Solved Trojan

[JuiceBox]

Another strike sadly. Same error message as before. Here's the fixlog if needed:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-09-2012
Ran by SYSTEM at 2012-09-19 16:13:33 Run:6
Running from F:\
==============================================
Could not find Y:\boot\BCD.Y.
c:\frst\hives\BCD.Y copied successfully to Y:\boot\BCD.Y
========= ren Y:\boot\BCD.Y BCD =========
The system cannot find the file specified.
========= End of CMD: =========

========= bcdedit /enum all /store y:\boot\bcd =========
The boot configuration data store could not be opened.
The system cannot find the file specified.
========= End of CMD: =========

========= Bcdedit /set {default} device partition=Y: /store y:\boot\bcd =========
The boot configuration data store could not be opened.
The system cannot find the file specified.
========= End of CMD: =========

========= Bcdedit /set {default} osdevice partition=C: /store y:\boot\bcd =========
The boot configuration data store could not be opened.
The system cannot find the file specified.
========= End of CMD: =========

========= Bcdedit /set {bootmgr} device partition=Y: /store y:\boot\bcd =========
The boot configuration data store could not be opened.
The system cannot find the file specified.
========= End of CMD: =========

========= Bcdedit /set {memdiag} path \boot\memtest.exe /store y:\boot\bcd =========
The boot configuration data store could not be opened.
The system cannot find the file specified.
========= End of CMD: =========

========= bcdedit /enum all =========
The boot configuration data store could not be opened.
The system cannot find the file specified.
========= End of CMD: =========

========= bcdedit /enum all /store y:\boot\bcd =========
The boot configuration data store could not be opened.
The system cannot find the file specified.
========= End of CMD: =========

==== End of Fixlog ====

 

[Broni]

OK. I'll forward the result.

 

[Broni]

Very well.
FRSt has been updated again so delete your file and download new one.

Then...

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

While still in recovery environment....

• For x32 (x86) bit systems download ListParts to a USB flash drive.
• For x64 bit systems download ListParts64 to a USB flash drive.
• Plug the USB drive into the infected machine.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\listparts (for x64 bit version type e:\listparts64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• Press Scan button.
• It will make a log (Result.txt) on the flash drive. Please copy and paste it to your reply.

I'll expect two logs:
- Fixlog.txt
- Result.txt

Then you can try to boot normally.

 

[JuiceBox]

No luck booting normally. Here is the fixlog.txt:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-09-2012
Ran by SYSTEM at 2012-09-20 19:11:13 Run:7
Running from G:\
==============================================
Y:\boot\BCD.Y moved successfully.
c:\frst\hives\BCD.Y copied successfully to Y:\boot\BCD.Y
========= ren Y:\boot\BCD.Y BCD =========
The system cannot find the file specified.
========= End of CMD: =========

========= bcdedit /enum all /store y:\boot\bcd =========
The boot configuration data store could not be opened.
The system cannot find the file specified.
========= End of CMD: =========

========= Bcdedit /set {default} device partition=Y: /store y:\boot\bcd =========
The boot configuration data store could not be opened.
The system cannot find the file specified.
========= End of CMD: =========

========= Bcdedit /set {default} osdevice partition=C: /store y:\boot\bcd =========
The boot configuration data store could not be opened.
The system cannot find the file specified.
========= End of CMD: =========

========= Bcdedit /set {bootmgr} device partition=Y: /store y:\boot\bcd =========
The boot configuration data store could not be opened.
The system cannot find the file specified.
========= End of CMD: =========

========= Bcdedit /set {memdiag} path \boot\memtest.exe /store y:\boot\bcd =========
The boot configuration data store could not be opened.
The system cannot find the file specified.
========= End of CMD: =========

========= bcdedit /enum all =========
The boot configuration data store could not be opened.
The system cannot find the file specified.
========= End of CMD: =========

========= bcdedit /enum all /store y:\boot\bcd =========
The boot configuration data store could not be opened.
The system cannot find the file specified.
========= End of CMD: =========

==== End of Fixlog ====

 

[JuiceBox]

And here's the Results.txt:
ListParts by Farbar Version: 17-09-2012
Ran by SYSTEM (administrator) on 20-09-2012 at 19:12:22
Windows 7 (X64)
Running From: G:\
Language: 0409
************************************************************
========================= Memory info ======================
Percentage of memory in use: 8%
Total physical RAM: 8174.63 MB
Available physical RAM: 7472.31 MB
Total Pagefile: 8172.78 MB
Available Pagefile: 7450.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
======================= Partitions =========================
1 Drive c: (OS) (Fixed) (Total:919.21 GB) (Free:666.13 GB) NTFS
2 Drive e: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
4 Drive g: (KINGSTON) (Removable) (Total:3.6 GB) (Free:2.25 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (RECOVERY) (Fixed) (Total:12.25 GB) (Free:5.62 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 13 MB
Disk 1 Online 3695 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 12 GB 40 MB
Partition 3 Primary 919 GB 12 GB
======================================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 39 MB Healthy Hidden
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 12 GB Healthy
======================================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 919 GB Healthy
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3694 MB 31 KB
======================================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 G KINGSTON FAT32 Removable 3694 MB Healthy
======================================================================================================
****** End Of Log ******

 

[Broni]

Did you use the newest FRST version?

 

[JuiceBox]

Yeah, I redownloaded from the link you gave me earlier on in the topic.

 

[Broni]

I'll forward your message.

 

[Broni]

I apologize. I see I didn't attach any fix to my previous reply.

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Then try to start normally.

 

[JuiceBox]

Hey, wow, startup worked! I mean, I saw one error message along the lines of csc.exe stopped working, but booting mormally did work. Here's the fixlog:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-09-2012
Ran by SYSTEM at 2012-09-21 20:29:33 Run:8
Running from F:\
==============================================
Y:\boot\BCD.Y moved successfully.
c:\frst\hives\BCD.Y copied successfully to Y:\boot\BCD.Y
Could not find Y:\boot\BCD.
Y:\boot\BCD.Y moved successfully to Y:\boot\BCD
========= bcdedit /enum all /store y:\boot\bcd =========

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=Y:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {default}
resumeobject {c3ab7f58-2b32-11e0-a8d2-782bcb7ccbeb}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30
Windows Boot Loader
-------------------
identifier {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {c3ab7f5a-2b32-11e0-a8d2-782bcb7ccbeb}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {c3ab7f58-2b32-11e0-a8d2-782bcb7ccbeb}
nx OptIn
Windows Boot Loader
-------------------
identifier {c3ab7f5a-2b32-11e0-a8d2-782bcb7ccbeb}
device ramdisk=[Y:]\Recovery\WindowsRE\Winre.wim,{c3ab7f5b-2b32-11e0-a8d2-782bcb7ccbeb}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[Y:]\Recovery\WindowsRE\Winre.wim,{c3ab7f5b-2b32-11e0-a8d2-782bcb7ccbeb}
systemroot \windows
nx OptIn
winpe Yes
Resume from Hibernate
---------------------
identifier {c3ab7f58-2b32-11e0-a8d2-782bcb7ccbeb}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {memdiag}
device partition=Y:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes
EMS Settings
------------
identifier {emssettings}
bootems Yes
Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM Defects
-----------
identifier {badmemory}
Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}
Device options
--------------
identifier {c3ab7f5b-2b32-11e0-a8d2-782bcb7ccbeb}
description Ramdisk Options
ramdisksdidevice partition=Y:
ramdisksdipath \Recovery\WindowsRE\boot.sdi
========= End of CMD: =========

========= Bcdedit /set {default} device partition=Y: /store y:\boot\bcd =========
The operation completed successfully.
========= End of CMD: =========

========= Bcdedit /set {default} osdevice partition=C: /store y:\boot\bcd =========
The operation completed successfully.
========= End of CMD: =========

========= Bcdedit /set {bootmgr} device partition=Y: /store y:\boot\bcd =========
The operation completed successfully.
========= End of CMD: =========

========= Bcdedit /set {memdiag} path \boot\memtest.exe /store y:\boot\bcd =========
The operation completed successfully.
========= End of CMD: =========

========= bcdedit /enum all =========
The boot configuration data store could not be opened.
The system cannot find the file specified.
========= End of CMD: =========

