Inactive (yet another) google redirect hijack case, foul play suspected

[rvee]

Hi,

I've had a go at resolving this myself but without success. Having looked around a few sites, you lovely people look to be extremely helpful and polite so I was hoping you could offer some assistance.

Symptoms: Google searches in IE9 and Firefox4 get normal results, but clicking any of the results gets redirected. Windows Firewall disabled and unable to start. Scans in Avast, Spybot S&D, ESET online all negative. Found a suspect reg entry but unable to delete it. The machine is a new laptop for web dev with a ton of software just installed so I'm loathe to reinstall without attempting a cleanup first.

So to business. Here are the logs:

MalwareBytes:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6705

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

03/06/2011 18:27:18
mbam-log-2011-06-03 (18-27-18).txt

Scan type: Quick scan
Objects scanned: 189745
Time elapsed: 3 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




GMER:


GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-03 18:31:26
Windows 6.1.7601 Service Pack 1
Running: r625u0sh.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc77370a60e4
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc77370a60e4 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

DS.txt:

.
DDS (Ver_2011-06-03.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Harv at 17:42:45 on 2011-06-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8106.5893 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Fast Access\FATrayMon.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Fast Access\FATrayAlert.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\EditPlus 3\editplus.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Users\Harv\Downloads\r625u0sh.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - C:\Program Files (x86)\Fast Access\FAIESSO.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [FATrayAlert] C:\Program Files (x86)\Fast Access\FATrayMon.exe
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [FAStartup]
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: mswsock.dll
LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll
TCP: Interfaces\{46456BFF-F1C6-493B-9BA7-CF0BE2077C29}\244584F6D65684572623D2841627675697 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{46456BFF-F1C6-493B-9BA7-CF0BE2077C29}\55E637563657275646 : DhcpNameServer = 10.203.65.68 10.203.65.68 8.8.8.8
TCP: Interfaces\{46456BFF-F1C6-493B-9BA7-CF0BE2077C29}\759664162747 : DhcpNameServer = 10.203.65.68 10.203.65.68 8.8.8.8
TCP: Interfaces\{46456BFF-F1C6-493B-9BA7-CF0BE2077C29}\F42377962756C656373713233343536373 : DhcpNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: FastAccess - C:\Program Files (x86)\Fast Access\FALogNot.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Fast Access\FAIESSO.dll
BHO-X64: FAIESSO Helper Object - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [FATrayAlert] C:\Program Files (x86)\Fast Access\FATrayMon.exe
mRun-x64: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [FAStartup]
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Harv\AppData\Roaming\Mozilla\Firefox\Profiles\5w2695nz.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-4-20 98208]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-6-3 42184]
R2 FAService;FAService;C:\Program Files (x86)\Fast Access\FAService.exe [2010-4-4 2409800]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-5-7 2218600]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-4-7 378472]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-3-25 539248]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-20 136176]
S3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;C:\Windows\system32\DRIVERS\athrxu6.sys --> C:\Windows\system32\DRIVERS\athrxu6.sys [?]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-06-03 14:16:32 -------- d-----w- C:\Program Files (x86)\ESET
2011-06-03 12:06:54 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-03 12:06:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-06-03 11:49:49 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-06-03 11:49:49 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-06-03 11:49:42 40112 ----a-w- C:\Windows\avastSS.scr
2011-06-03 11:49:38 -------- d-----w- C:\ProgramData\AVAST Software
2011-06-03 11:49:38 -------- d-----w- C:\Program Files\AVAST Software
2011-06-03 11:48:08 -------- d-sh--w- C:\$RECYCLE.BIN
2011-06-03 11:27:36 8802128 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-06-03 11:27:34 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6CDBAEBB-A408-4547-846C-4EB2DDFA924B}\mpengine.dll
2011-05-31 01:04:43 35712 ----a-w- C:\Windows\SysWow64\drivers\new.sys
2011-05-31 01:03:49 35712 ----a-w- C:\Windows\SysWow64\drivers\BlackBox.sys
2011-05-30 23:42:37 -------- d-----w- C:\Users\Harv\AppData\Roaming\Malwarebytes
2011-05-30 23:42:32 -------- d-----w- C:\ProgramData\Malwarebytes
2011-05-30 23:42:29 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-30 15:07:36 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-05-30 15:07:22 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2011-05-26 22:45:51 -------- d-----w- C:\Program Files\CCleaner
2011-05-24 22:09:05 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-05-24 00:37:56 -------- d-----w- C:\Program Files (x86)\Common Files\Nikon
2011-05-24 00:37:55 -------- d-----w- C:\Program Files (x86)\Nikon
2011-05-20 22:34:59 -------- d-----w- C:\ProgramData\Skype Extras
2011-05-20 22:33:51 -------- d-----r- C:\Program Files (x86)\Skype
2011-05-20 19:10:56 -------- d-----w- C:\Program Files (x86)\Logitech Touch Mouse Server
2011-05-19 21:14:22 -------- d-----w- C:\Program Files\PowerPlanAssistant
2011-05-16 22:31:59 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
2011-05-16 22:27:16 -------- d--h--w- C:\Windows\msdownld.tmp
2011-05-16 22:27:04 -------- d-----w- C:\Windows\SysWow64\directx
2011-05-16 22:24:09 -------- d-----w- C:\Users\Harv\AppData\Local\FalloutNV
2011-05-16 22:16:22 -------- d-----w- C:\Program Files (x86)\Fallout New Vegas
2011-05-15 21:33:54 -------- d-----w- C:\Program Files\iPod
2011-05-15 21:33:52 -------- d-----w- C:\Program Files\iTunes
2011-05-15 21:33:52 -------- d-----w- C:\Program Files (x86)\iTunes
2011-05-15 21:23:49 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-05-15 21:23:49 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-05-15 21:23:49 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-05-15 20:30:04 -------- d-----w- C:\Users\Harv\AppData\Local\Apple Computer
2011-05-15 20:29:23 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-05-15 20:29:01 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-05-15 20:29:01 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-05-15 20:29:01 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-05-15 20:29:01 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-05-15 20:29:01 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-05-15 20:29:01 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-05-15 20:29:01 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-05-15 20:28:12 -------- d-----w- C:\Users\Harv\AppData\Local\Apple
2011-05-15 20:27:37 -------- d-----w- C:\Program Files\Bonjour
2011-05-15 20:27:37 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-05-15 13:47:42 -------- d-----w- C:\Users\Harv\AppData\Local\{DE2B8C94-F699-4A5A-B289-42E8DE420D62}
2011-05-15 13:47:42 -------- d-----w- C:\Users\Harv\AppData\Local\{95BDD6BE-1F5D-41D1-B64F-6CACE13A0CA3}
2011-05-15 13:47:28 -------- d-----w- C:\Users\Harv\AppData\Local\Windows Live Writer
2011-05-13 15:21:42 -------- d-----w- C:\Users\Harv\AppData\Local\ElevatedDiagnostics
2011-05-12 19:18:25 -------- d-----w- C:\Users\Harv\AppData\Local\Mozilla
2011-05-12 18:51:39 -------- d-----w- C:\Users\Harv\AppData\Local\VMware
2011-05-12 18:20:37 81008 ----a-w- C:\Windows\System32\drivers\vmci.sys
2011-05-12 18:20:33 68720 ----a-w- C:\Windows\System32\drivers\vmx86.sys
2011-05-12 18:19:59 334448 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe
2011-05-12 18:19:55 404080 ----a-w- C:\Windows\SysWow64\vmnat.exe
2011-05-12 18:19:54 30320 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys
2011-05-12 18:19:49 968816 ----a-w- C:\Windows\System32\vnetlib64.dll
2011-05-12 18:19:27 31856 ----a-w- C:\Windows\System32\drivers\VMkbd.sys
2011-05-12 18:19:22 38512 ----a-w- C:\Windows\System32\drivers\hcmon.sys
2011-05-12 18:18:27 -------- d-----w- C:\Program Files (x86)\Common Files\VMware
2011-05-12 18:17:31 -------- d-----w- C:\Program Files (x86)\VMware
2011-05-11 00:05:35 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2011-05-11 00:05:34 -------- d-----w- C:\Program Files (x86)\Steam
2011-05-10 23:31:05 -------- d-----w- C:\Users\Harv\AppData\Local\Google
2011-05-10 23:31:04 -------- d-----w- C:\Users\Harv\AppData\Local\Adobe
2011-05-10 23:29:29 -------- d-----w- C:\Users\Harv\AppData\Local\Temp
2011-05-10 23:29:29 -------- d-----w- C:\Users\Harv\AppData\Local\Microsoft
2011-05-10 23:26:28 -------- d-----w- C:\Users\Harv\AppData\Roaming\Windows Live Writer
2011-05-10 23:26:28 -------- d-----w- C:\Users\Harv\AppData\Roaming\Reallusion
2011-05-10 23:26:28 -------- d-----w- C:\Users\Harv\AppData\Roaming\Patches
2011-05-10 23:26:28 -------- d-----w- C:\Users\Harv\AppData\Roaming\EditPlus 3
2011-05-10 23:26:28 -------- d-----w- C:\Users\Harv\Adobe Flash Builder 4
2011-05-10 22:00:01 -------- d-----w- C:\Program Files (x86)\EditPlus 3
