Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

strange redirect on google


  • This topic is locked This topic is locked
22 replies to this topic

#1 AndyLynn

AndyLynn

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 15 July 2012 - 11:21 AM

sometimes i will get redirected on google, and rarely, but sometimes, get a repetition of audio ads in the background. avast is going nuts with an explorer/iexplorer.exe from my user/local/appdata/temp whatever folder, and its getting quite annoying. thanks for the help in advance.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:38 PM

Posted 16 July 2012 - 12:21 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 AndyLynn

AndyLynn
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 16 July 2012 - 04:59 AM

security check

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
AVG PC Tuneup
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (5.0.1)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


dds

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Lenn at 2:57:35 on 2012-07-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2047 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AlienRespawn\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
C:\Program Files (x86)\LowerPing\LowerP.EXE
C:\Program Files (x86)\AlienRespawn\TOASTER.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://AlienwareArena.com
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: SSOIEAddonBHO Class: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Adobe] rundll32.exe "C:\Users\Lenn\AppData\Local\ApneaSoft\Adobe\knywun.dll",CreateInstance
mRun: [FAStartup]
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: C:\Windows\system32\lp.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://www.netgame.com/mplugin/mglaunch_USAv1005.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{BDE77F38-DFDE-4E68-A955-E55820146C0A} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{BDE77F38-DFDE-4E68-A955-E55820146C0A}\44F6E6E616723702E4564777F627B6 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{BDE77F38-DFDE-4E68-A955-E55820146C0A}\D49702E65696768626F6273702375736B6 : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
LSA: Notification Packages = scecli FAPassSync
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
BHO-X64: SSOIEAddonBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [FAStartup]
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lenn\AppData\Roaming\Mozilla\Firefox\Profiles\3nivjits.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.mystart.com/?pr=pando&id=pandooutsparktb&v=1_0&ent=hp
FF - prefs.js: keyword.URL - hxxp://www.mystart.com/results.php?pr=pando&id=pandooutsparktb&v=1_0&gen=ms&ent=tb&mkt=us&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npBFPlugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 13680]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdfltn.sys --> C:\Windows\system32\DRIVERS\stdfltn.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-6-27 98208]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-14 44808]
R2 FAService;FAService;C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2010-4-4 2409800]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-6-27 13336]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2011-6-27 1692480]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 LOWERP;LOWERP;C:\Program Files (x86)\LowerPing\LowerP.EXE [2011-10-31 3272704]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S0 johci;JMicron 1394 Filter Driver;C:\Windows\system32\DRIVERS\johci.sys --> C:\Windows\system32\DRIVERS\johci.sys [?]
S2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-5-21 14648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-23 1262400]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-4 136176]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-4 136176]
S4 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [2011-6-27 60928]
.
=============== Created Last 30 ================
.
2012-07-15 16:23:16 -------- d-----w- C:\Users\Lenn\AppData\Local\{F48F5497-D3E4-4A40-84D6-67E284A0128B}
2012-07-15 16:22:53 -------- d-----w- C:\Users\Lenn\AppData\Local\{6BF2AC54-9CAC-4CA2-B75C-84C0296A3D85}
2012-07-14 22:58:03 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-07-14 22:58:01 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-07-14 22:57:58 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-07-14 22:57:24 41224 ----a-w- C:\Windows\avastSS.scr
2012-07-14 22:54:21 -------- d-----w- C:\ProgramData\AVAST Software
2012-07-14 22:54:21 -------- d-----w- C:\Program Files\AVAST Software
2012-07-14 21:23:32 -------- d-----w- C:\Users\Lenn\AppData\Roaming\AVG
2012-07-14 20:54:11 -------- d-----w- C:\Users\Lenn\AppData\Roaming\AVG2012
2012-07-14 20:51:51 -------- d--h--w- C:\$AVG
2012-07-14 20:51:51 -------- d-----w- C:\ProgramData\AVG2012
2012-07-14 20:50:53 -------- d-----w- C:\Program Files (x86)\AVG
2012-07-14 20:47:01 -------- d-----w- C:\ProgramData\MFAData