========= bcdedit /enum all /store y:\boot\bcd =========

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=Y:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {default}
resumeobject {c3ab7f58-2b32-11e0-a8d2-782bcb7ccbeb}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30
Windows Boot Loader
-------------------
identifier {default}
device partition=Y:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {c3ab7f5a-2b32-11e0-a8d2-782bcb7ccbeb}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {c3ab7f58-2b32-11e0-a8d2-782bcb7ccbeb}
nx OptIn
Windows Boot Loader
-------------------
identifier {c3ab7f5a-2b32-11e0-a8d2-782bcb7ccbeb}
device ramdisk=[Y:]\Recovery\WindowsRE\Winre.wim,{c3ab7f5b-2b32-11e0-a8d2-782bcb7ccbeb}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[Y:]\Recovery\WindowsRE\Winre.wim,{c3ab7f5b-2b32-11e0-a8d2-782bcb7ccbeb}
systemroot \windows
nx OptIn
winpe Yes
Resume from Hibernate
---------------------
identifier {c3ab7f58-2b32-11e0-a8d2-782bcb7ccbeb}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {memdiag}
device partition=Y:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes
EMS Settings
------------
identifier {emssettings}
bootems Yes
Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM Defects
-----------
identifier {badmemory}
Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}
Device options
--------------
identifier {c3ab7f5b-2b32-11e0-a8d2-782bcb7ccbeb}
description Ramdisk Options
ramdisksdidevice partition=Y:
ramdisksdipath \Recovery\WindowsRE\boot.sdi
========= End of CMD: =========

==== End of Fixlog ====

 

[JuiceBox]

And here's an updated Results.txt if you want:
ListParts by Farbar Version: 17-09-2012
Ran by SYSTEM (administrator) on 21-09-2012 at 20:30:30
Windows 7 (X64)
Running From: F:\
Language: 0409
************************************************************
========================= Memory info ======================
Percentage of memory in use: 8%
Total physical RAM: 8174.63 MB
Available physical RAM: 7470.57 MB
Total Pagefile: 8172.78 MB
Available Pagefile: 7452.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
======================= Partitions =========================
1 Drive c: (OS) (Fixed) (Total:919.21 GB) (Free:666.13 GB) NTFS
2 Drive e: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
3 Drive f: (KINGSTON) (Removable) (Total:3.6 GB) (Free:2.25 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (RECOVERY) (Fixed) (Total:12.25 GB) (Free:5.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 13 MB
Disk 1 Online 3695 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 12 GB 40 MB
Partition 3 Primary 919 GB 12 GB
======================================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 39 MB Healthy Hidden
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 12 GB Healthy
======================================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 919 GB Healthy
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3694 MB 31 KB
======================================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F KINGSTON FAT32 Removable 3694 MB Healthy
======================================================================================================
****** End Of Log ******

 

[Broni]

Excellent!
I'll deliver good news to my colleague and we'll go from there

 

[Broni]

Very well.
Let's re-run some scans....

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

=================================

• Download RogueKiller on the desktop
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

===================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

===================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[JuiceBox]

Yeah, I mean the scans are going all good, so I'll post them tommorow or whatever (Malwarebytes and aswMBR take forever to scan) But I find it sort of weird how I can't seem to access anything on the C drive other than a select few things. Like, all the old icons on the desktop are missing, and when I search up programs on the search bar, nothing comes up, despite being clearly shown on by Malwarebytes to exist. Is it something to do with the fix you gave me previously? Did it sort of mess around with the partitions on my hard drive a little? Just curious

 

[Broni]

Let's see, if we can recover your missing features.
Download and run UnHide
Let me know, if it worked.

 

[JuiceBox]