2011-05-10 20:39:43 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2011-05-10 20:37:12 509976 ----a-w- C:\Windows\System32\igfxsrvc.exe
2011-05-10 20:37:12 4370456 ----a-w- C:\Windows\System32\GfxUI.exe
2011-05-10 20:37:12 418840 ----a-w- C:\Windows\System32\igfxpers.exe
2011-05-10 20:37:12 391704 ----a-w- C:\Windows\System32\hkcmd.exe
2011-05-10 20:37:12 239128 ----a-w- C:\Windows\System32\igfxext.exe
2011-05-10 20:37:12 167960 ----a-w- C:\Windows\System32\igfxtray.exe
2011-05-10 20:37:11 179736 ----a-w- C:\Windows\System32\difx64.exe
2011-05-10 20:28:57 -------- d-----w- C:\Program Files (x86)\Realtek
2011-05-10 19:08:04 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-10 19:08:04 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-10 18:01:21 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-10 18:01:19 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-10 18:01:18 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-10 18:01:17 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-05-10 18:01:17 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-05-10 18:01:17 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-05-10 18:01:17 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-05-10 18:01:17 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-05-10 18:01:17 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-05-10 18:01:17 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-05-07 13:48:51 -------- d-----w- C:\Program Files (x86)\Fast Access
2011-05-07 13:48:23 28672 ----a-w- C:\Windows\32761
2011-05-07 13:24:32 -------- d-----w- C:\Windows\System32\SPReview
2011-05-07 13:24:23 -------- d-----w- C:\Windows\System32\EventProviders
2011-05-07 13:22:59 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2011-05-07 13:21:56 6144 ----a-w- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui
2011-05-07 13:05:52 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-05-07 13:05:51 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-05-07 12:51:07 -------- d-----w- C:\Windows\en
2011-05-07 12:48:35 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2011-05-07 12:48:35 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2011-05-07 12:48:34 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2011-05-07 12:48:34 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2011-05-07 12:40:16 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e98817be1cc0cb32d\InstallManager_WLE_WLE.exe
2011-05-07 12:39:51 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\dbbf4bc31cc0cb321\MeshBetaRemover.exe
2011-05-07 12:39:30 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\cedc76551cc0cb31a\DSETUP.dll
2011-05-07 12:39:30 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\cedc76551cc0cb31a\DXSETUP.exe
2011-05-07 12:39:30 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\cedc76551cc0cb31a\dsetup32.dll
2011-05-07 12:39:29 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\cd5c39551cc0cb319\DXSETUP.exe
2011-05-07 12:39:28 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\cd5c39551cc0cb319\DSETUP.dll
2011-05-07 12:39:28 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\cd5c39551cc0cb319\dsetup32.dll
2011-05-07 12:32:56 -------- d-----w- C:\ProgramData\Roaming
2011-05-07 12:32:08 -------- d-----w- C:\Program Files\Common Files\Intel
2011-05-07 08:05:46 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-05-07 07:33:55 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2011-05-07 06:52:03 -------- d-----w- C:\ProgramData\ALM
2011-05-07 02:07:25 -------- d-----w- C:\NVIDIA
2011-05-06 19:21:50 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes
2011-05-06 19:11:42 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll
2011-05-06 19:11:42 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2011-05-06 12:51:40 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-05-06 12:51:40 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-05-06 12:51:40 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-05-06 12:51:40 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-05-06 12:51:40 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-05-06 12:24:13 -------- d-----w- C:\Windows\SysWow64\Wat
2011-05-06 12:24:13 -------- d-----w- C:\Windows\System32\Wat
2011-05-06 12:12:34 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2011-05-06 12:05:27 715776 ----a-w- C:\Windows\System32\kerberos.dll
2011-05-06 12:05:27 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2011-05-06 12:05:20 2871808 ----a-w- C:\Windows\explorer.exe
2011-05-06 12:05:20 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-05-06 11:59:01 270720 ------w- C:\Windows\System32\MpSigStub.exe
.
==================== Find3M ====================
.
2011-05-07 13:26:54 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-05-07 13:26:54 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-04-20 10:29:36 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2011-04-20 10:26:32 75 --sh--r- C:\Windows\CT4CET.bin
2011-04-07 22:19:16 849092 ----a-w- C:\Windows\System32\nvcoproc.bin
2011-04-07 22:19:16 797800 ----a-w- C:\Windows\System32\nv3dappshext.dll
2011-04-07 22:19:16 53864 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2011-04-07 22:19:16 318056 ----a-w- C:\Windows\System32\nvhotkey.dll
2011-04-07 22:19:16 2582120 ----a-w- C:\Windows\System32\nvsvcr.dll
2011-04-07 22:19:16 117864 ----a-w- C:\Windows\System32\nvmctray.dll
2011-04-07 22:19:16 1012328 ----a-w- C:\Windows\System32\nvvsvc.exe
2011-04-07 22:19:14 797288 ----a-w- C:\Windows\System32\easyUpdatusAPIU64.dll
2011-04-07 22:19:06 6338152 ----a-w- C:\Windows\System32\nvcpl.dll
2011-04-07 22:18:42 3041384 ----a-w- C:\Windows\System32\nvsvc64.dll
2011-04-06 15:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
2011-04-06 15:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-04-06 15:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll
2011-04-06 15:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2011-04-06 15:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-04-06 15:20:16 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-04-06 15:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-04-06 15:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-03-26 00:24:18 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2342.dll
2011-03-26 00:17:50 12262336 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys
2011-03-26 00:17:48 7473664 ----a-w- C:\Windows\System32\igdumd64.dll
2011-03-26 00:16:10 963116 ----a-w- C:\Windows\SysWow64\igkrng600.bin
2011-03-26 00:16:10 963116 ----a-w- C:\Windows\System32\igkrng600.bin
2011-03-26 00:16:10 216876 ----a-w- C:\Windows\SysWow64\igfcg600m.bin
2011-03-26 00:16:10 216876 ----a-w- C:\Windows\System32\igfcg600m.bin
2011-03-26 00:12:06 5692416 ----a-w- C:\Windows\SysWow64\igdumd32.dll
2011-03-26 00:08:46 575488 ----a-w- C:\Windows\SysWow64\igdumdx32.dll
2011-03-26 00:05:34 7386624 ----a-w- C:\Windows\System32\igd10umd64.dll
2011-03-26 00:02:08 6068736 ----a-w- C:\Windows\SysWow64\igd10umd32.dll
2011-03-25 23:54:14 19592704 ----a-w- C:\Windows\System32\ig4icd64.dll
2011-03-25 23:45:16 14294016 ----a-w- C:\Windows\SysWow64\ig4icd32.dll
2011-03-25 23:39:48 335872 ----a-w- C:\Windows\System32\igfxpph.dll
2011-03-25 23:39:44 380928 ----a-w- C:\Windows\System32\igfxTMM.dll
2011-03-25 23:39:38 28672 ----a-w- C:\Windows\System32\igfxexps.dll
2011-03-25 23:39:26 62464 ----a-w- C:\Windows\System32\igfxsrvc.dll
2011-03-25 23:39:00 109056 ----a-w- C:\Windows\System32\hccutils.dll
2011-03-25 23:38:52 144896 ----a-w- C:\Windows\System32\gfxSrvc.dll
2011-03-25 23:38:50 4096 ----a-w- C:\Windows\System32\IGFXDEVLib.dll
2011-03-25 23:38:50 385024 ----a-w- C:\Windows\System32\igfxdev.dll
2011-03-25 23:38:18 285696 ----a-w- C:\Windows\System32\igfxrenu.lrc
2011-03-25 23:38:12 142336 ----a-w- C:\Windows\System32\igfxdo.dll
2011-03-25 23:38:10 9014784 ----a-w- C:\Windows\System32\igfxress.dll
2011-03-25 23:34:40 24576 ----a-w- C:\Windows\SysWow64\igfxexps32.dll
2011-03-25 23:33:50 288768 ----a-w- C:\Windows\SysWow64\igfxdv32.dll
2011-03-25 23:28:24 142848 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll
2011-03-25 23:28:24 122368 ----a-w- C:\Windows\System32\igfxcmrt64.dll
2011-03-25 21:00:54 252528 ----a-w- C:\Windows\SysWow64\vmnc.dll
2011-03-25 19:05:00 37680 ----a-w- C:\Windows\System32\drivers\vmusb.sys
2011-03-25 19:04:58 56880 ----a-w- C:\Windows\System32\vmnetbridge.dll
2011-03-25 19:04:58 55344 ----a-w- C:\Windows\System32\vnetinst.dll
2011-03-25 19:04:58 45104 ----a-w- C:\Windows\System32\drivers\vmnetbridge.sys
2011-03-25 19:04:58 24112 ----a-w- C:\Windows\System32\drivers\vmnet.sys
2011-03-25 19:04:58 20016 ----a-w- C:\Windows\System32\drivers\vmnetadapter.sys
2011-03-21 12:22:06 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2011-03-21 12:22:06 452200 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2011-03-21 12:22:06 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2011-03-12 12:08:49 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-12 11:23:45 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:41:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:41:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:30:28 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-07 02:08:13 93552 ----a-w- C:\Windows\SysWow64\ElbyCDIO.dll
2011-03-07 00:52:09 134512 ----a-w- C:\Windows\SysWow64\ElbyVCD.dll
.
============= FINISH: 17:49:11.83 ===============