2012-07-14 13:36:35 -------- d-----w- C:\Users\Lenn\AppData\Local\{B966864D-5E86-4BDF-A54C-765CA7936750}
2012-07-14 13:36:13 -------- d-----w- C:\Users\Lenn\AppData\Local\{A8CBD092-7897-415C-ABDA-DE66552761AB}
2012-07-14 04:35:35 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{81DBDBDE-26C4-406C-A9D0-45FD2F302DB3}\offreg.dll
2012-07-13 19:14:48 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{81DBDBDE-26C4-406C-A9D0-45FD2F302DB3}\mpengine.dll
2012-07-13 18:55:19 -------- d-----w- C:\Users\Lenn\AppData\Local\{36BAD0D0-EAE2-4F5B-91F7-CCD5DBA25B85}
2012-07-13 18:54:57 -------- d-----w- C:\Users\Lenn\AppData\Local\{1B6A4892-B280-40BD-BF84-2796AE305630}
2012-07-13 06:54:28 -------- d-----w- C:\Users\Lenn\AppData\Local\{C517E771-2A79-410B-8284-83FCB43AFE34}
2012-07-13 06:54:05 -------- d-----w- C:\Users\Lenn\AppData\Local\{516E45F6-031B-463A-A561-3FDD60A9C31D}
2012-07-12 18:53:38 -------- d-----w- C:\Users\Lenn\AppData\Local\{DEA18941-E788-417D-A199-257C177721B9}
2012-07-12 18:53:17 -------- d-----w- C:\Users\Lenn\AppData\Local\{45B450F8-3057-4B24-A12E-091234793AF8}
2012-07-12 03:41:20 -------- d-----w- C:\Users\Lenn\AppData\Local\{3AE3A22A-F3D6-4E4B-BD84-5DAC5D93D11D}
2012-07-12 03:40:58 -------- d-----w- C:\Users\Lenn\AppData\Local\{622098A0-7576-43BC-9046-C2294C83D9DE}
2012-07-11 19:52:23 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 15:40:28 -------- d-----w- C:\Users\Lenn\AppData\Local\{783B15A8-4444-4B00-B5DA-87FD2B705A2A}
2012-07-11 15:40:09 -------- d-----w- C:\Users\Lenn\AppData\Local\{76AEB5BE-2321-42F6-9290-CBA09B2930E2}
2012-07-11 11:19:08 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 11:19:07 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-11 11:19:07 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-11 11:19:04 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-11 11:19:04 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-07-11 11:19:04 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-07-10 17:30:14 -------- d-----w- C:\Users\Lenn\AppData\Local\{FE7E1241-8700-4DAB-8F4B-359F744F914D}
2012-07-10 17:29:53 -------- d-----w- C:\Users\Lenn\AppData\Local\{BA9CA769-A7AC-41A3-847E-0094A7135C73}
2012-07-09 18:30:33 -------- d-----w- C:\Users\Lenn\AppData\Local\{412F7C0D-62A9-45BD-89BC-C722FF6CB42D}
2012-07-09 18:30:12 -------- d-----w- C:\Users\Lenn\AppData\Local\{76240829-8D44-4BD5-B594-315C96865D78}
2012-07-08 22:34:53 -------- d-----w- C:\Users\Lenn\AppData\Local\{9B47A5FD-4421-458D-A172-8687A857184B}
2012-07-08 22:34:42 -------- d-----w- C:\Users\Lenn\AppData\Local\{E2388C0D-9AD2-4E00-ADBD-A43812256B65}
2012-07-07 23:50:38 -------- d-----w- C:\Users\Lenn\AppData\Local\{58E2E7CB-C8E9-46D9-85B7-C828F05F976E}
2012-07-07 23:50:17 -------- d-----w- C:\Users\Lenn\AppData\Local\{6E07B4E4-5AE6-4595-91E8-94C72301DF05}
2012-07-07 11:06:30 -------- d-----w- C:\Users\Lenn\AppData\Local\{AC842350-9BD6-4911-BBBA-5E431DC4FF9B}
2012-07-07 11:06:20 -------- d-----w- C:\Users\Lenn\AppData\Local\{ED95E966-2D9D-4D85-A35E-A3AA3DDF1393}
2012-07-06 23:06:07 -------- d-----w- C:\Users\Lenn\AppData\Local\{B8A9B04E-2B06-4D92-BFBF-1E093116F05E}
2012-07-06 23:05:45 -------- d-----w- C:\Users\Lenn\AppData\Local\{34430C74-AF34-40CF-8A5F-4FDAA3B6813A}
2012-07-06 10:06:38 -------- d-----w- C:\Users\Lenn\AppData\Local\{042BAB0E-C7A0-4A91-B98A-499F2D51DEAA}
2012-07-06 10:06:16 -------- d-----w- C:\Users\Lenn\AppData\Local\{00F4023B-FC51-4935-AADD-2D044DA18206}
2012-07-05 22:05:48 -------- d-----w- C:\Users\Lenn\AppData\Local\{74157832-A0E5-46FD-B31B-2B11849683A3}
2012-07-05 22:05:26 -------- d-----w- C:\Users\Lenn\AppData\Local\{F475A51B-AA83-461F-B2FB-3E07A5C9CF21}
2012-07-04 23:48:02 -------- d-----w- C:\Users\Lenn\AppData\Local\{1B8521FD-2550-4043-8F1C-2DAD28A70988}
2012-07-04 23:47:51 -------- d-----w- C:\Users\Lenn\AppData\Local\{563CD819-ADF9-4584-8858-9D894D2A84BB}
2012-07-04 09:12:53 -------- d-----w- C:\Users\Lenn\AppData\Local\{9B2D5F4D-48EB-4454-A288-E40DE6F49DCB}
2012-07-04 09:12:29 -------- d-----w- C:\Users\Lenn\AppData\Local\{BB134EAD-7226-4CD4-B1C1-D6CC4CEC3AE0}
2012-07-03 21:12:15 -------- d-----w- C:\Users\Lenn\AppData\Local\{05284023-D3E5-4B72-9E54-18B3D215D606}
2012-07-03 21:11:59 -------- d-----w- C:\Users\Lenn\AppData\Local\{43A996B6-F93D-428D-ADB1-EE6BB05105AC}
2012-07-03 02:55:54 -------- d-----w- C:\Users\Lenn\AppData\Local\ParseModXIV
2012-07-03 00:17:54 -------- d-----w- C:\FRST
2012-07-03 00:04:48 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-03 00:01:44 -------- d-----w- C:\Windows\pss
2012-07-02 22:21:08 -------- d-----w- C:\Users\Lenn\AppData\Local\{20268C6B-FFE8-46B9-9B8E-0647A3401846}
2012-07-02 22:20:49 -------- d-----w- C:\Users\Lenn\AppData\Local\{63F51E20-933F-4BC4-9705-4FC4E26FBE94}
2012-07-01 21:57:30 -------- d-----w- C:\Users\Lenn\AppData\Local\{32F5C056-B867-483E-97AF-068B2D31CFDA}
2012-07-01 21:57:19 -------- d-----w- C:\Users\Lenn\AppData\Local\{0DA0FCE2-049D-4520-B7A2-40D8F66095A9}
2012-06-30 21:45:35 -------- d-----w- C:\Users\Lenn\AppData\Local\{4B1DF08E-22E9-4629-9EDA-8AFB03B974AF}