1. UnHide worked, so thanks for that, and two, here's the TDSS results log, part 1:
10:47:57.0856 4732 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
10:47:57.0856 4732 ============================================================
10:47:57.0856 4732 Current date / time: 2012/09/22 10:47:57.0856
10:47:57.0856 4732 SystemInfo:
10:47:57.0856 4732
10:47:57.0856 4732 OS Version: 6.1.7601 ServicePack: 1.0
10:47:57.0856 4732 Product type: Workstation
10:47:57.0856 4732 ComputerName: NEWDELL
10:47:57.0856 4732 UserName: Landie
10:47:57.0856 4732 Windows directory: C:\Windows
10:47:57.0856 4732 System windows directory: C:\Windows
10:47:57.0856 4732 Running under WOW64
10:47:57.0856 4732 Processor architecture: Intel x64
10:47:57.0856 4732 Number of processors: 8
10:47:57.0856 4732 Page size: 0x1000
10:47:57.0856 4732 Boot type: Normal boot
10:47:57.0856 4732 ============================================================
10:47:59.0244 4732 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:47:59.0276 4732 Drive \Device\Harddisk5\DR5 - Size: 0xE6F4B800 (3.61 Gb), SectorSize: 0x200, Cylinders: 0x1D7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:47:59.0276 4732 ============================================================
10:47:59.0276 4732 \Device\Harddisk0\DR0:
10:47:59.0276 4732 MBR partitions:
10:47:59.0276 4732 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x187F000
10:47:59.0276 4732 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1893000, BlocksNum 0x72E6C5B0
10:47:59.0276 4732 \Device\Harddisk5\DR5:
10:47:59.0276 4732 MBR partitions:
10:47:59.0276 4732 \Device\Harddisk5\DR5\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x7372A1
10:47:59.0276 4732 ============================================================
10:47:59.0354 4732 C: <-> \Device\Harddisk0\DR0\Partition2
10:47:59.0354 4732 ============================================================
10:47:59.0354 4732 Initialize success
10:47:59.0354 4732 ============================================================
10:48:05.0765 2372 ============================================================
10:48:05.0765 2372 Scan started
10:48:05.0765 2372 Mode: Manual;
10:48:05.0765 2372 ============================================================
10:48:05.0984 2372 ================ Scan system memory ========================
10:48:05.0984 2372 System memory - ok
10:48:05.0984 2372 ================ Scan services =============================
10:48:06.0296 2372 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:48:06.0342 2372 1394ohci - ok
10:48:06.0514 2372 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:48:06.0514 2372 ACPI - ok
10:48:06.0857 2372 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:48:06.0857 2372 AcpiPmi - ok
10:48:06.0982 2372 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:48:07.0013 2372 adp94xx - ok
10:48:07.0263 2372 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:48:07.0528 2372 adpahci - ok
10:48:07.0668 2372 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:48:07.0684 2372 adpu320 - ok
10:48:07.0731 2372 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:48:07.0731 2372 AeLookupSvc - ok
10:48:07.0918 2372 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:48:08.0058 2372 AFD - ok
10:48:08.0152 2372 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:48:08.0168 2372 agp440 - ok
10:48:08.0246 2372 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:48:08.0246 2372 ALG - ok
10:48:08.0370 2372 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:48:08.0464 2372 aliide - ok
10:48:08.0667 2372 [ F0E61CF2C0FDA5B011CD1CB2E2353C9A ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:48:08.0714 2372 AMD External Events Utility - ok
10:48:08.0776 2372 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:48:08.0792 2372 amdide - ok
10:48:08.0838 2372 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:48:08.0854 2372 AmdK8 - ok
10:48:08.0994 2372 [ CF3DB4D8B2CE0B282AB39C9D846ECA74 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:48:09.0166 2372 amdkmdag - ok
10:48:09.0197 2372 [ 7D07DB26F6D3A16A6C8D34CE6C09FD01 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
10:48:09.0213 2372 amdkmdap - ok
10:48:09.0306 2372 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:48:09.0306 2372 AmdPPM - ok
10:48:09.0369 2372 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:48:09.0369 2372 amdsata - ok
10:48:09.0431 2372 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:48:09.0447 2372 amdsbs - ok
10:48:09.0462 2372 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:48:09.0462 2372 amdxata - ok
10:48:09.0525 2372 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:48:09.0540 2372 AppID - ok
10:48:09.0556 2372 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:48:09.0572 2372 AppIDSvc - ok
10:48:09.0634 2372 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:48:09.0665 2372 Appinfo - ok
10:48:09.0821 2372 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:48:09.0821 2372 Apple Mobile Device - ok
10:48:09.0884 2372 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:48:09.0899 2372 arc - ok
10:48:09.0915 2372 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:48:09.0915 2372 arcsas - ok
10:48:09.0962 2372 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:48:09.0977 2372 AsyncMac - ok
10:48:10.0024 2372 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:48:10.0040 2372 atapi - ok
10:48:10.0102 2372 [ 6C342CE58E8F4A847E407833D6536CE3 ] athrusb C:\Windows\system32\DRIVERS\athrxusb.sys
10:48:10.0164 2372 athrusb - ok
10:48:10.0227 2372 [ AEC505976EF01BBD8F57CBA912F39259 ] athrusb6 C:\Windows\system32\DRIVERS\athrxu6.sys
10:48:10.0289 2372 athrusb6 - ok
10:48:10.0352 2372 [ 637E0753BD6DEB8EA5314A5C357EC1A0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
10:48:10.0367 2372 AtiHdmiService - ok
10:48:10.0445 2372 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:48:10.0492 2372 AudioEndpointBuilder - ok
10:48:10.0508 2372 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:48:10.0508 2372 AudioSrv - ok
10:48:10.0586 2372 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:48:10.0617 2372 AxInstSV - ok
10:48:10.0679 2372 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:48:10.0710 2372 b06bdrv - ok
10:48:10.0757 2372 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:48:10.0788 2372 b57nd60a - ok
10:48:10.0835 2372 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:48:10.0851 2372 BDESVC - ok
10:48:10.0898 2372 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:48:10.0898 2372 Beep - ok
10:48:10.0976 2372 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:48:11.0038 2372 BFE - ok
10:48:11.0116 2372 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
10:48:11.0178 2372 BITS - ok
10:48:11.0225 2372 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:48:11.0241 2372 blbdrive - ok
10:48:11.0350 2372 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:48:11.0350 2372 Bonjour Service - ok
10:48:11.0428 2372 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:48:11.0444 2372 bowser - ok
10:48:11.0459 2372 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:48:11.0459 2372 BrFiltLo - ok
10:48:11.0475 2372 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:48:11.0490 2372 BrFiltUp - ok
10:48:11.0537 2372 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:48:11.0553 2372 BridgeMP - ok
10:48:11.0584 2372 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:48:11.0631 2372 Browser - ok
10:48:11.0646 2372 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:48:11.0646 2372 Brserid - ok
10:48:11.0662 2372 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:48:11.0678 2372 BrSerWdm - ok
10:48:11.0678 2372 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:48:11.0693 2372 BrUsbMdm - ok
10:48:11.0693 2372 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:48:11.0693 2372 BrUsbSer - ok
10:48:11.0709 2372 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:48:11.0724 2372 BTHMODEM - ok
10:48:11.0740 2372 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:48:11.0756 2372 bthserv - ok
10:48:11.0771 2372 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:48:11.0787 2372 cdfs - ok
10:48:11.0834 2372 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
10:48:11.0865 2372 cdrom - ok
10:48:11.0912 2372 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:48:11.0943 2372 CertPropSvc - ok
10:48:11.0990 2372 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:48:12.0005 2372 circlass - ok
10:48:12.0021 2372 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:48:12.0021 2372 CLFS - ok
10:48:12.0083 2372 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:48:12.0146 2372 clr_optimization_v2.0.50727_32 - ok
10:48:12.0192 2372 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:48:12.0208 2372 clr_optimization_v2.0.50727_64 - ok
10:48:12.0317 2372 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:48:12.0380 2372 clr_optimization_v4.0.30319_32 - ok
10:48:12.0395 2372 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:48:12.0426 2372 clr_optimization_v4.0.30319_64 - ok
10:48:12.0458 2372 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:48:12.0473 2372 CmBatt - ok
10:48:12.0504 2372 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:48:12.0504 2372 cmdide - ok
10:48:12.0567 2372 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
10:48:12.0567 2372 CNG - ok
10:48:12.0614 2372 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:48:12.0614 2372 Compbatt - ok
10:48:12.0660 2372 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:48:12.0660 2372 CompositeBus - ok
10:48:12.0660 2372 COMSysApp - ok
10:48:12.0676 2372 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:48:12.0692 2372 crcdisk - ok
10:48:12.0738 2372 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:48:12.0738 2372 CryptSvc - ok
10:48:12.0770 2372 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:48:12.0785 2372 DcomLaunch - ok
10:48:12.0816 2372 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:48:12.0832 2372 defragsvc - ok
10:48:12.0879 2372 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:48:12.0894 2372 DfsC - ok
10:48:12.0941 2372 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:48:12.0988 2372 Dhcp - ok
10:48:13.0019 2372 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:48:13.0035 2372 discache - ok
10:48:13.0066 2372 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:48:13.0066 2372 Disk - ok
10:48:13.0097 2372 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:48:13.0160 2372 Dnscache - ok
10:48:13.0206 2372 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:48:13.0253 2372 dot3svc - ok
10:48:13.0300 2372 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:48:13.0300 2372 DPS - ok
10:48:13.0347 2372 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:48:13.0347 2372 drmkaud - ok
10:48:13.0394 2372 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:48:13.0425 2372 DXGKrnl - ok
10:48:13.0472 2372 EagleX64 - ok
10:48:13.0503 2372 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:48:13.0518 2372 EapHost - ok
10:48:13.0596 2372 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:48:13.0706 2372 ebdrv - ok
10:48:13.0737 2372 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:48:13.0752 2372 EFS - ok
10:48:13.0830 2372 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:48:13.0877 2372 ehRecvr - ok
10:48:13.0908 2372 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:48:13.0940 2372 ehSched - ok
10:48:13.0971 2372 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:48:14.0018 2372 elxstor - ok
10:48:14.0064 2372 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:48:14.0080 2372 ErrDev - ok
10:48:14.0127 2372 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:48:14.0127 2372 EventSystem - ok
10:48:14.0174 2372 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:48:14.0189 2372 exfat - ok
10:48:14.0205 2372 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:48:14.0205 2372 fastfat - ok
10:48:14.0236 2372 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:48:14.0252 2372 Fax - ok
10:48:14.0314 2372 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:48:14.0330 2372 fdc - ok