Attatch.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 05/05/2011 20:03:44
System Uptime: 03/06/2011 16:17:08 (1 hours ago)
.
Motherboard: Dell Inc. | | 0NJT03
Processor: Intel(R) Core(TM) i7-2820QM CPU @ 2.30GHz | CPU | 782/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 324.444 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 7.456 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Windows Firewall Authorization Driver
Device ID: ROOT\LEGACY_MPSDRV\0000
Manufacturer:
Name: Windows Firewall Authorization Driver
PNP Device ID: ROOT\LEGACY_MPSDRV\0000
Service: mpsdrv
.
==== System Restore Points ===================
.
RP1: 03/06/2011 15:58:46 - ComboFix created restore point
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Master Collection
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
avast! Free Antivirus
Camera Control Pro 2
CyberLink PowerDVD 9.5
D3DX10
Dell Webcam Central
EditPlus 3
Fallout New Vegas
FileZilla Client 3.4.0
Google Chrome
Google Update Helper
Intel(R) Processor Graphics
Junk Mail filter update
Live! Cam Avatar Creator
Logitech Touch Mouse Server 1.0
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft Office 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 4.0.1 (x86 en-GB)
MSVCRT
MSVCRT_amd64
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
PDF Settings CS5
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Roxio Burn
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Skype™ 5.3
Steam
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
VirtualCloneDrive
VLC media player 1.1.9
VMware Workstation
Winamp
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
31/05/2011 01:35:01, Error: Microsoft Antimalware [3002] -
31/05/2011 01:23:07, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ElbyCDIO MpFilter spldr Wanarpv6
31/05/2011 01:02:19, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
31/05/2011 00:52:18, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
31/05/2011 00:50:53, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.
31/05/2011 00:50:46, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: The authentication service is unknown.
31/05/2011 00:31:25, Error: Service Control Manager [7031] - The VMware vCenter Converter Standalone Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
31/05/2011 00:31:20, Error: Service Control Manager [7034] - The VMware vCenter Converter Standalone Worker service terminated unexpectedly. It has done this 1 time(s).
30/05/2011 16:15:27, Error: Service Control Manager [7034] - The FAService service terminated unexpectedly. It has done this 1 time(s).
03/06/2011 15:28:44, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
03/06/2011 15:28:44, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
03/06/2011 15:09:42, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 126
03/06/2011 13:10:27, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
03/06/2011 13:06:42, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
03/06/2011 12:18:03, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
03/06/2011 11:30:21, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
03/06/2011 11:30:21, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
03/06/2011 11:20:56, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
03/06/2011 11:20:56, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
03/06/2011 11:20:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
03/06/2011 11:20:50, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
03/06/2011 11:20:36, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
03/06/2011 11:20:18, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ElbyCDIO spldr Wanarpv6
03/06/2011 11:03:38, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
03/06/2011 09:40:00, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
.
==== End Of File ===========================

All and any help appreciated - I have most tools at the ready.

RVee

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[rvee]

Ahoy!, many thanks for your time,

Combofix ran despite out an error on installing - unable to write iexplore.exe as file already exists.

aswmbr.exe log:

Run date: 2011-06-04 10:10:26
-----------------------------
10:10:26.874 OS Version: Windows x64 6.1.7601 Service Pack 1
10:10:26.874 Number of processors: 8 586 0x2A07
10:10:26.877 ComputerName: HARVS-XPS UserName: Harv
10:10:30.829 Initialize success
10:10:33.814 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:10:33.819 Disk 0 Vendor: ST950042 D005 Size: 476940MB BusType: 3
10:10:33.834 Disk 0 MBR read successfully
10:10:33.840 Disk 0 MBR scan
10:10:33.845 Disk 0 Windows 7 default MBR code
10:10:33.852 Service scanning
10:10:34.878 Disk 0 trace - called modules:
10:10:34.886 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
10:10:34.894 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009622790]
10:10:34.901 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa800953ecb0]
10:10:34.907 5 stdcfltn.sys[fffff88001b36c52] -> nt!IofCallDriver -> [0xfffffa8006d26190]
10:10:34.914 7 ACPI.sys[fffff88000d637a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007886050]
10:10:34.923 Scan finished successfully
10:11:26.304 Disk 0 MBR has been saved successfully to "C:\Users\Harv\Downloads\MBR.dat"
10:11:26.320 The log file has been saved successfully to "C:\Users\Harv\Downloads\rku_error_log_2038402.txt"


combofix log:


ComboFix 11-06-04.02 - Harv 04/06/2011 10:24:54.5.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8106.5599 [GMT 1:00]
Running from: c:\users\Harv\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-04 to 2011-06-04 )))))))))))))))))))))))))))))))
.
.
2011-06-04 09:30 . 2011-06-04 09:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-03 14:57 . 2011-06-04 09:23 -------- d-----w- C:\32788R22FWJFW
2011-06-03 14:16 . 2011-06-03 14:16 -------- d-----w- c:\program files (x86)\ESET
2011-06-03 12:06 . 2011-05-29 08:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-03 12:06 . 2011-06-03 12:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-03 11:49 . 2011-05-10 12:04 287576 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-06-03 11:49 . 2011-05-10 11:59 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-03 11:49 . 2011-05-10 12:10 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-06-03 11:49 . 2011-05-10 12:04 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-03 11:49 . 2011-05-10 12:02 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-06-03 11:49 . 2011-05-10 11:59 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-06-03 11:49 . 2011-05-10 11:59 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-03 11:49 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-06-03 11:49 . 2011-05-10 12:10 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-06-03 11:49 . 2011-06-03 11:49 -------- d-----w- c:\programdata\AVAST Software
2011-06-03 11:49 . 2011-06-03 11:49 -------- d-----w- c:\program files\AVAST Software
2011-06-03 11:27 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6CDBAEBB-A408-4547-846C-4EB2DDFA924B}\mpengine.dll
2011-05-31 01:04 . 2011-06-03 12:01 35712 ----a-w- c:\windows\SysWow64\drivers\new.sys
2011-05-31 01:03 . 2011-06-03 14:35 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2011-05-31 00:32 . 2011-05-31 00:32 -------- d-----w- c:\users\test
2011-05-30 23:42 . 2011-05-30 23:42 -------- d-----w- c:\programdata\Malwarebytes
2011-05-30 23:42 . 2011-05-29 08:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-30 15:07 . 2011-05-30 15:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-05-30 15:07 . 2011-05-31 00:53 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2011-05-26 22:45 . 2011-05-26 22:45 -------- d-----w- c:\program files\CCleaner
2011-05-24 22:09 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 00:40 . 2011-05-24 00:40 -------- d-----w- c:\programdata\Nikon
2011-05-23 13:39 . 2011-05-23 13:39 -------- d-----w- c:\windows\system32\Macromed
2011-05-20 22:34 . 2011-05-20 22:35 -------- d-----w- c:\programdata\Skype Extras
2011-05-20 22:33 . 2011-05-20 22:33 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-05-20 22:33 . 2011-05-31 01:31 -------- d-----r- c:\program files (x86)\Skype
2011-05-20 22:33 . 2011-05-20 22:33 -------- d-----w- c:\programdata\Skype
2011-05-20 19:10 . 2011-05-20 19:11 -------- d-----w- c:\program files (x86)\Logitech Touch Mouse Server
2011-05-20 19:05 . 2011-05-31 01:29 -------- d-----w- c:\program files (x86)\Google
2011-05-19 21:14 . 2011-05-31 01:30 -------- d-----w- c:\program files\PowerPlanAssistant
2011-05-16 22:31 . 2008-10-10 03:52 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2011-05-16 22:27 . 2011-05-16 22:30 -------- d--h--w- c:\windows\msdownld.tmp
2011-05-16 22:16 . 2011-05-16 22:35 -------- d-----w- c:\program files (x86)\Fallout New Vegas
2011-05-15 21:33 . 2011-05-15 21:33 -------- d-----w- c:\program files\iPod
2011-05-15 21:33 . 2011-05-15 21:34 -------- d-----w- c:\program files\iTunes
2011-05-15 21:33 . 2011-05-15 21:34 -------- d-----w- c:\program files (x86)\iTunes
2011-05-15 21:23 . 2009-05-18 12:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-15 21:23 . 2008-04-17 11:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-05-15 21:23 . 2008-04-17 11:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-05-15 20:29 . 2011-05-15 20:29 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-05-15 20:29 . 2011-05-15 20:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-05-15 20:29 . 2011-05-15 20:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-05-15 20:29 . 2011-05-15 20:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-05-15 20:29 . 2011-05-15 20:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-05-15 20:29 . 2011-05-15 20:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-05-15 20:29 . 2011-05-15 20:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-05-15 20:29 . 2011-05-15 20:28 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-05-15 20:28 . 2011-05-15 20:29 -------- d-----w- c:\programdata\Apple Computer
2011-05-15 20:28 . 2011-05-15 20:28 -------- d-----w- c:\program files (x86)\QuickTime
2011-05-15 20:28 . 2011-05-15 20:28 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-05-15 20:27 . 2011-05-15 20:27 -------- d-----w- c:\program files\Common Files\Apple
2011-05-15 20:27 . 2011-05-15 20:27 -------- d-----w- c:\program files\Bonjour
2011-05-15 20:27 . 2011-05-15 20:27 -------- d-----w- c:\program files (x86)\Bonjour
2011-05-15 20:27 . 2011-05-15 21:33 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-05-15 20:27 . 2011-05-15 20:48 -------- d-----w- c:\programdata\Apple
2011-05-12 18:20 . 2011-03-25 22:43 81008 ----a-w- c:\windows\system32\drivers\vmci.sys
2011-05-12 18:20 . 2011-03-25 22:43 68720 ----a-w- c:\windows\system32\drivers\vmx86.sys
2011-05-12 18:19 . 2011-03-25 22:42 334448 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2011-05-12 18:19 . 2011-03-25 22:42 404080 ----a-w- c:\windows\SysWow64\vmnat.exe
2011-05-12 18:19 . 2011-03-25 22:41 30320 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2011-05-12 18:19 . 2011-03-25 22:43 968816 ----a-w- c:\windows\system32\vnetlib64.dll
2011-05-12 18:19 . 2011-03-25 22:41 31856 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2011-05-12 18:19 . 2011-03-25 21:27 38512 ----a-w- c:\windows\system32\drivers\hcmon.sys
2011-05-12 18:18 . 2011-05-12 18:18 -------- d-----w- c:\program files (x86)\Common Files\VMware
2011-05-12 18:17 . 2011-06-03 14:09 -------- d-----w- c:\programdata\VMware
2011-05-12 18:17 . 2011-05-31 01:31 -------- d-----w- c:\program files (x86)\VMware
2011-05-11 00:05 . 2011-05-11 00:05 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-05-11 00:05 . 2011-05-30 15:39 -------- d-----w- c:\program files (x86)\Steam
2011-05-10 23:05 . 2011-05-10 23:32 -------- d-----w- c:\users\Tech
2011-05-10 22:56 . 2011-05-10 23:26 -------- d-----w- c:\users\Harv
2011-05-10 22:00 . 2011-05-10 23:53 -------- d-----w- c:\program files (x86)\EditPlus 3
2011-05-10 21:46 . 2011-05-10 21:46 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2011-05-10 20:39 . 2011-05-10 20:39 -------- d-----w- c:\program files (x86)\Common Files\Intel
2011-05-10 20:37 . 2011-03-30 05:27 167960 ----a-w- c:\windows\system32\igfxtray.exe
2011-05-10 20:37 . 2011-03-30 05:27 509976 ----a-w- c:\windows\system32\igfxsrvc.exe
2011-05-10 20:37 . 2011-03-30 05:27 418840 ----a-w- c:\windows\system32\igfxpers.exe
2011-05-10 20:37 . 2011-03-30 05:27 239128 ----a-w- c:\windows\system32\igfxext.exe
2011-05-10 20:37 . 2011-03-30 05:27 391704 ----a-w- c:\windows\system32\hkcmd.exe
2011-05-10 20:37 . 2011-03-30 05:27 4370456 ----a-w- c:\windows\system32\GfxUI.exe
2011-05-10 20:37 . 2011-03-30 05:27 179736 ----a-w- c:\windows\system32\difx64.exe
2011-05-10 20:28 . 2011-05-10 20:29 -------- d-----w- c:\program files (x86)\Realtek
2011-05-10 19:08 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-10 19:08 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-10 18:01 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-10 18:01 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-10 18:01 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-10 18:01 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-10 18:01 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-10 18:01 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-10 18:01 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-10 18:01 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-10 18:01 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-10 18:01 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-07 13:48 . 2011-06-03 14:09 -------- d-----w- c:\program files (x86)\Fast Access
2011-05-07 13:48 . 2009-05-22 18:54 28672 ----a-w- c:\windows\32761
2011-05-07 13:24 . 2011-05-07 13:24 -------- d-----w- c:\windows\system32\SPReview
2011-05-07 13:24 . 2011-05-07 13:24 -------- d-----w- c:\windows\system32\EventProviders
2011-05-07 13:22 . 2010-11-20 13:33 289664 ----a-w- c:\windows\system32\drivers\fltMgr.sys
2011-05-07 13:21 . 2010-11-20 13:11 6144 ----a-w- c:\windows\system32\drivers\en-US\IPMIDrv.sys.mui
2011-05-07 13:05 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-05-07 13:05 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-05-07 12:51 . 2011-05-07 12:51 -------- d-----w- c:\windows\en
2011-05-07 12:49 . 2011-05-07 12:49 -------- d-----w- c:\program files\Windows Live
2011-05-07 12:48 . 2009-09-04 16:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2011-05-07 12:48 . 2009-09-04 16:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2011-05-07 12:48 . 2009-09-04 16:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2011-05-07 12:48 . 2009-09-04 16:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-05-07 12:45 . 2011-05-07 12:46 -------- d-----w- c:\programdata\Creative
2011-05-07 12:40 . 2011-05-07 12:40 469256 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e98817be1cc0cb32d\InstallManager_WLE_WLE.exe
2011-05-07 12:39 . 2011-05-07 12:39 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\dbbf4bc31cc0cb321\MeshBetaRemover.exe
2011-05-07 12:39 . 2011-05-07 12:39 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\cedc76551cc0cb31a\DSETUP.dll
2011-05-07 12:39 . 2011-05-07 12:39 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\cedc76551cc0cb31a\DXSETUP.exe
2011-05-07 12:39 . 2011-05-07 12:39 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\cedc76551cc0cb31a\dsetup32.dll
2011-05-07 12:39 . 2011-05-07 12:39 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\cd5c39551cc0cb319\DXSETUP.exe
2011-05-07 12:39 . 2011-05-07 12:39 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\cd5c39551cc0cb319\dsetup32.dll
2011-05-07 12:39 . 2011-05-07 12:39 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\cd5c39551cc0cb319\DSETUP.dll
2011-05-07 12:32 . 2011-05-23 11:04 -------- d-----w- c:\users\Public\Roaming
2011-05-07 12:32 . 2011-05-23 11:04 -------- d-----w- c:\users\Default\Roaming
2011-05-07 12:32 . 2011-05-23 11:04 -------- d-----w- c:\programdata\Roaming
2011-05-07 12:32 . 2011-05-23 11:04 -------- d-----w- c:\program files\Common Files\Intel
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-07 13:26 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-05-07 13:26 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-05-07 12:50 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-20 10:29 . 2011-04-20 10:29 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2011-04-08 05:14 . 2011-04-20 12:54 789608 ----a-w- c:\windows\system32\nvumdshimx.dll
2011-04-08 05:14 . 2011-04-20 12:54 234088 ----a-w- c:\windows\system32\nvinitx.dll
2011-04-08 05:14 . 2011-04-20 12:54 197736 ----a-w- c:\windows\SysWow64\nvinit.dll
2011-04-08 05:14 . 2011-04-20 12:54 2273896 ----a-w- c:\windows\system32\nvapi64.dll
2011-04-07 22:19 . 2011-04-07 22:19 849092 ----a-w- c:\windows\system32\nvcoproc.bin
2011-04-07 22:19 . 2011-04-07 22:19 797800 ----a-w- c:\windows\system32\nv3dappshext.dll
2011-04-07 22:19 . 2011-04-07 22:19 53864 ----a-w- c:\windows\system32\nv3dappshextr.dll
2011-04-07 22:19 . 2011-04-07 22:19 318056 ----a-w- c:\windows\system32\nvhotkey.dll
2011-04-07 22:19 . 2011-04-07 22:19 2582120 ----a-w- c:\windows\system32\nvsvcr.dll
2011-04-07 22:19 . 2011-04-07 22:19 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 22:19 . 2011-04-07 22:19 1012328 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-07 22:19 . 2011-04-07 22:19 797288 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-04-07 22:19 . 2011-04-07 22:19 6338152 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 22:18 . 2011-04-07 22:18 3041384 ----a-w- c:\windows\system32\nvsvc64.dll
2011-04-06 15:26 . 2011-04-06 15:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:26 . 2011-04-06 15:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 15:26 . 2011-04-06 15:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 15:26 . 2011-04-06 15:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 15:20 . 2011-04-06 15:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-04-06 15:20 . 2011-04-06 15:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-03-26 00:05 . 2011-04-20 12:54 7386624 ----a-w- c:\windows\system32\igd10umd64.dll
2011-03-25 23:39 . 2011-04-20 12:54 335872 ----a-w- c:\windows\system32\igfxpph.dll
2011-03-25 23:39 . 2011-04-20 12:54 28672 ----a-w- c:\windows\system32\igfxexps.dll
2011-03-25 23:39 . 2011-04-20 12:54 62464 ----a-w- c:\windows\system32\igfxsrvc.dll
2011-03-25 23:39 . 2011-04-20 12:54 109056 ----a-w- c:\windows\system32\hccutils.dll
2011-03-25 23:38 . 2011-04-20 12:54 385024 ----a-w- c:\windows\system32\igfxdev.dll
2011-03-25 23:38 . 2011-04-20 12:54 9014784 ----a-w- c:\windows\system32\igfxress.dll
2011-03-25 21:00 . 2011-03-25 21:00 252528 ----a-w- c:\windows\SysWow64\vmnc.dll
2011-03-25 19:05 . 2011-03-25 19:05 37680 ----a-w- c:\windows\system32\drivers\vmusb.sys
2011-03-25 19:04 . 2011-03-25 19:04 56880 ----a-w- c:\windows\system32\vmnetbridge.dll
2011-03-25 19:04 . 2011-03-25 19:04 55344 ----a-w- c:\windows\system32\vnetinst.dll
2011-03-25 19:04 . 2011-03-25 19:04 45104 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2011-03-25 19:04 . 2011-03-25 19:04 24112 ----a-w- c:\windows\system32\drivers\vmnet.sys
2011-03-25 19:04 . 2011-03-25 19:04 20016 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2011-03-21 12:22 . 2011-04-20 12:53 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2011-03-21 12:22 . 2011-03-21 12:22 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2011-03-21 12:22 . 2011-03-21 12:22 452200 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2011-03-07 02:08 . 2011-03-07 02:08 93552 ----a-w- c:\windows\SysWow64\ElbyCDIO.dll
2011-03-07 00:52 . 2011-03-07 00:52 134512 ----a-w- c:\windows\SysWow64\ElbyVCD.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"FATrayAlert"="c:\program files (x86)\Fast Access\FATrayMon.exe" [2010-04-04 95560]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-03-25 129648]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-04-04 10:43 144712 ----a-w- c:\program files (x86)\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-20 136176]
R3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\DRIVERS\athrxu6.sys [x]
R3 BlackBox;BlackBox SR2; [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 new;BlackBox SR2; [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0;PCDSRVC{67F2314B-25F2B3C0-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\gencotst\pcdsrvc_x64.pkms [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 FAService;FAService;c:\program files (x86)\Fast Access\FAService.exe [2010-04-04 2409800]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-20 19:05]
.
2011-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-20 19:05]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-12-14 6561384]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-12-10 2186856]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-04-07 318056]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: mswsock.dll
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-FAStartup - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-POWER PLAN ASSISTANT - c:\program files\PowerPlanAssistant\PowerPlanAssistantLauncher.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{67F2314B-25F2B3C0-06020101}_0]
"ImagePath"="\??\c:\gencotst\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-04 10:32:00
ComboFix-quarantined-files.txt 2011-06-04 09:31
.
Pre-Run: 348,198,125,568 bytes free
Post-Run: 348,620,058,624 bytes free
.
- - End Of File - - 3E56865F60904D2FCDCD034A74510482

 

[Broni]

I don't see much there.