2012-06-30 21:45:24 -------- d-----w- C:\Users\Lenn\AppData\Local\{BFE6D307-1C33-46F9-B07E-1591328A6B8C}
2012-06-29 21:47:55 -------- d-----w- C:\Users\Lenn\AppData\Local\{77AC292B-556F-443D-B4E7-F880F60C9088}
2012-06-29 21:47:36 -------- d-----w- C:\Users\Lenn\AppData\Local\{95D9C171-FEA0-406F-B898-1DF064982960}
2012-06-28 19:57:37 -------- d-----w- C:\Users\Lenn\AppData\Local\{CA5CD150-838C-433A-BF71-34D16E6640B8}
2012-06-28 19:57:26 -------- d-----w- C:\Users\Lenn\AppData\Local\{B15632AA-7C60-40C0-ACC7-BE09CEDB4C17}
2012-06-27 21:38:46 -------- d-----w- C:\Users\Lenn\AppData\Local\{F085B896-01C2-40AD-97E0-2A8E290EDB81}
2012-06-27 21:38:24 -------- d-----w- C:\Users\Lenn\AppData\Local\{9E4E6FDE-6F51-4ED8-A4D4-CE3650AADC3D}
2012-06-26 21:23:05 -------- d-----w- C:\Users\Lenn\AppData\Local\{A4C6F820-39A0-44AF-BB3B-6417F3F74482}
2012-06-26 21:22:43 -------- d-----w- C:\Users\Lenn\AppData\Local\{25B2DE8E-699B-4E93-8E0F-2EAA103D58B2}
2012-06-25 19:21:23 -------- d-----w- C:\Users\Lenn\AppData\Local\{37EE8A27-9DEB-4BAB-A476-A2F3ADDC24E3}
2012-06-25 19:21:12 -------- d-----w- C:\Users\Lenn\AppData\Local\{F7C50258-985C-4283-A752-12EE27B5E995}
2012-06-24 19:14:42 -------- d-----w- C:\Users\Lenn\AppData\Local\{9743CA5D-F4E1-4036-B6CA-6F25DB99F266}
2012-06-24 19:14:18 -------- d-----w- C:\Users\Lenn\AppData\Local\{D6CB9E45-1558-4864-B445-064496B5BEE9}
2012-06-24 07:13:38 -------- d-----w- C:\Users\Lenn\AppData\Local\{EB0644C8-FA8F-4C2D-9FFF-D9E139DCA4B5}
2012-06-24 07:13:13 -------- d-----w- C:\Users\Lenn\AppData\Local\{8A718125-9A92-4A9D-9135-593098229B5B}
2012-06-23 19:12:48 -------- d-----w- C:\Users\Lenn\AppData\Local\{83977093-99DA-4B84-9A66-CE74072FC8D4}
2012-06-23 19:12:37 -------- d-----w- C:\Users\Lenn\AppData\Local\{16D4B52C-D1C2-4C40-BD04-49B319D3FBE8}
2012-06-22 19:00:41 -------- d-----w- C:\Users\Lenn\AppData\Local\{F792BE18-4DBE-4BAA-9DE3-AB1E17C988DB}
2012-06-22 19:00:21 -------- d-----w- C:\Users\Lenn\AppData\Local\{0D60F559-CC5E-4197-BC55-FED5086280ED}
2012-06-22 18:57:16 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-22 18:56:49 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-22 18:56:38 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-22 18:56:38 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-22 06:18:54 -------- d-----w- C:\Users\Lenn\AppData\Local\{8D5757FE-43BE-4C83-8870-547D70D6AF18}
2012-06-22 06:18:31 -------- d-----w- C:\Users\Lenn\AppData\Local\{0F8EF857-C923-4B8F-92AC-9CE11CA95048}
2012-06-21 18:17:50 -------- d-----w- C:\Users\Lenn\AppData\Local\{79805390-1B93-408D-8DEA-DA980EE83AC0}
2012-06-21 18:17:40 -------- d-----w- C:\Users\Lenn\AppData\Local\{1ABA60D5-FCA6-40FE-A637-458ED34AD7BB}
2012-06-20 18:20:13 -------- d-----w- C:\Users\Lenn\AppData\Local\{6B619A7F-DA2D-45FD-AFED-3D1654C4D83F}
2012-06-20 18:19:58 -------- d-----w- C:\Users\Lenn\AppData\Local\{5D7B3A8B-22D5-4426-9020-725B075F4D59}
2012-06-20 09:36:21 46592 ----a-w- C:\Windows\SysWow64\libusb0.dll
2012-06-20 09:36:21 33792 ----a-w- C:\Windows\SysWow64\drivers\libusb0.sys
2012-06-20 09:36:21 19456 ----a-w- C:\Windows\SysWow64\libusbd-9x.exe
2012-06-20 09:36:21 18944 ----a-w- C:\Windows\SysWow64\libusbd-nt.exe
2012-06-20 09:36:21 -------- d-----w- C:\Program Files (x86)\LibUSB-Win32-0.1.10.1
2012-06-19 18:39:18 -------- d-----w- C:\Users\Lenn\AppData\Local\{31419B90-932D-44B1-87C8-19E3F7ADD9DA}
2012-06-19 18:38:57 -------- d-----w- C:\Users\Lenn\AppData\Local\{4F74C688-6B60-4453-9223-C3F762F76177}
2012-06-19 06:08:18 -------- d-----w- C:\Users\Lenn\AppData\Local\{BF48C5B0-5C52-42CF-A3D5-5A2FF15BC71E}
2012-06-19 06:07:57 -------- d-----w- C:\Users\Lenn\AppData\Local\{E63617E6-5A99-47D6-A98A-21EFAEE0F242}
2012-06-18 18:07:34 -------- d-----w- C:\Users\Lenn\AppData\Local\{5502E36B-D321-4EAC-B8D3-256498EF6D85}
2012-06-17 17:20:25 -------- d-----w- C:\Users\Lenn\AppData\Local\{3C4C48E8-BE2A-4475-8DCA-13C80A65943F}
2012-06-17 04:18:08 -------- d-----w- C:\Users\Lenn\AppData\Local\{8EB8CCF0-3AB2-479F-8AA9-62ABA92100CA}
2012-06-16 16:17:44 -------- d-----w- C:\Users\Lenn\AppData\Local\{E3F69454-5A8A-43DB-9B67-65368D3A2FC4}
.
==================== Find3M ====================
.
2012-07-14 12:43:00 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-14 12:43:00 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:47 858944 ----a-w- C:\Windows\System32\nv3dappshext.dll
2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-05-15 09:29:46 55616 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2012-05-15 09:29:46 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-05-15 09:29:45 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-05-15 09:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-05-13 01:34:32 16384 ----a-w- C:\Windows\SysWow64\lgfwunis.exe
2012-05-12 19:31:00 121416 ----a-w- C:\Windows\System32\drivers\MijXfilt.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-03 02:55:52 42392 ----a-w- C:\Windows\SysWow64\xfcodec.dll
2012-05-03 02:55:52 28056 ----a-w- C:\Windows\System32\xfcodec64.dll
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
============= FINISH: 2:58:21.92 ===============

attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/2/2011 11:20:30 PM
System Uptime: 7/16/2012 2:37:05 AM (0 hours ago)
.
Motherboard: Alienware | | M11x R2
Processor: Intel® Core™ i3 CPU U 330 @ 1.20GHz | CPU | 1199/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 277 GiB total, 149.236 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: facap, FastAccess Video Capture
Device ID: ROOT\IMAGE\0000
Manufacturer: Sensible Vision
Name: facap, FastAccess Video Capture
PNP Device ID: ROOT\IMAGE\0000
Service: FACAP
.
==== System Restore Points ===================
.
RP177: 7/14/2012 1:50:15 PM - Installed AVG 2012
RP178: 7/14/2012 1:51:03 PM - Installed AVG 2012
RP179: 7/14/2012 3:53:55 PM - avast! Free Antivirus Setup
RP180: 7/14/2012 3:54:27 PM - avast! Free Antivirus Setup
RP181: 7/14/2012 3:56:43 PM - avast! Free Antivirus Setup
RP182: 7/14/2012 5:23:04 PM - Removed AVG 2012
RP183: 7/14/2012 5:25:47 PM - Removed AVG 2012
.
==== Installed Programs ======================
.
7-Zip 9.20
AccelerometerP11
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.1.2
Advanced Audio FX Engine
Akamai NetSession Interface
Akamai NetSession Interface Service
AlienRespawn
AlienRespawn - Support Software
Alienware On-Screen Display
Apple Application Support
Apple Software Update
ApRadar 3.3.0.17 Update
avast! Free Antivirus
AVG PC Tuneup
Bandisoft MPEG-1 Decoder
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Command Center
D3DX10
DC Universe Online Live
Dell InHome Service Agreement
Diablo II
Diablo III
EMSC
ESET Online Scanner v3
Exult 1.4.9rc1 Snapshot
Fiesta
FINAL FANTASY XI: Ultimate Collection - Abyssea Edition
FINAL FANTASY XIV
Fraps
Google Update Helper
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 6 Update 31
LG CyberLink LabelPrint
LG CyberLink Power2Go
LG CyberLink PowerBackup
LG CyberLink YouCam
LG ODD Auto Firmware Update
LG Power Tools
LibUSB-Win32-0.1.10.1
LowerPing 2.5.8
LucentHeart
Malwarebytes Anti-Malware version 1.62.0.1300
ManyCam 2.6.55 (remove only)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 5.0.1 (x86 en-US)
MSVCRT
NCsoft Launcher
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
NVIDIA Updatus
Pando Media Booster
Portal
Ragnarok Online
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype Click to Call
Skype™ 5.8
SpeedFan (remove only)
Steam
System Requirements Lab
TERA
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.11
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Xfire (remove only)
.
==== Event Viewer Messages From Past Week ========
.
7/16/2012 2:40:43 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/16/2012 2:40:43 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
7/16/2012 2:38:39 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
7/16/2012 2:38:37 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Alienware Fusion Service service to connect.
7/16/2012 2:38:37 AM, Error: Service Control Manager [7000] - The LibUsb-Win32 - Daemon, Version 0.1.10.1 service failed to start due to the following error: The system cannot find the file specified.
7/16/2012 2:38:37 AM, Error: Service Control Manager [7000] - The Alienware Fusion Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/16/2012 2:37:22 AM, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\libusb0.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/15/2012 4:32:44 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
7/14/2012 4:59:41 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
7/14/2012 4:59:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service LOWERP with arguments "-Service" in order to run the server: {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
7/14/2012 4:59:39 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/14/2012 4:59:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/14/2012 4:59:34 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
7/14/2012 4:59:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/14/2012 4:59:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi Avgldx64 Avgmfx64 cdrom discache spldr Wanarpv6
7/14/2012 2:03:20 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:38 PM