10:48:14.0345 2372 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:48:14.0361 2372 fdPHost - ok
10:48:14.0361 2372 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:48:14.0376 2372 FDResPub - ok
10:48:14.0423 2372 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:48:14.0423 2372 FileInfo - ok
10:48:14.0423 2372 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:48:14.0454 2372 Filetrace - ok
10:48:14.0517 2372 [ 8669BE94F63944E4F899C3950B520241 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:48:14.0642 2372 FLEXnet Licensing Service - ok
10:48:14.0673 2372 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:48:14.0673 2372 flpydisk - ok
10:48:14.0704 2372 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:48:14.0704 2372 FltMgr - ok
10:48:14.0751 2372 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
10:48:14.0766 2372 FontCache - ok
10:48:14.0860 2372 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:48:14.0876 2372 FontCache3.0.0.0 - ok
10:48:14.0876 2372 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:48:14.0891 2372 FsDepends - ok
10:48:14.0922 2372 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:48:14.0922 2372 Fs_Rec - ok
10:48:14.0954 2372 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:48:14.0954 2372 fvevol - ok
10:48:14.0969 2372 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:48:14.0985 2372 gagp30kx - ok
10:48:15.0032 2372 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:48:15.0047 2372 GEARAspiWDM - ok
10:48:15.0094 2372 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:48:15.0141 2372 gpsvc - ok
10:48:15.0141 2372 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:48:15.0141 2372 hcw85cir - ok
10:48:15.0219 2372 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:48:15.0234 2372 HDAudBus - ok
10:48:15.0234 2372 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:48:15.0250 2372 HidBatt - ok
10:48:15.0266 2372 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:48:15.0266 2372 HidBth - ok
10:48:15.0281 2372 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:48:15.0281 2372 HidIr - ok
10:48:15.0297 2372 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
10:48:15.0312 2372 hidserv - ok
10:48:15.0344 2372 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:48:15.0359 2372 HidUsb - ok
10:48:15.0453 2372 [ 5A457C3D00C1C701230A12AA1580114D ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
10:48:15.0453 2372 HiPatchService - ok
10:48:15.0484 2372 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:48:15.0515 2372 hkmsvc - ok
10:48:15.0562 2372 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:48:15.0593 2372 HomeGroupListener - ok
10:48:15.0624 2372 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:48:15.0624 2372 HomeGroupProvider - ok
10:48:15.0640 2372 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:48:15.0656 2372 HpSAMD - ok
10:48:15.0734 2372 [ D4F91CF4DE215D6F14A06087D46725E4 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
10:48:15.0843 2372 HPSLPSVC - ok
10:48:15.0890 2372 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:48:15.0921 2372 HTTP - ok
10:48:15.0952 2372 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:48:15.0952 2372 hwpolicy - ok
10:48:15.0983 2372 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:48:15.0999 2372 i8042prt - ok
10:48:16.0014 2372 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
10:48:16.0014 2372 iaStor - ok
10:48:16.0092 2372 [ B25F192EA1F84A316EB7C19EFCCCF33D ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
10:48:16.0108 2372 IAStorDataMgrSvc - ok
10:48:16.0170 2372 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:48:16.0202 2372 iaStorV - ok
10:48:16.0280 2372 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
10:48:16.0311 2372 IDriverT - ok
10:48:16.0358 2372 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:48:16.0389 2372 idsvc - ok
10:48:16.0404 2372 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:48:16.0420 2372 iirsp - ok
10:48:16.0482 2372 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:48:16.0482 2372 IKEEXT - ok
10:48:16.0529 2372 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
10:48:16.0560 2372 Impcd - ok
10:48:16.0638 2372 [ 235362D403D9D677514649D88DB31914 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:48:16.0670 2372 IntcAzAudAddService - ok
10:48:16.0716 2372 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
10:48:16.0716 2372 IntcDAud - ok
10:48:16.0732 2372 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:48:16.0748 2372 intelide - ok
10:48:16.0748 2372 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:48:16.0748 2372 intelppm - ok
10:48:16.0779 2372 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:48:16.0794 2372 IPBusEnum - ok
10:48:16.0826 2372 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:48:16.0841 2372 IpFilterDriver - ok
10:48:16.0919 2372 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:48:16.0919 2372 iphlpsvc - ok
10:48:16.0935 2372 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:48:16.0935 2372 IPMIDRV - ok
10:48:16.0950 2372 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:48:16.0950 2372 IPNAT - ok
10:48:17.0013 2372 [ EE4C2A137C7088911A8919EFFC9812E7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:48:17.0028 2372 iPod Service - ok
10:48:17.0044 2372 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:48:17.0044 2372 IRENUM - ok
10:48:17.0060 2372 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:48:17.0075 2372 isapnp - ok
10:48:17.0091 2372 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:48:17.0106 2372 iScsiPrt - ok
10:48:17.0169 2372 [ 12E27942DBB7C91880163634B0D8A776 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
10:48:17.0184 2372 k57nd60a - ok
10:48:17.0200 2372 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:48:17.0216 2372 kbdclass - ok
10:48:17.0231 2372 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:48:17.0247 2372 kbdhid - ok
10:48:17.0262 2372 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:48:17.0262 2372 KeyIso - ok
10:48:17.0294 2372 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:48:17.0294 2372 KSecDD - ok
10:48:17.0325 2372 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:48:17.0325 2372 KSecPkg - ok
10:48:17.0340 2372 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:48:17.0340 2372 ksthunk - ok
10:48:17.0372 2372 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:48:17.0387 2372 KtmRm - ok
10:48:17.0434 2372 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
10:48:17.0465 2372 LanmanServer - ok
10:48:17.0528 2372 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:48:17.0543 2372 LanmanWorkstation - ok
10:48:17.0590 2372 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:48:17.0606 2372 lltdio - ok
10:48:17.0621 2372 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:48:17.0652 2372 lltdsvc - ok
10:48:17.0699 2372 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:48:17.0715 2372 lmhosts - ok
10:48:17.0746 2372 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:48:17.0762 2372 LSI_FC - ok
10:48:17.0777 2372 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:48:17.0793 2372 LSI_SAS - ok
10:48:17.0808 2372 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:48:17.0824 2372 LSI_SAS2 - ok
10:48:17.0840 2372 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:48:17.0855 2372 LSI_SCSI - ok
10:48:17.0871 2372 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:48:17.0886 2372 luafv - ok
10:48:17.0949 2372 [ 1F02B554DDC4086D786537A3BF6488F1 ] lxecCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe
10:48:17.0964 2372 lxecCATSCustConnectService - ok
10:48:17.0996 2372 lxec_device - ok
10:48:18.0042 2372 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
10:48:18.0058 2372 mcdbus - ok
10:48:18.0089 2372 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:48:18.0105 2372 Mcx2Svc - ok
10:48:18.0105 2372 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:48:18.0120 2372 megasas - ok
10:48:18.0136 2372 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:48:18.0152 2372 MegaSR - ok
10:48:18.0198 2372 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
10:48:18.0214 2372 MEIx64 - ok
10:48:18.0245 2372 Microsoft SharePoint Workspace Audit Service - ok
10:48:18.0245 2372 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:48:18.0261 2372 MMCSS - ok
10:48:18.0261 2372 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:48:18.0276 2372 Modem - ok
10:48:18.0276 2372 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:48:18.0292 2372 monitor - ok
10:48:18.0339 2372 [ FC44AD48746FFA5FD640EF1260AB5EC2 ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
10:48:18.0370 2372 MotioninJoyXFilter - ok
10:48:18.0401 2372 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:48:18.0417 2372 mouclass - ok
10:48:18.0448 2372 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:48:18.0448 2372 mouhid - ok
10:48:18.0495 2372 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:48:18.0495 2372 mountmgr - ok
10:48:18.0542 2372 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
10:48:18.0542 2372 MpFilter - ok
10:48:18.0588 2372 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:48:18.0588 2372 mpio - ok
10:48:18.0604 2372 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:48:18.0620 2372 mpsdrv - ok
10:48:18.0682 2372 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:48:18.0729 2372 MpsSvc - ok
10:48:18.0744 2372 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:48:18.0776 2372 MRxDAV - ok
10:48:18.0807 2372 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:48:18.0838 2372 mrxsmb - ok
10:48:18.0869 2372 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:48:18.0885 2372 mrxsmb10 - ok
10:48:18.0900 2372 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:48:18.0916 2372 mrxsmb20 - ok
10:48:18.0932 2372 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:48:18.0947 2372 msahci - ok
10:48:19.0010 2372 [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
10:48:19.0010 2372 MSCamSvc - ok
10:48:19.0056 2372 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:48:19.0072 2372 msdsm - ok
10:48:19.0088 2372 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:48:19.0119 2372 MSDTC - ok
10:48:19.0134 2372 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:48:19.0150 2372 Msfs - ok
10:48:19.0181 2372 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:48:19.0197 2372 mshidkmdf - ok
10:48:19.0259 2372 [ 55218F924E55FD2786ED40EDF4ED79C3 ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys
10:48:19.0275 2372 MSHUSBVideo - ok
10:48:19.0275 2372 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:48:19.0275 2372 msisadrv - ok
10:48:19.0306 2372 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:48:19.0337 2372 MSiSCSI - ok
10:48:19.0337 2372 msiserver - ok
10:48:19.0384 2372 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:48:19.0384 2372 MSKSSRV - ok
10:48:19.0446 2372 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:48:19.0446 2372 MsMpSvc - ok
10:48:19.0493 2372 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:48:19.0493 2372 MSPCLOCK - ok
10:48:19.0493 2372 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:48:19.0509 2372 MSPQM - ok
10:48:19.0556 2372 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:48:19.0556 2372 MsRPC - ok
10:48:19.0571 2372 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:48:19.0587 2372 mssmbios - ok
10:48:19.0696 2372 MSSQL$NR2007 - ok
10:48:19.0790 2372 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
10:48:19.0805 2372 MSSQLServerADHelper - ok
10:48:19.0821 2372 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:48:19.0821 2372 MSTEE - ok
10:48:19.0836 2372 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:48:19.0836 2372 MTConfig - ok
10:48:19.0852 2372 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:48:19.0852 2372 Mup - ok
10:48:19.0899 2372 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:48:19.0930 2372 napagent - ok
10:48:19.0961 2372 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:48:19.0992 2372 NativeWifiP - ok
10:48:20.0055 2372 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
10:48:20.0055 2372 NDIS - ok
10:48:20.0102 2372 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ]