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[rvee]

thanks,

Downloaded TDSSkiller and run:

282 objects processed, nothing found.

Still getting the hijacks in IE and FF - occasionally some slightly odd behaviour in Chrome.

 

[rvee]

TDSSKiller log here: 2011/06/05 00:17:47.0397 5440 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/05 00:17:47.0587 5440 ================================================================================
2011/06/05 00:17:47.0587 5440 SystemInfo:
2011/06/05 00:17:47.0587 5440
2011/06/05 00:17:47.0587 5440 OS Version: 6.1.7601 ServicePack: 1.0
2011/06/05 00:17:47.0587 5440 Product type: Workstation
2011/06/05 00:17:47.0587 5440 ComputerName: HARVS-XPS
2011/06/05 00:17:47.0588 5440 UserName: Harv
2011/06/05 00:17:47.0588 5440 Windows directory: C:\Windows
2011/06/05 00:17:47.0588 5440 System windows directory: C:\Windows
2011/06/05 00:17:47.0588 5440 Running under WOW64
2011/06/05 00:17:47.0588 5440 Processor architecture: Intel x64
2011/06/05 00:17:47.0588 5440 Number of processors: 8
2011/06/05 00:17:47.0588 5440 Page size: 0x1000
2011/06/05 00:17:47.0588 5440 Boot type: Normal boot
2011/06/05 00:17:47.0588 5440 ================================================================================
2011/06/05 00:17:48.0219 5440 Initialize success
2011/06/05 00:17:49.0831 5236 ================================================================================
2011/06/05 00:17:49.0831 5236 Scan started
2011/06/05 00:17:49.0831 5236 Mode: Manual;
2011/06/05 00:17:49.0831 5236 ================================================================================
2011/06/05 00:17:50.0351 5236 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/06/05 00:17:50.0385 5236 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys
2011/06/05 00:17:50.0438 5236 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/06/05 00:17:50.0504 5236 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/06/05 00:17:50.0557 5236 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/05 00:17:50.0585 5236 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/05 00:17:50.0615 5236 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/05 00:17:50.0697 5236 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
2011/06/05 00:17:50.0752 5236 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/06/05 00:17:50.0793 5236 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/06/05 00:17:50.0813 5236 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/06/05 00:17:50.0845 5236 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/05 00:17:50.0883 5236 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/05 00:17:50.0929 5236 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/06/05 00:17:50.0947 5236 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/05 00:17:50.0982 5236 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/06/05 00:17:51.0035 5236 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/06/05 00:17:51.0107 5236 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/06/05 00:17:51.0125 5236 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/05 00:17:51.0172 5236 aswFsBlk (f1dbe3d02ffcdee5246f29b0ecebe6e0) C:\Windows\system32\drivers\aswFsBlk.sys
2011/06/05 00:17:51.0210 5236 aswMonFlt (f3e75dd1bcc358fb4629357ad09e7c84) C:\Windows\system32\drivers\aswMonFlt.sys
2011/06/05 00:17:51.0243 5236 aswRdr (fccbdc045dc12afd1508205117e7ed11) C:\Windows\system32\drivers\aswRdr.sys
2011/06/05 00:17:51.0294 5236 aswSnx (5824dca602a0a30e866bc2ac98c6d970) C:\Windows\system32\drivers\aswSnx.sys
2011/06/05 00:17:51.0337 5236 aswSP (af07b4bef920f90205148f3a05e2974c) C:\Windows\system32\drivers\aswSP.sys
2011/06/05 00:17:51.0359 5236 aswTdi (a3eca5af3b4823a523c285a8df0f9e4f) C:\Windows\system32\drivers\aswTdi.sys
2011/06/05 00:17:51.0374 5236 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/05 00:17:51.0429 5236 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/06/05 00:17:51.0511 5236 athrusb6 (aec505976ef01bbd8f57cba912f39259) C:\Windows\system32\DRIVERS\athrxu6.sys
2011/06/05 00:17:51.0641 5236 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/06/05 00:17:51.0667 5236 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/06/05 00:17:51.0711 5236 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/06/05 00:17:51.0769 5236 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/05 00:17:51.0825 5236 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/05 00:17:51.0862 5236 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/05 00:17:51.0878 5236 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/05 00:17:51.0908 5236 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/06/05 00:17:51.0970 5236 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/05 00:17:51.0989 5236 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/05 00:17:52.0009 5236 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/05 00:17:52.0086 5236 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
2011/06/05 00:17:52.0128 5236 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/05 00:17:52.0169 5236 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/06/05 00:17:52.0206 5236 BTHPORT (0d25b6d300ba26a5f2c3b2a8e96b158b) C:\Windows\System32\Drivers\BTHport.sys
2011/06/05 00:17:52.0270 5236 BTHUSB (1f9912f8ec5bfa53432e71e150636a8a) C:\Windows\System32\Drivers\BTHUSB.sys
2011/06/05 00:17:52.0291 5236 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/05 00:17:52.0325 5236 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/06/05 00:17:52.0357 5236 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/05 00:17:52.0391 5236 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/06/05 00:17:52.0446 5236 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/05 00:17:52.0474 5236 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/06/05 00:17:52.0520 5236 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/06/05 00:17:52.0547 5236 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/05 00:17:52.0573 5236 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/06/05 00:17:52.0601 5236 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/05 00:17:52.0653 5236 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
2011/06/05 00:17:52.0721 5236 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/06/05 00:17:52.0756 5236 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/06/05 00:17:52.0795 5236 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/06/05 00:17:52.0872 5236 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/06/05 00:17:52.0932 5236 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/05 00:17:53.0013 5236 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/06/05 00:17:53.0128 5236 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/06/05 00:17:53.0154 5236 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/05 00:17:53.0196 5236 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/06/05 00:17:53.0220 5236 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/06/05 00:17:53.0258 5236 FACAP (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys
2011/06/05 00:17:53.0292 5236 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/06/05 00:17:53.0324 5236 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/05 00:17:53.0363 5236 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/06/05 00:17:53.0382 5236 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/06/05 00:17:53.0406 5236 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/05 00:17:53.0461 5236 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/06/05 00:17:53.0517 5236 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/06/05 00:17:53.0532 5236 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/05 00:17:53.0576 5236 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/05 00:17:53.0616 5236 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/05 00:17:53.0675 5236 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/05 00:17:53.0718 5236 hcmon (d5fa01185a7d5a65724fd87b34e53f5b) C:\Windows\system32\drivers\hcmon.sys
2011/06/05 00:17:53.0746 5236 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/05 00:17:53.0793 5236 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/05 00:17:53.0831 5236 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/05 00:17:53.0850 5236 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/05 00:17:53.0888 5236 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/05 00:17:53.0927 5236 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/05 00:17:53.0990 5236 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/06/05 00:17:54.0039 5236 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/06/05 00:17:54.0107 5236 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/05 00:17:54.0163 5236 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/06/05 00:17:54.0212 5236 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys
2011/06/05 00:17:54.0248 5236 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/06/05 00:17:54.0483 5236 igfx (795c99dc4f574c97c03d0bb39cf099ee) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/06/05 00:17:54.0739 5236 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/05 00:17:54.0777 5236 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
2011/06/05 00:17:54.0879 5236 IntcAzAudAddService (a9853214cc97796579d75b1f59c51dcd) C:\Windows\system32\drivers\RTKVHD64.sys
2011/06/05 00:17:54.0938 5236 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
2011/06/05 00:17:54.0983 5236 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/06/05 00:17:55.0028 5236 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/05 00:17:55.0097 5236 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/05 00:17:55.0156 5236 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/06/05 00:17:55.0180 5236 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/06/05 00:17:55.0212 5236 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/06/05 00:17:55.0257 5236 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/06/05 00:17:55.0291 5236 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/06/05 00:17:55.0348 5236 JMCR (e56417c56b6a7316b6f527c890a1860d) C:\Windows\system32\DRIVERS\jmcr.sys
2011/06/05 00:17:55.0390 5236 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/06/05 00:17:55.0427 5236 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/06/05 00:17:55.0477 5236 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/05 00:17:55.0515 5236 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/05 00:17:55.0543 5236 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/06/05 00:17:55.0589 5236 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/05 00:17:55.0629 5236 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/05 00:17:55.0647 5236 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/05 00:17:55.0672 5236 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/05 00:17:55.0693 5236 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/05 00:17:55.0721 5236 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/06/05 00:17:55.0750 5236 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/05 00:17:55.0780 5236 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/05 00:17:55.0823 5236 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/06/05 00:17:55.0845 5236 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/06/05 00:17:55.0874 5236 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/05 00:17:55.0913 5236 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/05 00:17:55.0940 5236 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/05 00:17:55.0984 5236 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/06/05 00:17:56.0035 5236 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/06/05 00:17:56.0071 5236 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/05 00:17:56.0111 5236 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/06/05 00:17:56.0152 5236 mrxsmb (c2b4651001a867ff3f8865863b592991) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/05 00:17:56.0201 5236 mrxsmb10 (7e79946afc5f799ab62982282be5ac13) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/05 00:17:56.0226 5236 mrxsmb20 (5fb954100cea2bfec6446fbbecaa3f79) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/05 00:17:56.0263 5236 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/06/05 00:17:56.0291 5236 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/06/05 00:17:56.0329 5236 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/06/05 00:17:56.0348 5236 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/05 00:17:56.0372 5236 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/06/05 00:17:56.0410 5236 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/05 00:17:56.0440 5236 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/05 00:17:56.0458 5236 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/06/05 00:17:56.0498 5236 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/06/05 00:17:56.0525 5236 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/06/05 00:17:56.0550 5236 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/06/05 00:17:56.0565 5236 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/05 00:17:56.0589 5236 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/06/05 00:17:56.0650 5236 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/05 00:17:56.0716 5236 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/06/05 00:17:56.0767 5236 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/05 00:17:56.0804 5236 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/05 00:17:56.0838 5236 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/05 00:17:56.0875 5236 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/05 00:17:56.0919 5236 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/06/05 00:17:56.0951 5236 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/05 00:17:56.0979 5236 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/05 00:17:57.0176 5236 NETwNs64 (30933bb56fb611d0252bad488adfb533) C:\Windows\system32\DRIVERS\NETwNs64.sys