Posted 16 July 2012 - 11:34 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 AndyLynn

AndyLynn
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 16 July 2012 - 12:01 PM

have fun reading this gibberish! im not sure if its completely gone, but i havent had any redirects so far, and web pages seem to be loading rather quickly.

ComboFix 12-07-16.01 - Lenn 07/16/2012 9:40.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2419 [GMT -7:00]
Running from: c:\users\Lenn\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lenn\AppData\Local\ApneaSoft\Adobe\knywun.dll
c:\users\Lenn\AppData\Local\assembly\tmp
c:\windows\SysWow64\Language
.
.
((((((((((((((((((((((((( Files Created from 2012-06-16 to 2012-07-16 )))))))))))))))))))))))))))))))
.
.
2012-07-16 16:53 . 2012-07-16 16:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-16 16:53 . 2012-07-16 16:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-14 22:58 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-14 22:58 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-14 22:58 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-14 22:58 . 2012-07-03 16:21 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-14 22:58 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-14 22:57 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-14 22:57 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-14 22:57 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-14 22:57 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-14 22:54 . 2012-07-14 22:57 -------- d-----w- c:\programdata\AVAST Software
2012-07-14 22:54 . 2012-07-14 22:57 -------- d-----w- c:\program files\AVAST Software
2012-07-14 21:23 . 2012-07-14 21:30 -------- d-----w- c:\users\Lenn\AppData\Roaming\AVG
2012-07-14 20:51 . 2012-07-15 11:30 -------- d-----w- c:\programdata\AVG2012
2012-07-14 20:51 . 2012-07-15 00:25 -------- d-----w- C:\$AVG
2012-07-14 20:50 . 2012-07-14 21:20 -------- d-----w- c:\program files (x86)\AVG
2012-07-14 20:47 . 2012-07-15 00:27 -------- d-----w- c:\programdata\MFAData
2012-07-14 04:35 . 2012-07-16 09:51 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{81DBDBDE-26C4-406C-A9D0-45FD2F302DB3}\offreg.dll
2012-07-13 19:14 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{81DBDBDE-26C4-406C-A9D0-45FD2F302DB3}\mpengine.dll
2012-07-11 19:52 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 11:19 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 11:19 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 11:19 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 11:19 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 11:19 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 11:19 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-03 02:55 . 2012-07-03 02:55 -------- d-----w- c:\users\Lenn\AppData\Local\ParseModXIV
2012-07-03 00:17 . 2012-07-03 00:18 -------- d-----w- C:\FRST
2012-07-03 00:04 . 2012-07-03 00:04 -------- d-----w- c:\program files (x86)\ESET
2012-06-22 18:57 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 18:57 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 18:57 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 18:57 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 18:56 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 18:56 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 18:56 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 18:56 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 18:56 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 09:36 . 2012-06-20 09:36 -------- d-----w- c:\program files (x86)\LibUSB-Win32-0.1.10.1
2012-06-20 09:36 . 2005-03-10 03:50 19456 ----a-w- c:\windows\SysWow64\libusbd-9x.exe
2012-06-20 09:36 . 2005-03-10 03:50 18944 ----a-w- c:\windows\SysWow64\libusbd-nt.exe
2012-06-20 09:36 . 2005-03-10 03:50 33792 ----a-w- c:\windows\SysWow64\drivers\libusb0.sys
2012-06-20 09:36 . 2005-03-10 03:50 46592 ----a-w- c:\windows\SysWow64\libusb0.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-14 12:43 . 2012-04-20 12:51 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-14 12:43 . 2011-07-04 09:53 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 20:46 . 2011-12-12 07:09 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-15 10:48 . 2012-05-24 00:21 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-05-15 10:48 . 2012-05-24 00:21 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-05-24 00:21 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-05-24 00:21 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-05-24 00:21 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-24 00:21 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-24 00:21 28992 ----a-w- c:\windows\system32\drivers\nvpciflt.sys
2012-05-15 10:48 . 2012-05-24 00:21 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-24 00:21 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-05-24 00:21 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-05-24 00:21 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-05-24 00:21 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-05-24 00:21 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-24 00:21 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2012-05-24 00:21 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-05-24 00:21 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-05-24 00:21 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-05-24 00:21 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2012-05-24 00:21 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-05-24 00:21 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2012-01-25 00:00 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2012-01-25 00:00 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-01-25 00:00 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-01-25 00:00 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2012-01-25 00:00 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-06-27 18:19 246592 ----a-w- c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2011-06-27 18:19 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-05-15 10:48 . 2011-06-27 18:18 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 09:29 . 2010-05-26 16:04 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2010-05-26 16:04 858944 ----a-w- c:\windows\system32\nv3dappshext.dll