 

[JuiceBox]

TDSS part 2:
NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:48:20.0117 2372 NdisCap - ok
10:48:20.0117 2372 NdisCap - ok
10:48:20.0148 2372 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:48:20.0164 2372 NdisTapi - ok
10:48:20.0226 2372 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:48:20.0226 2372 Ndisuio - ok
10:48:20.0258 2372 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:48:20.0289 2372 NdisWan - ok
10:48:20.0320 2372 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:48:20.0336 2372 NDProxy - ok
10:48:20.0414 2372 [ 22DEAB64123609EBE33F51CB2778B13D ] NeatWorksDatabaseController C:\Program Files (x86)\NeatWorks\exec\NeatWorksDatabaseController.exe
10:48:20.0414 2372 NeatWorksDatabaseController - ok
10:48:20.0476 2372 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
10:48:20.0476 2372 Net Driver HPZ12 - ok
10:48:20.0523 2372 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:48:20.0523 2372 NetBIOS - ok
10:48:20.0570 2372 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:48:20.0585 2372 NetBT - ok
10:48:20.0601 2372 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:48:20.0601 2372 Netlogon - ok
10:48:20.0648 2372 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:48:20.0663 2372 Netman - ok
10:48:20.0694 2372 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:48:20.0694 2372 netprofm - ok
10:48:20.0710 2372 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:48:20.0741 2372 NetTcpPortSharing - ok
10:48:20.0788 2372 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:48:20.0788 2372 nfrd960 - ok
10:48:20.0850 2372 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:48:20.0866 2372 NisDrv - ok
10:48:20.0913 2372 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
10:48:20.0944 2372 NisSrv - ok
10:48:21.0006 2372 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:48:21.0006 2372 NlaSvc - ok
10:48:21.0022 2372 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:48:21.0038 2372 Npfs - ok
10:48:21.0038 2372 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:48:21.0053 2372 nsi - ok
10:48:21.0053 2372 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:48:21.0053 2372 nsiproxy - ok
10:48:21.0116 2372 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:48:21.0116 2372 Ntfs - ok
10:48:21.0131 2372 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:48:21.0147 2372 Null - ok
10:48:21.0194 2372 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:48:21.0209 2372 nvraid - ok
10:48:21.0256 2372 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:48:21.0272 2372 nvstor - ok
10:48:21.0303 2372 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:48:21.0334 2372 nv_agp - ok
10:48:21.0365 2372 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:48:21.0381 2372 ohci1394 - ok
10:48:21.0459 2372 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:48:21.0506 2372 ose64 - ok
10:48:21.0615 2372 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:48:21.0880 2372 osppsvc - ok
10:48:21.0896 2372 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:48:21.0927 2372 p2pimsvc - ok
10:48:21.0942 2372 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:48:21.0974 2372 p2psvc - ok
10:48:21.0989 2372 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:48:21.0989 2372 Parport - ok
10:48:22.0036 2372 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:48:22.0036 2372 partmgr - ok
10:48:22.0052 2372 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:48:22.0052 2372 PcaSvc - ok
10:48:22.0067 2372 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:48:22.0067 2372 pci - ok
10:48:22.0067 2372 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:48:22.0083 2372 pciide - ok
10:48:22.0098 2372 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:48:22.0098 2372 pcmcia - ok
10:48:22.0114 2372 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:48:22.0114 2372 pcw - ok
10:48:22.0130 2372 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:48:22.0145 2372 PEAUTH - ok
10:48:22.0239 2372 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:48:22.0254 2372 PerfHost - ok
10:48:22.0301 2372 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:48:22.0348 2372 pla - ok
10:48:22.0395 2372 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:48:22.0426 2372 PlugPlay - ok
10:48:22.0488 2372 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
10:48:22.0488 2372 Pml Driver HPZ12 - ok
10:48:22.0504 2372 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:48:22.0535 2372 PNRPAutoReg - ok
10:48:22.0551 2372 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:48:22.0566 2372 PNRPsvc - ok
10:48:22.0582 2372 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:48:22.0598 2372 PolicyAgent - ok
10:48:22.0629 2372 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:48:22.0644 2372 Power - ok
10:48:22.0691 2372 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:48:22.0691 2372 PptpMiniport - ok
10:48:22.0707 2372 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:48:22.0722 2372 Processor - ok
10:48:22.0754 2372 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:48:22.0785 2372 ProfSvc - ok
10:48:22.0785 2372 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:48:22.0785 2372 ProtectedStorage - ok
10:48:22.0847 2372 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:48:22.0863 2372 Psched - ok
10:48:22.0925 2372 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
10:48:22.0925 2372 PxHlpa64 - ok
10:48:23.0003 2372 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:48:23.0034 2372 ql2300 - ok
10:48:23.0050 2372 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:48:23.0081 2372 ql40xx - ok
10:48:23.0097 2372 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:48:23.0112 2372 QWAVE - ok
10:48:23.0128 2372 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:48:23.0128 2372 QWAVEdrv - ok
10:48:23.0144 2372 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:48:23.0144 2372 RasAcd - ok
10:48:23.0159 2372 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:48:23.0159 2372 RasAgileVpn - ok
10:48:23.0159 2372 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:48:23.0175 2372 RasAuto - ok
10:48:23.0206 2372 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:48:23.0222 2372 Rasl2tp - ok
10:48:23.0284 2372 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:48:23.0300 2372 RasMan - ok
10:48:23.0315 2372 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:48:23.0331 2372 RasPppoe - ok
10:48:23.0346 2372 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:48:23.0362 2372 RasSstp - ok
10:48:23.0378 2372 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:48:23.0409 2372 rdbss - ok
10:48:23.0424 2372 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:48:23.0424 2372 rdpbus - ok
10:48:23.0440 2372 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:48:23.0440 2372 RDPCDD - ok
10:48:23.0487 2372 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:48:23.0502 2372 RDPENCDD - ok
10:48:23.0502 2372 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:48:23.0518 2372 RDPREFMP - ok
10:48:23.0549 2372 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:48:23.0565 2372 RDPWD - ok
10:48:23.0612 2372 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:48:23.0612 2372 rdyboost - ok
10:48:23.0643 2372 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:48:23.0658 2372 RemoteAccess - ok
10:48:23.0674 2372 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:48:23.0690 2372 RemoteRegistry - ok
10:48:23.0783 2372 [ BDDC447AB46625A54619808575D5CB46 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
10:48:23.0799 2372 RoxMediaDB12OEM - ok
10:48:23.0830 2372 [ CE203243ADF512540249DF9C264F12DD ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
10:48:23.0877 2372 RoxWatch12 - ok
10:48:23.0892 2372 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:48:23.0892 2372 RpcEptMapper - ok
10:48:23.0924 2372 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:48:23.0924 2372 RpcLocator - ok
10:48:23.0970 2372 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:48:23.0970 2372 RpcSs - ok
10:48:23.0986 2372 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:48:24.0002 2372 rspndr - ok
10:48:24.0002 2372 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:48:24.0002 2372 SamSs - ok
10:48:24.0033 2372 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:48:24.0048 2372 sbp2port - ok
10:48:24.0064 2372 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:48:24.0095 2372 SCardSvr - ok
10:48:24.0111 2372 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:48:24.0126 2372 scfilter - ok
10:48:24.0173 2372 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:48:24.0220 2372 Schedule - ok
10:48:24.0251 2372 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:48:24.0251 2372 SCPolicySvc - ok
10:48:24.0282 2372 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:48:24.0329 2372 SDRSVC - ok
10:48:24.0360 2372 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:48:24.0360 2372 secdrv - ok
10:48:24.0376 2372 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:48:24.0376 2372 seclogon - ok
10:48:24.0392 2372 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
10:48:24.0423 2372 SENS - ok
10:48:24.0423 2372 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:48:24.0438 2372 SensrSvc - ok
10:48:24.0485 2372 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:48:24.0485 2372 Serenum - ok
10:48:24.0532 2372 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:48:24.0548 2372 Serial - ok
10:48:24.0594 2372 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:48:24.0610 2372 sermouse - ok
10:48:24.0626 2372 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:48:24.0641 2372 SessionEnv - ok
10:48:24.0672 2372 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:48:24.0688 2372 sffdisk - ok
10:48:24.0688 2372 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:48:24.0704 2372 sffp_mmc - ok
10:48:24.0704 2372 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:48:24.0704 2372 sffp_sd - ok
10:48:24.0719 2372 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:48:24.0719 2372 sfloppy - ok
10:48:24.0782 2372 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:48:24.0782 2372 SharedAccess - ok
10:48:24.0828 2372 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:48:24.0860 2372 ShellHWDetection - ok
10:48:24.0875 2372 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:48:24.0875 2372 SiSRaid2 - ok
10:48:24.0891 2372 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:48:24.0906 2372 SiSRaid4 - ok
10:48:24.0922 2372 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:48:24.0938 2372 Smb - ok
10:48:24.0984 2372 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:48:25.0000 2372 SNMPTRAP - ok
10:48:25.0000 2372 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:48:25.0000 2372 spldr - ok
10:48:25.0047 2372 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:48:25.0062 2372 Spooler - ok
10:48:25.0156 2372 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:48:25.0265 2372 sppsvc - ok
10:48:25.0281 2372 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:48:25.0281 2372 sppuinotify - ok
10:48:25.0343 2372 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
10:48:25.0343 2372 SQLBrowser - ok
10:48:25.0406 2372 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
10:48:25.0406 2372 SQLWriter - ok
10:48:25.0452 2372 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:48:25.0484 2372 srv - ok
10:48:25.0515 2372 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:48:25.0546 2372 srv2 - ok
10:48:25.0546 2372 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:48:25.0577 2372 srvnet - ok
10:48:25.0608 2372 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:48:25.0624 2372 SSDPSRV - ok
10:48:25.0624 2372 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:48:25.0624 2372 SstpSvc - ok
10:48:25.0686 2372 Steam Client Service - ok