2011/06/05 00:17:57.0255 5236 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/05 00:17:57.0279 5236 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/06/05 00:17:57.0303 5236 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/05 00:17:57.0386 5236 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/06/05 00:17:57.0434 5236 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/06/05 00:17:57.0467 5236 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
2011/06/05 00:17:57.0489 5236 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
2011/06/05 00:17:57.0545 5236 NVHDA (f2662fdc20518ee8a8eed4f61ba42349) C:\Windows\system32\drivers\nvhda64v.sys
2011/06/05 00:17:57.0796 5236 nvlddmkm (a963c2c276a97b088ded5d7a83be8052) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/05 00:17:57.0863 5236 nvpciflt (4ddea90ae449ce33a6ee318fddbe5683) C:\Windows\system32\DRIVERS\nvpciflt.sys
2011/06/05 00:17:57.0906 5236 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/06/05 00:17:57.0950 5236 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/06/05 00:17:58.0019 5236 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/06/05 00:17:58.0064 5236 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/06/05 00:17:58.0112 5236 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/06/05 00:17:58.0156 5236 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/06/05 00:17:58.0233 5236 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/06/05 00:17:58.0260 5236 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/06/05 00:17:58.0288 5236 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/05 00:17:58.0318 5236 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/06/05 00:17:58.0376 5236 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/06/05 00:17:58.0503 5236 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/05 00:17:58.0550 5236 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/06/05 00:17:58.0633 5236 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/05 00:17:58.0670 5236 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/06/05 00:17:58.0715 5236 qicflt (0928bd20273625622722fe1de5bbde57) C:\Windows\system32\DRIVERS\qicflt.sys
2011/06/05 00:17:58.0794 5236 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/05 00:17:58.0892 5236 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/05 00:17:58.0922 5236 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/05 00:17:58.0957 5236 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/05 00:17:59.0002 5236 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/05 00:17:59.0044 5236 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/05 00:17:59.0095 5236 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/05 00:17:59.0138 5236 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/05 00:17:59.0188 5236 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/05 00:17:59.0214 5236 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/05 00:17:59.0238 5236 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/05 00:17:59.0263 5236 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/05 00:17:59.0279 5236 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/05 00:17:59.0323 5236 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/06/05 00:17:59.0367 5236 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/06/05 00:17:59.0432 5236 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/06/05 00:17:59.0493 5236 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/05 00:17:59.0537 5236 RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/06/05 00:17:59.0588 5236 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/06/05 00:17:59.0648 5236 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/05 00:17:59.0702 5236 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
2011/06/05 00:17:59.0752 5236 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/06/05 00:17:59.0801 5236 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/05 00:17:59.0842 5236 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/06/05 00:17:59.0881 5236 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/05 00:17:59.0927 5236 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/05 00:17:59.0942 5236 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/05 00:17:59.0966 5236 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/05 00:17:59.0998 5236 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/05 00:18:00.0030 5236 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/05 00:18:00.0059 5236 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/05 00:18:00.0082 5236 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/06/05 00:18:00.0125 5236 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/06/05 00:18:00.0176 5236 srv (65bbf4920148c2ee279055da7228fc7b) C:\Windows\system32\DRIVERS\srv.sys
2011/06/05 00:18:00.0221 5236 srv2 (da939f762a1ccc2d77428621ddbd40a7) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/05 00:18:00.0253 5236 srvnet (3f847c9dc87299516f7dc82fb6572865) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/05 00:18:00.0300 5236 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
2011/06/05 00:18:00.0363 5236 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/05 00:18:00.0420 5236 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/06/05 00:18:00.0496 5236 SynTP (b0c7d4dcf4800df2f2145b500d0161e8) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/05 00:18:00.0601 5236 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
2011/06/05 00:18:00.0719 5236 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/05 00:18:00.0782 5236 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/05 00:18:00.0817 5236 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/06/05 00:18:00.0842 5236 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/06/05 00:18:00.0879 5236 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/05 00:18:00.0907 5236 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/06/05 00:18:00.0970 5236 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/05 00:18:01.0005 5236 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/06/05 00:18:01.0038 5236 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/05 00:18:01.0082 5236 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
2011/06/05 00:18:01.0147 5236 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/05 00:18:01.0193 5236 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/05 00:18:01.0248 5236 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/05 00:18:01.0272 5236 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/05 00:18:01.0294 5236 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/05 00:18:01.0333 5236 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
2011/06/05 00:18:01.0378 5236 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/05 00:18:01.0411 5236 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/06/05 00:18:01.0434 5236 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
2011/06/05 00:18:01.0476 5236 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/05 00:18:01.0525 5236 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
2011/06/05 00:18:01.0551 5236 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/05 00:18:01.0582 5236 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/05 00:18:01.0604 5236 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
2011/06/05 00:18:01.0633 5236 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/05 00:18:01.0674 5236 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
2011/06/05 00:18:01.0692 5236 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/06/05 00:18:01.0726 5236 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/05 00:18:01.0753 5236 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/06/05 00:18:01.0781 5236 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/06/05 00:18:01.0803 5236 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/06/05 00:18:01.0846 5236 vmci (312aec23a85424543af898a59209b479) C:\Windows\system32\drivers\vmci.sys
2011/06/05 00:18:01.0864 5236 vmkbd (ffc30caeeb2fc5fee8568cff74edeaed) C:\Windows\system32\drivers\VMkbd.sys
2011/06/05 00:18:01.0884 5236 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
2011/06/05 00:18:01.0904 5236 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
2011/06/05 00:18:01.0951 5236 VMnetuserif (56d547bfc3f1619fa82ec9ef5d24e802) C:\Windows\system32\drivers\vmnetuserif.sys
2011/06/05 00:18:01.0996 5236 vmusb (415b167695c4b5960a13098622ef3d80) C:\Windows\system32\Drivers\vmusb.sys
2011/06/05 00:18:02.0058 5236 vmx86 (62cd5a87fde14701506d4e0dd8f13d2e) C:\Windows\system32\drivers\vmx86.sys
2011/06/05 00:18:02.0099 5236 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/06/05 00:18:02.0149 5236 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/06/05 00:18:02.0198 5236 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/06/05 00:18:02.0235 5236 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/05 00:18:02.0308 5236 vstor2-ws60 (e61c910e2ddf4797c1b1f9239636e894) C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys
2011/06/05 00:18:02.0354 5236 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/06/05 00:18:02.0381 5236 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/06/05 00:18:02.0418 5236 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/06/05 00:18:02.0451 5236 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/05 00:18:02.0513 5236 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/05 00:18:02.0543 5236 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/05 00:18:02.0606 5236 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/06/05 00:18:02.0625 5236 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/05 00:18:02.0669 5236 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/05 00:18:02.0703 5236 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/06/05 00:18:02.0767 5236 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/06/05 00:18:02.0816 5236 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/05 00:18:02.0857 5236 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/05 00:18:02.0902 5236 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/06/05 00:18:02.0948 5236 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/05 00:18:03.0036 5236 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/06/05 00:18:03.0046 5236 ================================================================================
2011/06/05 00:18:03.0046 5236 Scan finished
2011/06/05 00:18:03.0046 5236 ================================================================================
2011/06/05 00:18:03.0052 1684 Detected object count: 0
2011/06/05 00:18:03.0052 1684 Actual detected object count: 0