2012-05-15 09:29 . 2010-05-26 18:04 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2010-05-26 16:04 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2010-05-26 16:04 55616 ----a-w- c:\windows\system32\nv3dappshextr.dll
2012-05-15 09:29 . 2010-05-26 16:04 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-05-15 09:29 . 2010-05-26 18:04 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2010-05-26 16:04 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2010-05-26 16:04 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:21 . 2012-05-15 09:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-13 01:34 . 2012-05-13 01:33 16384 ----a-w- c:\windows\SysWow64\lgfwunis.exe
2012-05-12 19:31 . 2012-04-07 09:26 121416 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2012-05-04 11:06 . 2012-06-13 03:39 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 03:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 03:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-03 02:55 . 2012-05-03 02:55 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll
2012-05-03 02:55 . 2012-05-03 02:55 28056 ----a-w- c:\windows\system32\xfcodec64.dll
2012-05-01 05:40 . 2012-06-13 03:39 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 03:39 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 03:39 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 03:39 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 03:39 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 03:38 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 03:38 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 03:38 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 03:38 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 03:38 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 03:38 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"FATrayAlert"="c:\program files\Alienware\Command Center\AlienSense\FATrayMon.exe" [2010-04-04 95560]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"AlienwareOn-ScreenDisplay"="c:\program files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe" [2010-08-13 1362544]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-04-04 18:43 144712 ----a-w- c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" blrun
"FAStartup"=
.
R0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [2010-04-16 24176]
R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-21 14648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [x]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\gpotato\PriusOnline\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-03-30 158320]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 121416]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-04 1255736]
R3 X6va002;X6va002;c:\users\Lenn\AppData\Local\Temp\002A835.tmp [x]
R3 X6va005;X6va005;c:\users\Lenn\AppData\Local\Temp\005B924.tmp [x]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-04 136176]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-04 136176]
R4 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [2010-01-26 60928]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-05-15 28992]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdfltn.sys [2010-01-26 21040]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2010-04-19 98208]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe [2010-04-04 2409800]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2011-08-18 1692480]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-01-26 26160]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 287232]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-12-29 67072]
S3 LOWERP;LOWERP;c:\program files (x86)\LowerPing\LowerP.EXE [2011-10-31 3272704]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-04 09:53]
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-04 09:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-19 10144288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-23 415256]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-23 161304]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-17 5470208]
"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-05-21 63304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
LSP: c:\windows\system32\lp.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Lenn\AppData\Roaming\Mozilla\Firefox\Profiles\3nivjits.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.mystart.com/?pr=pando&id=pandooutsparktb&v=1_0&ent=hp
FF - prefs.js: keyword.URL - hxxp://www.mystart.com/results.php?pr=pando&id=pandooutsparktb&v=1_0&gen=ms&ent=tb&mkt=us&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Adobe - c:\users\Lenn\AppData\Local\ApneaSoft\Adobe\knywun.dll
Wow6432Node-HKLM-Run-FAStartup - (no file)
SafeBoot-93359831.sys
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-SOE-DC Universe Online Live - c:\users\Public\Sony Online Entertainment\Installed Games\DC Universe Online Live\Uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va002]
"ImagePath"="\??\c:\users\Lenn\AppData\Local\Temp\002A835.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Lenn\AppData\Local\Temp\005B924.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-16 09:58:29
ComboFix-quarantined-files.txt 2012-07-16 16:58
.
Pre-Run: 159,460,757,504 bytes free
Post-Run: 159,291,760,640 bytes free
.
- - End Of File - - 55F6A9AC830ACFAA01A1560B74287CF4

#6 AndyLynn

AndyLynn
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 16 July 2012 - 02:22 PM

still gtting redirected

Edited by AndyLynn, 16 July 2012 - 03:13 PM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:38 PM

Posted 17 July 2012 - 12:02 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 AndyLynn

AndyLynn
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 17 July 2012 - 05:25 AM