10:48:25.0686 2372 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:48:25.0702 2372 stexstor - ok
10:48:25.0733 2372 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:48:25.0749 2372 stisvc - ok
10:48:25.0780 2372 [ 9E182DD94496550A22A392CC1A8E0F52 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
10:48:25.0811 2372 stllssvr - ok
10:48:25.0842 2372 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:48:25.0858 2372 swenum - ok
10:48:25.0983 2372 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
10:48:25.0983 2372 SwitchBoard - ok
10:48:25.0998 2372 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:48:26.0030 2372 swprv - ok
10:48:26.0092 2372 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:48:26.0123 2372 SysMain - ok
10:48:26.0170 2372 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:48:26.0186 2372 TabletInputService - ok
10:48:26.0217 2372 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:48:26.0232 2372 TapiSrv - ok
10:48:26.0248 2372 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:48:26.0264 2372 TBS - ok
10:48:26.0310 2372 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:48:26.0310 2372 Tcpip - ok
10:48:26.0373 2372 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:48:26.0388 2372 TCPIP6 - ok
10:48:26.0420 2372 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:48:26.0420 2372 tcpipreg - ok
10:48:26.0435 2372 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:48:26.0435 2372 TDPIPE - ok
10:48:26.0482 2372 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:48:26.0482 2372 TDTCP - ok
10:48:26.0513 2372 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:48:26.0529 2372 tdx - ok
10:48:26.0529 2372 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:48:26.0544 2372 TermDD - ok
10:48:26.0576 2372 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:48:26.0607 2372 TermService - ok
10:48:26.0622 2372 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:48:26.0638 2372 Themes - ok
10:48:26.0669 2372 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:48:26.0669 2372 THREADORDER - ok
10:48:26.0669 2372 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:48:26.0669 2372 TrkWks - ok
10:48:26.0732 2372 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:48:26.0763 2372 TrustedInstaller - ok
10:48:26.0794 2372 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:48:26.0794 2372 tssecsrv - ok
10:48:26.0872 2372 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:48:26.0888 2372 TsUsbFlt - ok
10:48:26.0934 2372 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:48:26.0950 2372 tunnel - ok
10:48:26.0966 2372 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:48:26.0966 2372 uagp35 - ok
10:48:26.0997 2372 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:48:27.0012 2372 udfs - ok
10:48:27.0028 2372 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:48:27.0059 2372 UI0Detect - ok
10:48:27.0090 2372 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:48:27.0106 2372 uliagpkx - ok
10:48:27.0137 2372 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
10:48:27.0153 2372 umbus - ok
10:48:27.0184 2372 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:48:27.0200 2372 UmPass - ok
10:48:27.0215 2372 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:48:27.0215 2372 upnphost - ok
10:48:27.0278 2372 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
10:48:27.0293 2372 USBAAPL64 - ok
10:48:27.0356 2372 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:48:27.0371 2372 usbaudio - ok
10:48:27.0418 2372 [ 5FCC71487888589A9244AF54CFEFAB29 ] usbbus C:\Windows\system32\DRIVERS\lgx64bus.sys
10:48:27.0434 2372 usbbus - ok
10:48:27.0496 2372 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:48:27.0512 2372 usbccgp - ok
10:48:27.0543 2372 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:48:27.0558 2372 usbcir - ok
10:48:27.0605 2372 [ 3FB6E423F7567C92C32EA786F5FD0C69 ] UsbDiag C:\Windows\system32\DRIVERS\lgx64diag.sys
10:48:27.0621 2372 UsbDiag - ok
10:48:27.0636 2372 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
10:48:27.0652 2372 usbehci - ok
10:48:27.0668 2372 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:48:27.0683 2372 usbhub - ok
10:48:27.0730 2372 [ 78D551F5B93488B4666F5FC8DD4815F3 ] USBModem C:\Windows\system32\DRIVERS\lgx64modem.sys
10:48:27.0746 2372 USBModem - ok
10:48:27.0761 2372 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:48:27.0777 2372 usbohci - ok
10:48:27.0792 2372 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:48:27.0792 2372 usbprint - ok
10:48:27.0824 2372 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:48:27.0839 2372 usbscan - ok
10:48:27.0855 2372 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:48:27.0870 2372 USBSTOR - ok
10:48:27.0902 2372 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:48:27.0902 2372 usbuhci - ok
10:48:27.0948 2372 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
10:48:27.0964 2372 usbvideo - ok
10:48:27.0980 2372 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:48:27.0995 2372 UxSms - ok
10:48:28.0011 2372 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:48:28.0011 2372 VaultSvc - ok
10:48:28.0073 2372 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:48:28.0073 2372 vdrvroot - ok
10:48:28.0089 2372 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:48:28.0120 2372 vds - ok
10:48:28.0136 2372 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:48:28.0151 2372 vga - ok
10:48:28.0151 2372 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:48:28.0167 2372 VgaSave - ok
10:48:28.0182 2372 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:48:28.0198 2372 vhdmp - ok
10:48:28.0229 2372 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:48:28.0229 2372 viaide - ok
10:48:28.0245 2372 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:48:28.0245 2372 volmgr - ok
10:48:28.0276 2372 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:48:28.0276 2372 volmgrx - ok
10:48:28.0292 2372 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:48:28.0292 2372 volsnap - ok
10:48:28.0338 2372 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:48:28.0354 2372 vsmraid - ok
10:48:28.0416 2372 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:48:28.0448 2372 VSS - ok
10:48:28.0463 2372 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
10:48:28.0463 2372 vwifibus - ok
10:48:28.0526 2372 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:48:28.0557 2372 W32Time - ok
10:48:28.0572 2372 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:48:28.0588 2372 WacomPen - ok
10:48:28.0635 2372 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:48:28.0650 2372 WANARP - ok
10:48:28.0682 2372 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:48:28.0682 2372 Wanarpv6 - ok
10:48:28.0744 2372 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:48:28.0900 2372 WatAdminSvc - ok
10:48:28.0947 2372 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:48:28.0994 2372 wbengine - ok
10:48:29.0009 2372 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:48:29.0025 2372 WbioSrvc - ok
10:48:29.0056 2372 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:48:29.0087 2372 wcncsvc - ok
10:48:29.0087 2372 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:48:29.0103 2372 WcsPlugInService - ok
10:48:29.0118 2372 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:48:29.0118 2372 Wd - ok
10:48:29.0259 2372 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:48:29.0259 2372 Wdf01000 - ok
10:48:29.0274 2372 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:48:29.0274 2372 WdiServiceHost - ok
10:48:29.0290 2372 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:48:29.0290 2372 WdiSystemHost - ok
10:48:29.0352 2372 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:48:29.0384 2372 WebClient - ok
10:48:29.0384 2372 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:48:29.0399 2372 Wecsvc - ok
10:48:29.0399 2372 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:48:29.0415 2372 wercplsupport - ok
10:48:29.0477 2372 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:48:29.0477 2372 WerSvc - ok
10:48:29.0493 2372 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:48:29.0508 2372 WfpLwf - ok
10:48:29.0540 2372 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:48:29.0555 2372 WIMMount - ok
10:48:29.0602 2372 WinDefend - ok
10:48:29.0602 2372 WinHttpAutoProxySvc - ok
10:48:29.0633 2372 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:48:29.0649 2372 Winmgmt - ok
10:48:30.0054 2372 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:48:30.0132 2372 WinRM - ok
10:48:30.0195 2372 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:48:30.0210 2372 WinUsb - ok
10:48:30.0242 2372 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:48:30.0288 2372 Wlansvc - ok
10:48:30.0351 2372 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:48:30.0382 2372 wlcrasvc - ok
10:48:30.0678 2372 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:48:30.0694 2372 wlidsvc - ok
10:48:30.0756 2372 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:48:30.0756 2372 WmiAcpi - ok
10:48:30.0772 2372 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:48:30.0803 2372 wmiApSrv - ok
10:48:30.0819 2372 WMPNetworkSvc - ok
10:48:30.0850 2372 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:48:30.0866 2372 WPCSvc - ok
10:48:30.0897 2372 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:48:30.0897 2372 WPDBusEnum - ok
10:48:30.0912 2372 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:48:30.0928 2372 ws2ifsl - ok
10:48:30.0944 2372 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
10:48:30.0975 2372 wscsvc - ok
10:48:30.0975 2372 WSearch - ok
10:48:31.0037 2372 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:48:31.0162 2372 wuauserv - ok
10:48:31.0162 2372 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:48:31.0178 2372 WudfPf - ok
10:48:31.0209 2372 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:48:31.0209 2372 WUDFRd - ok
10:48:31.0256 2372 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:48:31.0271 2372 wudfsvc - ok
10:48:31.0287 2372 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:48:31.0318 2372 WwanSvc - ok
10:48:31.0349 2372 [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
10:48:31.0365 2372 xusb21 - ok
10:48:31.0412 2372 ================ Scan global ===============================
10:48:31.0443 2372 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:48:31.0490 2372 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
10:48:31.0536 2372 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
10:48:31.0568 2372 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:48:31.0614 2372 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:48:31.0646 2372 [Global] - ok
10:48:31.0646 2372 ================ Scan MBR ==================================
10:48:31.0677 2372 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
10:48:31.0864 2372 \Device\Harddisk0\DR0 - ok
10:48:31.0880 2372 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk5\DR5
10:48:31.0880 2372 \Device\Harddisk5\DR5 - ok
10:48:31.0880 2372 ================ Scan VBR ==================================
10:48:31.0895 2372 [ 51D66E4FD31D6BB2F8898332670A9DC5 ] \Device\Harddisk0\DR0\Partition1
10:48:31.0895 2372 \Device\Harddisk0\DR0\Partition1 - ok
10:48:31.0911 2372 [ 98508E1081DC31DC3187902584C09753 ] \Device\Harddisk0\DR0\Partition2
10:48:31.0911 2372 \Device\Harddisk0\DR0\Partition2 - ok
10:48:31.0926 2372 [ BCBCA9C7018D76DC3E1DB5E6CEA978BA ] \Device\Harddisk5\DR5\Partition1
10:48:31.0926 2372 \Device\Harddisk5\DR5\Partition1 - ok
10:48:31.0926 2372 ============================================================
10:48:31.0926 2372 Scan finished
10:48:31.0926 2372 ============================================================
10:48:31.0926 4928 Detected object count: 0
10:48:31.0926 4928 Actual detected object count: 0