 

[Broni]

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[rvee]

thanks,

scan completed

OTL log here, but I don;t seem to have a extras log?

OTL logfile created on: 6/5/2011 12:50:36 AM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Harv\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

7.92 Gb Total Physical Memory | 5.84 Gb Available Physical Memory | 73.82% Memory free
15.83 Gb Paging File | 13.68 Gb Available in Paging File | 86.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.09 Gb Total Space | 324.78 Gb Free Space | 71.84% Space Free | Partition Type: NTFS
Drive D: | 13.67 Gb Total Space | 7.46 Gb Free Space | 54.53% Space Free | Partition Type: NTFS

Computer Name: HARVS-XPS | User Name: Harv | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/05 00:48:30 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Harv\Desktop\OTL.exe
PRC - [2011/05/25 07:10:16 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Harv\Desktop\TDSSKiller.exe
PRC - [2011/05/10 13:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 13:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/04/08 06:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/04/07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/03/25 23:42:16 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2011/03/25 23:42:04 | 000,129,648 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
PRC - [2011/03/25 23:42:00 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2011/03/25 23:41:50 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2011/03/25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010/10/01 22:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2010/04/04 11:44:10 | 000,095,560 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Fast Access\FATrayMon.exe
PRC - [2010/04/04 11:44:08 | 001,992,008 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Fast Access\FATrayAlert.exe
PRC - [2010/04/04 11:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Fast Access\FAService.exe
PRC - [2009/06/24 22:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe


========== Modules (SafeList) ==========

MOD - [2011/06/05 00:48:30 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Harv\Desktop\OTL.exe
MOD - [2011/05/10 13:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/11/20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/10 13:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/11/29 15:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/11/18 00:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/04/08 06:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/03/25 23:42:16 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011/03/25 23:42:00 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011/03/25 23:41:50 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2011/03/25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/08/19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/04/04 11:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Fast Access\FAService.exe -- (FAService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/10 12:59:48 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/04/08 06:14:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/03/26 01:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/25 23:43:06 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011/03/25 23:43:04 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011/03/25 23:41:18 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2011/03/25 23:41:08 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011/03/25 22:27:36 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011/03/25 20:05:00 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2011/03/25 20:04:58 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011/03/25 20:04:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011/03/21 13:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 20:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/03/03 16:59:18 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/02/10 20:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 20:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2011/01/12 23:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/17 15:06:32 | 001,404,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/15 15:02:04 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/12/13 15:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/11/29 15:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 14:25:46 | 000,840,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\blackbox.dll -- (BlackBox)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/09 11:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2010/10/19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/15 23:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/08/20 19:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/07/27 03:41:28 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/07/13 01:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/15 19:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/09/24 19:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2007/07/05 02:58:36 | 001,041,920 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxu6.sys -- (athrusb6)
DRV - [2011/06/03 15:35:36 | 000,035,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\BlackBox.sys -- (BlackBox)
DRV - [2011/06/03 13:01:02 | 000,035,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\new.sys -- (new)
DRV - [2010/08/19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-761940159-1764212317-3594174455-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-761940159-1764212317-3594174455-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-761940159-1764212317-3594174455-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/15 21:29:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/05/20 23:34:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/04/14 17:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/05/31 01:35:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Fast Access\FAIESSO.dll (Sensible Vision )
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-761940159-1764212317-3594174455-1007\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [POWER PLAN ASSISTANT] File not found
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-761940159-1764212317-3594174455-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-761940159-1764212317-3594174455-1005..\RunOnce: [mctadmin] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-761940159-1764212317-3594174455-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-761940159-1764212317-3594174455-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-761940159-1764212317-3594174455-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-761940159-1764212317-3594174455-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 87.194.255.154 87.194.255.155
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - C:\Program Files (x86)\Fast Access\FALogNot.dll - C:\Program Files (x86)\Fast Access\FALogNot.dll ()
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sdnclean64.exe) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

 

[rvee]

