    C:\Users\Aliu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\Aliu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
  21. Nathan Dauth

    Nathan Dauth Newcomer, in training Topic Starter Posts: 21

    Security Check:

    Results of screen317's Security Check version 0.99.51
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.0.1400
    Adobe Reader X (10.1.4)
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Common Files Microsoft Shared Microsoft Online Services MSOIDSVC.EXE
    Common Files Microsoft Shared Microsoft Online Services MSOIDSvcm.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 4%
    ````````````````````End of Log``````````````````````
  22. Nathan Dauth

    Nathan Dauth Newcomer, in training Topic Starter Posts: 21

    FSS:

    Farbar Service Scanner Version: 07-10-2012
    Ran by aliu (administrator) on 12-10-2012 at 20:42:35
    Running from "C:\Users\Aliu\Desktop"
    Microsoft Windows 7 Ultimate N Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
  23. Nathan Dauth

    Nathan Dauth Newcomer, in training Topic Starter Posts: 21

    AdwCleaner:

    # AdwCleaner v2.004 - Logfile created 10/12/2012 at 20:47:13
    # Updated 06/10/2012 by Xplode
    # Operating system : Windows 7 Ultimate N Service Pack 1 (64 bits)
    # User : aliu - ALVIN-LAPTOP
    # Boot Mode : Normal
    # Running from : C:\Users\Aliu\Desktop\adwcleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****

    ***** [Registry] *****
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16421
    [OK] Registry is clean.
    *************************
    AdwCleaner[S1].txt - [1371 octets] - [12/10/2012 20:47:13]
    ########## EOF - C:\AdwCleaner[S1].txt - [1431 octets] ##########
  24. Nathan Dauth

    Nathan Dauth Newcomer, in training Topic Starter Posts: 21

    I wasn't sure if I was supposed to uninstall the application on close. Or delete quarantined files? Thanks.

    C:\ProgramData\Microsoft\Windows\DRM\8ED4.tmp Win64/Olmarik.AO trojan cleaned by deleting - quarantined
    C:\ProgramData\Microsoft\Windows\DRM\8ED5.tmp Win64/Olmarik.AO trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\11.10.2012_17.10.18\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\11.10.2012_17.10.18\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\11.10.2012_17.10.18\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
  25. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    It really doesn't matter...

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    13. Please, let me know, how your computer is doing.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.