 

[JuiceBox]

And here's the 1st part of the Rouge killer scans:
RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Landie [Admin rights]
Mode : Scan -- Date : 09/22/2012 10:51:36
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 63 ¤¤¤
[RUN][BLACKLIST DLL] HKLM\[...]\Run : RunDLLEntry_THXCfg (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64) -> FOUND
[RUN][BLACKLIST DLL] HKLM\[...]\Run : RunDLLEntry_EptMon (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64) -> FOUND
[TASK][SUSP PATH] {11B17C39-E864-40E0-B457-30CFB16F0B27} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {12C39DC7-1D80-4C7F-8483-2843928CBB10} : C:\Users\Landie\Desktop\stuff\Humble\psychonautspc-release\psychonauts\Psychonauts.exe -> FOUND
[TASK][SUSP PATH] {1AABBA32-E98F-4666-A58E-3639DC5BAA6E} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {233B8962-9F25-4D8A-800E-0B2F1F601174} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {317F257E-6BBB-4A32-9A57-F4A2F37838CC} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {325375F5-DF07-4126-B59C-BC9B30B79EDE} : C:\Users\Landie\Desktop\stuff\Humble\psychonautspc-release\psychonauts\Psychonauts.exe -> FOUND
[TASK][SUSP PATH] {3D7127CE-44FC-4271-BEF9-5D45465E000B} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {48B2C45D-B48B-4D76-89FD-70EFC384177A} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {4A8EAD99-55C6-41DF-9783-6964127300C9} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {4BDF4606-58D0-420B-8882-375AA9CA4138} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {534CA46E-C663-4A40-AB37-F9CF67B2C083} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {61856820-A554-4768-934D-CF1A95900CFE} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {62727126-6667-4BEA-A590-3EC1FD1300C0} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {63130CFD-E280-49E9-83EA-B70E6CA8296B} : C:\Users\Landie\Desktop\stuff\Humble\psychonautspc-release\psychonauts\Psychonauts.exe -> FOUND
[TASK][SUSP PATH] {65E53FD2-BAC9-445E-8845-99DF50CB8B93} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {68C09F34-7B8A-4238-AF9B-43DEE927A5C4} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {6ABACD32-38BE-4D79-8914-16336D96344E} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {78C6C6AF-4592-423A-A622-18F0B641D79A} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {87BE53AB-92DD-4632-9A66-904A45919C62} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {896A61D8-C4A5-41C1-AA0E-910B5E621E08} : C:\Users\Landie\Desktop\stuff\Humble\psychonautspc-release\psychonauts\Psychonauts.exe -> FOUND
[TASK][SUSP PATH] {8983ED2C-C4ED-4C42-A5CD-165BA0507975} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {9913D03B-13E7-409F-8BE9-4D89CA378EB1} : C:\Users\Landie\Desktop\FretsOnFire-1.3.110-win32\Frets on Fire\FretsOnFire.exe -> FOUND
[TASK][SUSP PATH] {9F7FC2E8-A42B-475A-86FC-ED88D7607545} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {A0DF463F-3CFD-427B-8B16-C59D7F3F640A} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {AB683580-8521-426E-86EB-399B88D3B198} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {B12106E0-0807-4050-8BC4-15B3426A5598} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {B5579C40-7824-4585-9A25-4AB2229D2CB7} : C:\Users\Landie\Desktop\FretsOnFire-1.3.110-win32\Frets on Fire\FretsOnFire.exe -> FOUND
[TASK][SUSP PATH] {B8E390FC-BC20-48A8-A26C-CEC070671A45} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {BACE3DE7-007C-4178-B121-862BFEA64AA6} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {CB5A0A72-575C-4EE3-8D94-A05CA91F3D1E} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {D05CD870-ECC1-46AD-95C5-3A5FCEB02240} : C:\Users\Landie\Desktop\stuff\Humble\psychonautspc-release\psychonauts\Psychonauts.exe -> FOUND
[TASK][SUSP PATH] {D3F07206-74D4-47D1-AEA0-CF284D04D9B4} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {D7657120-48A8-46B0-BF38-7F149CEC2A4F} : C:\Users\Landie\Desktop\FretsOnFire-1.3.110-win32\Frets on Fire\FretsOnFire.exe -> FOUND
[TASK][SUSP PATH] {DC2BC2E8-1B03-49B7-9568-CAA9F596221B} : C:\Users\Landie\Desktop\FretsOnFire-1.3.110-win32\Frets on Fire\FretsOnFire.exe -> FOUND
[TASK][SUSP PATH] {E87124B3-D001-43D5-9B0E-A818AF90307E} : C:\Users\Landie\Desktop\vanpri107c\vanpri107c\ヴァンガードプリンセス\ヴァンガードプリンセス.exe -> FOUND
[TASK][SUSP PATH] {EB063E74-AA89-4510-A142-B4364396E0A0} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[TASK][SUSP PATH] {EE75B661-275E-469B-B547-CF12963F10D6} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD1001FAES-75W7A0 +++++
--- User ---
[MBR] 612493e7e28df08f2bbc5bca066d08a2
[BSP] 2443d7138d44605c205800f5c869ff21 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 12542 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25767936 | Size: 941272 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt

 

[JuiceBox]

And here's the 2nd part of the Rouge killer scans:
RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Landie [Admin rights]
Mode : Remove -- Date : 09/22/2012 10:52:21
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 60 ¤¤¤
[RUN][BLACKLIST DLL] HKLM\[...]\Run : RunDLLEntry_THXCfg (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64) -> DELETED
[RUN][BLACKLIST DLL] HKLM\[...]\Run : RunDLLEntry_EptMon (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64) -> DELETED
[TASK][SUSP PATH] {11B17C39-E864-40E0-B457-30CFB16F0B27} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {12C39DC7-1D80-4C7F-8483-2843928CBB10} : C:\Users\Landie\Desktop\stuff\Humble\psychonautspc-release\psychonauts\Psychonauts.exe -> DELETED
[TASK][SUSP PATH] {1AABBA32-E98F-4666-A58E-3639DC5BAA6E} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {233B8962-9F25-4D8A-800E-0B2F1F601174} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {317F257E-6BBB-4A32-9A57-F4A2F37838CC} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {325375F5-DF07-4126-B59C-BC9B30B79EDE} : C:\Users\Landie\Desktop\stuff\Humble\psychonautspc-release\psychonauts\Psychonauts.exe -> DELETED
[TASK][SUSP PATH] {3D7127CE-44FC-4271-BEF9-5D45465E000B} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {48B2C45D-B48B-4D76-89FD-70EFC384177A} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {4A8EAD99-55C6-41DF-9783-6964127300C9} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {4BDF4606-58D0-420B-8882-375AA9CA4138} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {534CA46E-C663-4A40-AB37-F9CF67B2C083} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {61856820-A554-4768-934D-CF1A95900CFE} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {62727126-6667-4BEA-A590-3EC1FD1300C0} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {63130CFD-E280-49E9-83EA-B70E6CA8296B} : C:\Users\Landie\Desktop\stuff\Humble\psychonautspc-release\psychonauts\Psychonauts.exe -> DELETED
[TASK][SUSP PATH] {65E53FD2-BAC9-445E-8845-99DF50CB8B93} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {68C09F34-7B8A-4238-AF9B-43DEE927A5C4} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {6ABACD32-38BE-4D79-8914-16336D96344E} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {78C6C6AF-4592-423A-A622-18F0B641D79A} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {87BE53AB-92DD-4632-9A66-904A45919C62} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {896A61D8-C4A5-41C1-AA0E-910B5E621E08} : C:\Users\Landie\Desktop\stuff\Humble\psychonautspc-release\psychonauts\Psychonauts.exe -> DELETED
[TASK][SUSP PATH] {8983ED2C-C4ED-4C42-A5CD-165BA0507975} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {9913D03B-13E7-409F-8BE9-4D89CA378EB1} : C:\Users\Landie\Desktop\FretsOnFire-1.3.110-win32\Frets on Fire\FretsOnFire.exe -> DELETED
[TASK][SUSP PATH] {9F7FC2E8-A42B-475A-86FC-ED88D7607545} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {A0DF463F-3CFD-427B-8B16-C59D7F3F640A} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {AB683580-8521-426E-86EB-399B88D3B198} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {B12106E0-0807-4050-8BC4-15B3426A5598} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {B5579C40-7824-4585-9A25-4AB2229D2CB7} : C:\Users\Landie\Desktop\FretsOnFire-1.3.110-win32\Frets on Fire\FretsOnFire.exe -> DELETED
[TASK][SUSP PATH] {B8E390FC-BC20-48A8-A26C-CEC070671A45} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {BACE3DE7-007C-4178-B121-862BFEA64AA6} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {CB5A0A72-575C-4EE3-8D94-A05CA91F3D1E} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {D05CD870-ECC1-46AD-95C5-3A5FCEB02240} : C:\Users\Landie\Desktop\stuff\Humble\psychonautspc-release\psychonauts\Psychonauts.exe -> DELETED
[TASK][SUSP PATH] {D3F07206-74D4-47D1-AEA0-CF284D04D9B4} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {D7657120-48A8-46B0-BF38-7F149CEC2A4F} : C:\Users\Landie\Desktop\FretsOnFire-1.3.110-win32\Frets on Fire\FretsOnFire.exe -> DELETED
[TASK][SUSP PATH] {DC2BC2E8-1B03-49B7-9568-CAA9F596221B} : C:\Users\Landie\Desktop\FretsOnFire-1.3.110-win32\Frets on Fire\FretsOnFire.exe -> DELETED
[TASK][SUSP PATH] {E87124B3-D001-43D5-9B0E-A818AF90307E} : C:\Users\Landie\Desktop\vanpri107c\vanpri107c\ヴァンガードプリンセス\ヴァンガードプリンセス.exe -> DELETED
[TASK][SUSP PATH] {EB063E74-AA89-4510-A142-B4364396E0A0} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[TASK][SUSP PATH] {EE75B661-275E-469B-B547-CF12963F10D6} : C:\Users\Landie\Desktop\omf21cd\INSTALL.EXE -> DELETED
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD1001FAES-75W7A0 +++++
--- User ---
[MBR] 612493e7e28df08f2bbc5bca066d08a2
[BSP] 2443d7138d44605c205800f5c869ff21 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 12542 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25767936 | Size: 941272 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