02:57:33.0785 4816 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
02:57:34.0424 4816 ============================================================
02:57:34.0424 4816 Current date / time: 2012/07/17 02:57:34.0424
02:57:34.0424 4816 SystemInfo:
02:57:34.0424 4816
02:57:34.0424 4816 OS Version: 6.1.7601 ServicePack: 1.0
02:57:34.0424 4816 Product type: Workstation
02:57:34.0424 4816 ComputerName: LENN-PC
02:57:34.0424 4816 UserName: Lenn
02:57:34.0424 4816 Windows directory: C:\Windows
02:57:34.0424 4816 System windows directory: C:\Windows
02:57:34.0424 4816 Running under WOW64
02:57:34.0424 4816 Processor architecture: Intel x64
02:57:34.0424 4816 Number of processors: 4
02:57:34.0424 4816 Page size: 0x1000
02:57:34.0424 4816 Boot type: Normal boot
02:57:34.0424 4816 ============================================================
02:57:37.0217 4816 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:57:37.0217 4816 ============================================================
02:57:37.0217 4816 \Device\Harddisk0\DR0:
02:57:37.0217 4816 MBR partitions:
02:57:37.0217 4816 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x2A72000
02:57:37.0217 4816 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2A86000, BlocksNum 0x229A8000
02:57:37.0217 4816 ============================================================
02:57:37.0326 4816 C: <-> \Device\Harddisk0\DR0\Partition1
02:57:37.0326 4816 ============================================================
02:57:37.0326 4816 Initialize success
02:57:37.0326 4816 ============================================================
02:57:38.0745 4352 ============================================================
02:57:38.0745 4352 Scan started
02:57:38.0745 4352 Mode: Manual;
02:57:38.0745 4352 ============================================================
02:57:41.0741 4352 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
02:57:41.0772 4352 1394ohci - ok
02:57:41.0819 4352 Acceler (627371b2d48f64cecc4d019114fb140d) C:\Windows\system32\DRIVERS\Accelern.sys
02:57:41.0834 4352 Acceler - ok
02:57:41.0928 4352 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
02:57:41.0943 4352 ACPI - ok
02:57:41.0959 4352 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
02:57:41.0975 4352 AcpiPmi - ok
02:57:42.0084 4352 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
02:57:42.0099 4352 adp94xx - ok
02:57:42.0224 4352 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
02:57:42.0224 4352 adpahci - ok
02:57:42.0255 4352 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
02:57:42.0271 4352 adpu320 - ok
02:57:42.0427 4352 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
02:57:42.0427 4352 AeLookupSvc - ok
02:57:42.0505 4352 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
02:57:42.0505 4352 AERTFilters - ok
02:57:42.0599 4352 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
02:57:42.0614 4352 AFD - ok
02:57:42.0708 4352 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
02:57:42.0723 4352 agp440 - ok
02:57:42.0739 4352 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
02:57:42.0739 4352 ALG - ok
02:57:42.0817 4352 AlienFusionService (a99e57669390f265d25288c8ba042d78) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
02:57:42.0833 4352 AlienFusionService - ok
02:57:42.0879 4352 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
02:57:42.0879 4352 aliide - ok
02:57:42.0895 4352 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
02:57:42.0895 4352 amdide - ok
02:57:42.0957 4352 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
02:57:42.0957 4352 AmdK8 - ok
02:57:42.0973 4352 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
02:57:42.0973 4352 AmdPPM - ok
02:57:43.0035 4352 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
02:57:43.0035 4352 amdsata - ok
02:57:43.0082 4352 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
02:57:43.0098 4352 amdsbs - ok
02:57:43.0113 4352 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
02:57:43.0113 4352 amdxata - ok
02:57:43.0207 4352 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
02:57:43.0207 4352 AppID - ok
02:57:43.0238 4352 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
02:57:43.0238 4352 AppIDSvc - ok
02:57:43.0301 4352 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
02:57:43.0301 4352 Appinfo - ok
02:57:43.0425 4352 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:57:43.0425 4352 Apple Mobile Device - ok
02:57:43.0441 4352 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
02:57:43.0457 4352 arc - ok
02:57:43.0472 4352 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
02:57:43.0472 4352 arcsas - ok
02:57:43.0613 4352 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
02:57:43.0644 4352 aspnet_state - ok
02:57:43.0691 4352 aswFsBlk (df59b8e8df0bd2e0e303778a3806a17d) C:\Windows\system32\drivers\aswFsBlk.sys
02:57:43.0691 4352 aswFsBlk - ok
02:57:43.0753 4352 aswMonFlt (f8e6ab4f876feff69250f2e0c29ef004) C:\Windows\system32\drivers\aswMonFlt.sys
02:57:43.0753 4352 aswMonFlt - ok
02:57:43.0815 4352 aswRdr (aa92bc4bcba40ca3aa3ffd1be24f0c09) C:\Windows\System32\Drivers\aswrdr2.sys
02:57:43.0815 4352 aswRdr - ok
02:57:43.0987 4352 aswSnx (f06e230e1e8ca9437a6474b7b551cd37) C:\Windows\system32\drivers\aswSnx.sys
02:57:44.0003 4352 aswSnx - ok
02:57:44.0049 4352 aswSP (3610ca74a69e380424f0452dec5c1317) C:\Windows\system32\drivers\aswSP.sys
02:57:44.0049 4352 aswSP - ok
02:57:44.0127 4352 aswTdi (87de3e31cb0091d22351349869324065) C:\Windows\system32\drivers\aswTdi.sys
02:57:44.0127 4352 aswTdi - ok
02:57:44.0143 4352 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
02:57:44.0143 4352 AsyncMac - ok