========== Files/Folders - Created Within 30 Days ==========

[2011/06/04 23:17:25 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
[2011/06/04 23:17:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/04 10:32:01 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\temp
[2011/06/04 10:23:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/06/04 10:23:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/06/04 10:23:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/06/04 10:23:46 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/06/04 10:23:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/03 15:57:36 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/06/03 13:06:54 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/06/03 13:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/03 13:06:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/06/03 12:49:50 | 000,287,576 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/06/03 12:49:50 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/06/03 12:49:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/06/03 12:49:49 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/06/03 12:49:49 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/06/03 12:49:49 | 000,064,344 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/06/03 12:49:49 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/06/03 12:49:49 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/06/03 12:49:42 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/06/03 12:49:42 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/06/03 12:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/06/03 12:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/31 01:32:33 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\Microsoft
[2011/05/31 01:27:53 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/31 00:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/31 00:42:29 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/30 22:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011/05/30 16:07:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/05/30 16:07:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2011/05/26 23:45:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/05/26 23:45:51 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/05/24 01:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Nikon
[2011/05/24 01:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camera Control Pro 2
[2011/05/24 01:37:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nikon
[2011/05/24 01:37:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nikon
[2011/05/24 01:37:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Ultima_T15
[2011/05/24 01:37:36 | 000,000,000 | ---D | C] -- C:\ProgramData\EnterNHelp
[2011/05/23 14:39:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/05/22 17:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
[2011/05/20 23:34:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011/05/20 23:33:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/05/20 23:33:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011/05/20 23:33:51 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/05/20 23:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/05/20 20:10:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech Touch Mouse Server
[2011/05/20 20:05:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/05/19 22:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\PowerPlanAssistant
[2011/05/16 23:27:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2011/05/16 23:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2011/05/16 23:16:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fallout New Vegas
[2011/05/15 22:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/05/15 22:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/15 22:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/05/15 22:33:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/05/15 21:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/05/15 21:28:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/05/15 21:28:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/05/15 21:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/05/15 21:28:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/05/15 21:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/05/15 21:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/05/15 21:27:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/05/15 21:27:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/05/15 21:27:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011/05/12 19:20:37 | 000,081,008 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmci.sys
[2011/05/12 19:20:33 | 000,068,720 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2011/05/12 19:19:59 | 000,334,448 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2011/05/12 19:19:55 | 000,404,080 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2011/05/12 19:19:54 | 000,030,320 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2011/05/12 19:19:49 | 000,968,816 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2011/05/12 19:19:27 | 000,031,856 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys
[2011/05/12 19:19:22 | 000,038,512 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2011/05/12 19:19:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2011/05/12 19:18:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2011/05/12 19:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2011/05/12 19:17:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware
[2011/05/11 01:05:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011/05/11 01:05:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2011/05/11 01:05:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2011/05/11 00:26:28 | 000,000,000 | ---D | C] -- C:\Users\Harv\Adobe Flash Builder 4
[2011/05/10 23:56:59 | 000,000,000 | R--D | C] -- C:\Users\Harv\Searches
[2011/05/10 23:56:59 | 000,000,000 | -H-D | C] -- C:\Users\Harv\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/05/10 23:56:55 | 000,000,000 | R--D | C] -- C:\Users\Harv\Contacts
[2011/05/10 23:56:49 | 000,000,000 | R--D | C] -- C:\Users\Harv\Videos
[2011/05/10 23:56:49 | 000,000,000 | R--D | C] -- C:\Users\Harv\Saved Games
[2011/05/10 23:56:49 | 000,000,000 | R--D | C] -- C:\Users\Harv\Pictures
[2011/05/10 23:56:49 | 000,000,000 | R--D | C] -- C:\Users\Harv\Music
[2011/05/10 23:56:49 | 000,000,000 | R--D | C] -- C:\Users\Harv\Links
[2011/05/10 23:56:49 | 000,000,000 | R--D | C] -- C:\Users\Harv\Favorites
[2011/05/10 23:56:49 | 000,000,000 | R--D | C] -- C:\Users\Harv\Downloads
[2011/05/10 23:56:49 | 000,000,000 | R--D | C] -- C:\Users\Harv\My Documents
[2011/05/10 23:56:49 | 000,000,000 | R--D | C] -- C:\Users\Harv\Desktop
[2011/05/10 23:56:49 | 000,000,000 | -HSD | C] -- C:\Users\Harv\Templates
[2011/05/10 23:56:49 | 000,000,000 | -HSD | C] -- C:\Users\Harv\Start Menu
[2011/05/10 23:56:49 | 000,000,000 | -HSD | C] -- C:\Users\Harv\SendTo
[2011/05/10 23:56:49 | 000,000,000 | -HSD | C] -- C:\Users\Harv\Recent
[2011/05/10 23:56:49 | 000,000,000 | -HSD | C] -- C:\Users\Harv\PrintHood
[2011/05/10 23:56:49 | 000,000,000 | -HSD | C] -- C:\Users\Harv\NetHood
[2011/05/10 23:56:49 | 000,000,000 | -HSD | C] -- C:\Users\Harv\My Documents
[2011/05/10 23:56:49 | 000,000,000 | -HSD | C] -- C:\Users\Harv\Local Settings
[2011/05/10 23:56:49 | 000,000,000 | -HSD | C] -- C:\Users\Harv\Cookies
[2011/05/10 23:56:49 | 000,000,000 | -HSD | C] -- C:\Users\Harv\Application Data
[2011/05/10 23:56:49 | 000,000,000 | -H-D | C] -- C:\Users\Harv\AppData
[2011/05/10 23:56:49 | 000,000,000 | ---D | C] -- C:\Users\Harv\Roaming
[2011/05/10 23:00:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EditPlus 3
[2011/05/10 22:46:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011/05/10 22:46:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2011/05/10 21:39:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2011/05/10 21:36:52 | 000,004,096 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2011/05/10 21:28:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2011/05/07 15:14:27 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastAccess Facial Recognition
[2011/05/07 15:10:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/05/07 14:48:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fast Access
[2011/05/07 14:24:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/05/07 14:24:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011/05/07 14:22:45 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2011/05/07 14:22:31 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2011/05/07 13:51:07 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/05/07 13:50:57 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/05/07 13:49:20 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/05/07 13:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2011/05/07 13:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Roaming
[2011/05/07 13:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2011/05/07 13:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/05/07 13:19:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2011/05/07 13:19:40 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2011/05/07 09:06:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/05/07 09:05:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011/05/07 08:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2011/05/07 08:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/05/07 08:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/05/07 07:52:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2011/05/07 03:08:32 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/05/07 03:08:32 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/05/07 03:07:25 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/05/07 03:06:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2011/05/07 03:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2011/05/07 02:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/05/07 02:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/05/07 02:57:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5
[2011/05/07 02:57:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2011/05/07 02:57:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011/05/07 02:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/05/07 02:39:20 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/05/06 20:21:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
[2011/05/06 20:21:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2011/05/06 20:11:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2011/05/06 20:11:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2011/05/06 13:48:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/05/06 13:24:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/05/06 13:24:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/05 00:10:15 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/04 23:24:11 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/04 23:24:11 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/04 23:23:03 | 000,730,464 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/04 23:23:03 | 000,631,144 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/04 23:23:03 | 000,111,822 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/04 23:17:15 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/04 23:16:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/04 23:16:37 | 2079,985,663 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/03 15:35:36 | 000,035,712 | ---- | M] () -- C:\Windows\SysWow64\drivers\BlackBox.sys
[2011/06/03 13:08:32 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/03 13:01:02 | 000,035,712 | ---- | M] () -- C:\Windows\SysWow64\drivers\new.sys
[2011/06/03 12:49:50 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/06/03 12:49:49 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/05/31 01:44:29 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/05/31 01:35:31 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/24 01:40:22 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Printer Icons
[2011/05/24 01:40:22 | 000,000,012 | RH-- | M] () -- C:\ProgramData\Resources
[2011/05/20 23:35:05 | 000,000,048 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/05/19 22:53:31 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/05/13 16:15:34 | 004,831,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/05/12 20:18:27 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/05/12 20:06:41 | 000,001,835 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak
[2011/05/12 19:19:08 | 000,738,602 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/10 21:41:51 | 000,018,224 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2011/05/10 13:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/10 13:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/05/10 13:10:44 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/05/10 13:04:08 | 000,600,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/05/10 13:04:07 | 000,287,576 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/05/10 13:02:41 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/05/10 12:59:59 | 000,031,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/05/10 12:59:48 | 000,064,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/05/10 12:59:37 | 000,022,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/05/07 15:13:03 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/05/07 14:42:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/05/06 20:11:43 | 000,001,009 | ---- | M] () -- C:\Users\Harv\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/05/06 13:47:04 | 000,001,443 | ---- | M] () -- C:\Users\Harv\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/06 13:43:52 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/05/06 13:43:50 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/05/06 02:01:05 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/05/06 02:01:05 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/04 10:23:54 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/04 10:23:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/06/04 10:23:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/04 10:23:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/04 10:23:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/03 13:06:54 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/03 12:49:50 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/06/03 12:49:49 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/05/31 02:04:43 | 000,035,712 | ---- | C] () -- C:\Windows\SysWow64\drivers\new.sys
[2011/05/31 02:03:49 | 000,035,712 | ---- | C] () -- C:\Windows\SysWow64\drivers\BlackBox.sys
[2011/05/24 01:40:22 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Printer Icons
[2011/05/24 01:40:22 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Resources
[2011/05/22 16:02:50 | 000,001,096 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network Stumbler.lnk
[2011/05/20 23:35:05 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/05/20 20:05:38 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/20 20:05:37 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/15 21:28:10 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/05/12 20:18:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/12 20:09:27 | 000,002,081 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 3.4 64-bit.lnk
[2011/05/12 19:19:13 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011/05/11 00:26:56 | 000,001,009 | ---- | C] () -- C:\Users\Harv\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/05/11 00:08:01 | 000,001,443 | ---- | C] () -- C:\Users\Harv\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/10 23:56:49 | 000,000,290 | ---- | C] () -- C:\Users\Harv\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/05/10 23:56:49 | 000,000,272 | ---- | C] () -- C:\Users\Harv\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/05/10 23:00:02 | 000,001,039 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EditPlus 3.lnk
[2011/05/10 21:41:51 | 000,018,224 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2011/05/10 21:37:11 | 000,179,736 | ---- | C] () -- C:\Windows\SysNative\difx64.exe
[2011/05/10 21:36:56 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/05/10 21:36:56 | 000,963,116 | ---- | C] () -- C:\Windows\SysNative\igkrng600.bin
[2011/05/10 21:36:56 | 000,013,488 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2011/05/10 21:36:51 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/05/10 21:36:51 | 000,216,876 | ---- | C] () -- C:\Windows\SysNative\igfcg600m.bin
[2011/05/07 15:13:03 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/05/07 15:10:04 | 000,001,156 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/07 14:48:23 | 000,028,672 | ---- | C] () -- C:\Windows\32761
[2011/05/07 14:42:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/05/07 14:23:23 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011/05/07 14:22:15 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2011/05/07 14:22:02 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2011/05/07 14:22:02 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2011/05/07 14:21:53 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2011/05/07 13:50:55 | 000,001,311 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/05/07 13:50:42 | 000,001,380 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/05/07 13:50:24 | 000,001,464 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/05/07 13:50:00 | 000,002,492 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/05/07 02:57:03 | 000,001,003 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/05/06 14:19:20 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/05/06 14:19:16 | 000,738,602 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/06 13:43:52 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/05/06 13:43:50 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/04/20 13:54:53 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/04/20 13:53:42 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/04/20 11:26:32 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2011/04/20 11:13:54 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini
[2010/04/04 11:45:06 | 000,089,416 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2010/04/04 11:44:12 | 000,059,208 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2010/04/04 11:42:44 | 000,247,624 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/06/05 00:25:42 | 000,000,000 | ---D | M] -- C:\Users\Harv\AppData\Roaming\EditPlus 3
[2011/05/26 23:47:21 | 000,000,000 | ---D | M] -- C:\Users\Harv\AppData\Roaming\FileZilla
[2011/05/24 01:40:26 | 000,000,000 | ---D | M] -- C:\Users\Harv\AppData\Roaming\Nikon
[2011/05/07 14:52:45 | 000,000,000 | ---D | M] -- C:\Users\Harv\AppData\Roaming\Patches
[2011/05/10 23:39:50 | 000,000,000 | ---D | M] -- C:\Users\Harv\AppData\Roaming\Windows Live Writer
[2009/07/14 06:08:49 | 000,015,816 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/05/19 22:53:31 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/11/20 13:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2011/04/20 14:04:28 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/06/04 10:32:00 | 000,028,332 | ---- | M] () -- C:\ComboFix.txt
[2011/06/04 23:16:37 | 2079,985,663 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/04 23:16:38 | 4204,969,983 | -HS- | M] () -- C:\pagefile.sys
[2011/06/05 00:18:04 | 000,071,116 | ---- | M] () -- C:\TDSSKiller.2.5.3.0_05.06.2011_00.17.47_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/05/10 13:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/05/06 13:47:04 | 000,000,221 | -HS- | M] () -- C:\Users\Harv\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/06/04 10:12:09 | 004,112,369 | R--- | M] (Swearware) -- C:\Users\Harv\Desktop\ComboFix.exe
[2011/06/05 00:48:30 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Harv\Desktop\OTL.exe
[2010/09/01 15:33:49 | 000,083,968 | ---- | M] (eSage Lab) -- C:\Users\Harv\Desktop\remover.exe
[2011/05/25 07:10:16 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Harv\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 22:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/05/07 14:42:30 | 000,000,402 | -HS- | M] () -- C:\Users\Harv\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/05/24 01:40:22 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Printer Icons
[2011/05/24 01:40:22 | 000,000,012 | RH-- | M] () -- C:\ProgramData\Resources

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >

 

[rvee]

Also, I really appreciate your help. Massive props, and a big THANK YOU

 

[Broni]

You're welcome

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O3 - HKU\S-1-5-21-761940159-1764212317-3594174455-1007\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
  [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

 

[rvee]

TY,

rebooted & log here:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-761940159-1764212317-3594174455-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
C:\Windows\msdownld.tmp folder deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

User: Default User

User: Harv

User: Public

User: Tech

User: test

User: UpdatusUser

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 554373 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50467 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Harv

User: Public

User: Tech

User: test

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 06052011_012305

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2468.log moved successfully.
File\Folder C:\Windows\temp\TMP00000061B0643979C029F4A4 not found!
C:\Windows\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb moved successfully.
C:\Windows\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D12}.tlb moved successfully.

Registry entries deleted on Reboot...

 

[Broni]

Still redirected?

 

[rvee]

sadly still getting a redirect in FF and IE is trying to as well - avast picked up and blocked a trojan a while it was whirring away trying to redirect to searchpotluck.

 

[Broni]

Let's try to reset your router....

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and Windows 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
NOTE. Simple router disconnecting from a power source will NOT do.
Restart computer and check for redirections.

NOTE. You may need to re-check your router security settings, as described HERE

 

[rvee]

Won't the reset return my router to factory defaults? Its 3rd party (netgear) and has a number of customisations to make it work with my dsl provider....

I'll try and back these up anyways.

 

[Broni]

Yes, you have to write down all necessary settings.

 

[rvee]

all done, router settings backed up (and tucked away for future reference too). box reset, settings then reloaded, reconnected to DSL fine.

I also flushed DNS and shutdown my HTPC which also uses the router. and left it off during the reset.

Still getting redirected in FF and IE, and now more often in chrome

 

[Broni]

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• IMPORTANT! UN-check Remove found threats
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

 

[rvee]

ESET is running now.

I'm off to bed as it is 2am here - thanks for your help m8, I'll pick this up tomorrow.

Have a nice evening!

 

[Broni]

Good Night

 

[rvee]

ESET completed scanning 190k files in around an hour, No threats found, and no log popped up - is there a hidden one somewhere?

 

[Broni]

It won't produce any log, if nothing found.

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

 

[rvee]

Thanks, but I'm still getting redirects in IE and FF (and occasionally chrome), so I'm not sure my PC is clean!

most often clicking a google result points the browser off to one of these:
scour.com
gallantsearch.com
famousclicks.com
searchpotluck.com
clinkingclicks.com
toppingsearch.com

Then after a wait it ends up elsewhere on ad sites or fake shopping sites

RVee

 

[Broni]

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Ensure all Firefox windows are closed.
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
• When prompted to run the scan, click Yes.
• GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).