 

[JuiceBox]

And here's the Malwarebytes log:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.22.05
Windows 7 Service Pack 1 x64 FAT32
Internet Explorer 9.0.8112.16421
Landie :: NEWDELL [administrator]
22/09/2012 11:04:01 AM
mbam-log-2012-09-22 (11-04-01).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 490459
Time elapsed: 1 hour(s), 24 minute(s), 1 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\FRST\Quarantine\ApNnQdomYXNfVQU.exe (Backdoor.Agent.RCGen) -> Quarantined and deleted successfully.
(end)

 

[JuiceBox]

And here's the aswMBR Stuff:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-22 12:35:48
-----------------------------
12:35:48.452 OS Version: Windows x64 6.1.7601 Service Pack 1
12:35:48.452 Number of processors: 8 586 0x2A07
12:35:48.452 ComputerName: NEWDELL UserName: Landie
12:35:49.856 Initialize success
12:36:41.368 AVAST engine defs: 12092200
12:37:11.164 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:37:11.164 Disk 0 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 3
12:37:11.179 Disk 0 MBR read successfully
12:37:11.179 Disk 0 MBR scan
12:37:11.210 Disk 0 Windows VISTA default MBR code
12:37:11.210 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
12:37:11.242 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12542 MB offset 81920
12:37:11.288 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 941272 MB offset 25767936
12:37:11.335 Disk 0 scanning C:\Windows\system32\drivers
12:37:24.112 Service scanning
12:37:53.533 Modules scanning
12:37:53.533 Disk 0 trace - called modules:
12:37:53.549 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:37:54.064 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800934e790]
12:37:54.064 3 CLASSPNP.SYS[fffff88001bac43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007897050]
12:37:55.624 AVAST engine scan C:\Windows
12:38:02.503 AVAST engine scan C:\Windows\system32
12:43:42.802 AVAST engine scan C:\Windows\system32\drivers
12:44:12.006 AVAST engine scan C:\Users\Landie
12:58:25.222 AVAST engine scan C:\ProgramData
13:02:00.643 Scan finished successfully
14:17:20.972 Disk 0 MBR has been saved successfully to "J:\MBR.dat"
14:17:20.988 The log file has been saved successfully to "J:\aswMBR.txt"

 

[Broni]

Good

Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

=====================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If restarting doesn't help use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[JuiceBox]

Okay, here's the combofix log:
ComboFix 12-09-24.02 - Landie 24/09/2012 16:39:52.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8175.6559 [GMT -7:00]
Running from: J:\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Outdated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Outdated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\202BF8F35A.sys
c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-24 to 2012-09-24 )))))))))))))))))))))))))))))))
.
.
2074-05-19 01:44 . 2008-03-21 22:46 607296 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll
2012-09-24 23:43 . 2012-09-24 23:43 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-24 23:43 . 2012-09-24 23:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-22 17:59 . 2012-09-22 17:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-22 17:59 . 2012-09-08 00:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-22 03:33 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE9F0886-53D6-4ED2-9BF8-03F2B346FCD6}\mpengine.dll
2012-09-13 23:22 . 2012-09-13 23:22 -------- d-----w- C:\found.001
2012-09-08 19:34 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 05:02 . 2011-03-29 18:06 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-03 03:15 . 2011-07-21 21:15 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-08-03 03:14 . 2011-07-21 21:15 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-08-03 03:14 . 2011-07-21 21:15 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-08-03 03:14 . 2011-07-21 21:15 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-07-18 18:15 . 2012-08-15 22:28 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 18:19 . 2011-07-04 03:29 848 --sha-w- c:\programdata\KGyGaAvL.sys
2012-07-04 22:16 . 2012-08-15 22:28 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 22:28 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 22:28 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 22:28 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-06-29 18:48 . 2012-07-03 15:22 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-29 18:48 . 2012-07-03 15:22 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8CC0318F-C061-4728-B871-9AF05DE98031}\gapaengine.dll
2012-06-29 04:55 . 2012-08-16 05:04 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-06-29 04:09 . 2012-08-16 05:04 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-06-29 03:56 . 2012-08-16 05:04 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 03:49 . 2012-08-16 05:04 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-29 03:49 . 2012-08-16 05:04 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 03:48 . 2012-08-16 05:04 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 03:47 . 2012-08-16 05:04 237056 ----a-w- c:\windows\system32\url.dll
2012-06-29 03:45 . 2012-08-16 05:04 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-29 03:44 . 2012-08-16 05:04 816640 ----a-w- c:\windows\system32\jscript.dll
2012-06-29 03:43 . 2012-08-16 05:04 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 03:42 . 2012-08-16 05:04 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-29 03:40 . 2012-08-16 05:04 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-29 03:39 . 2012-08-16 05:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-29 03:35 . 2012-08-16 05:04 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-29 00:16 . 2012-08-16 05:04 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-16 05:04 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-16 05:04 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-16 05:04 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-16 05:04 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-04 1353080]
"DS3 Tool"="c:\program files\MotioninJoy\ds3\DS3_Tool.exe" [2011-01-01 110352]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-17 98304]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-09-04 240112]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"Lexmark Pro800-Pro900 Series"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\fm3032.exe" [2009-10-01 316072]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-17 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-09-03 518640]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
.
c:\users\Landie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-2-27 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [2010-04-14 45736]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-09-04 219632]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [2007-03-28 1021440]
R3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\DRIVERS\athrxu6.sys [2007-07-05 1041920]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-01-01 97040]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-01-29 36720]
R3 MSSQL$NR2007;SQL Server (NR2007);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-11 29293408]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-09-04 1116656]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-27 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-18 203264]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-04-05 8704]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe [2010-04-14 1052328]
S2 NeatWorksDatabaseController;NeatWorks Database Controller;c:\program files (x86)\NeatWorks\exec\NeatWorksDatabaseController.exe [2008-12-23 351352]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-18 6853632]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-18 263680]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-06-08 406056]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-22 56344]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2344966874-3736381344-1801091321-1000Core.job
- c:\users\Landie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-22 22:29]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2344966874-3736381344-1801091321-1000UA.job
- c:\users\Landie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-22 22:29]
.
2012-06-22 c:\windows\Tasks\SidebarExecute.job
- c:\program files\Windows Sidebar\sidebar.exe [2011-07-08 13:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-23 10920552]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
"EzPrint"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" [2011-01-24 148280]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
"lxecmon.exe"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2011-01-24 770728]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{01BACE2F-DB10-425E-87C5-2477C46B5374}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.4.4
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
.
**************************************************************************
.
Completion time: 2012-09-24 16:50:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-24 23:50
.
Pre-Run: 726,496,575,488 bytes free
Post-Run: 726,715,781,120 bytes free
.
- - End Of File - - 8FB129F95EC243DA1C80D0D7A84FB77E

 

[JuiceBox]

And I ran Rkill just because I could. Here's the log:
Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 09/24/2012 04:53:29 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 09/24/2012 04:53:38 PM
Execution time: 0 hours(s), 0 minute(s), and 9 seconds(s)

 

[Broni]

Looks good

Any current issues?

=====================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.