02:57:44.0205 4352 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
02:57:44.0205 4352 atapi - ok
02:57:44.0315 4352 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
02:57:44.0346 4352 AudioEndpointBuilder - ok
02:57:44.0361 4352 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
02:57:44.0377 4352 AudioSrv - ok
02:57:44.0549 4352 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
02:57:44.0549 4352 avast! Antivirus - ok
02:57:44.0627 4352 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
02:57:44.0642 4352 AxInstSV - ok
02:57:44.0736 4352 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
02:57:44.0783 4352 b06bdrv - ok
02:57:44.0845 4352 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
02:57:44.0861 4352 b57nd60a - ok
02:57:44.0907 4352 BCM42RLY (5c0f919666954885d7760dffe4b29a25) C:\Windows\system32\drivers\BCM42RLY.sys
02:57:44.0907 4352 BCM42RLY - ok
02:57:47.0341 4352 BCM43XX (bab887a2b2786310a966881f074f4a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
02:57:47.0372 4352 BCM43XX - ok
02:57:47.0856 4352 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
02:57:47.0887 4352 BDESVC - ok
02:57:47.0934 4352 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
02:57:47.0949 4352 Beep - ok
02:57:48.0402 4352 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
02:57:48.0433 4352 BFE - ok
02:57:49.0104 4352 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
02:57:49.0135 4352 BITS - ok
02:57:49.0276 4352 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
02:57:49.0276 4352 blbdrive - ok
02:57:49.0650 4352 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
02:57:49.0697 4352 Bonjour Service - ok
02:57:49.0759 4352 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
02:57:49.0759 4352 bowser - ok
02:57:49.0806 4352 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:57:49.0822 4352 BrFiltLo - ok
02:57:49.0822 4352 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:57:49.0822 4352 BrFiltUp - ok
02:57:49.0884 4352 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
02:57:49.0884 4352 Browser - ok
02:57:49.0962 4352 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
02:57:49.0962 4352 Brserid - ok
02:57:49.0978 4352 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
02:57:49.0993 4352 BrSerWdm - ok
02:57:49.0993 4352 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
02:57:50.0009 4352 BrUsbMdm - ok
02:57:50.0009 4352 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
02:57:50.0009 4352 BrUsbSer - ok
02:57:50.0056 4352 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
02:57:50.0056 4352 BTHMODEM - ok
02:57:50.0118 4352 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
02:57:50.0134 4352 bthserv - ok
02:57:50.0180 4352 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
02:57:50.0180 4352 cdfs - ok
02:57:50.0258 4352 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
02:57:50.0274 4352 cdrom - ok
02:57:50.0336 4352 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
02:57:50.0336 4352 CertPropSvc - ok
02:57:50.0352 4352 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
02:57:50.0352 4352 circlass - ok
02:57:50.0446 4352 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
02:57:50.0477 4352 CLFS - ok
02:57:50.0633 4352 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:57:50.0664 4352 clr_optimization_v2.0.50727_32 - ok
02:57:50.0695 4352 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:57:50.0711 4352 clr_optimization_v2.0.50727_64 - ok
02:57:50.0914 4352 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:57:50.0976 4352 clr_optimization_v4.0.30319_32 - ok
02:57:51.0054 4352 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:57:51.0070 4352 clr_optimization_v4.0.30319_64 - ok
02:57:51.0116 4352 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
02:57:51.0116 4352 CmBatt - ok
02:57:51.0179 4352 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
02:57:51.0179 4352 cmdide - ok
02:57:51.0288 4352 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
02:57:51.0304 4352 CNG - ok
02:57:51.0350 4352 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
02:57:51.0366 4352 Compbatt - ok
02:57:51.0444 4352 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
02:57:51.0444 4352 CompositeBus - ok
02:57:51.0475 4352 COMSysApp - ok
02:57:52.0037 4352 cpuz132 - ok
02:57:52.0115 4352 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
02:57:52.0115 4352 crcdisk - ok
02:57:52.0224 4352 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
02:57:52.0240 4352 CryptSvc - ok
02:57:52.0255 4352 CtClsFlt - ok
02:57:52.0754 4352 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
02:57:52.0786 4352 DcomLaunch - ok
02:57:52.0864 4352 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
02:57:52.0879 4352 defragsvc - ok
02:57:52.0942 4352 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
02:57:52.0942 4352 DfsC - ok
02:57:53.0051 4352 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
02:57:53.0051 4352 Dhcp - ok
02:57:53.0129 4352 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
02:57:53.0129 4352 discache - ok
02:57:53.0176 4352 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
02:57:53.0176 4352 Disk - ok
02:57:53.0238 4352 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
02:57:53.0254 4352 Dnscache - ok
02:57:53.0316 4352 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
02:57:53.0332 4352 dot3svc - ok
02:57:53.0394 4352 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
02:57:53.0410 4352 DPS - ok
02:57:53.0456 4352 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
02:57:53.0456 4352 drmkaud - ok
02:57:53.0566 4352 dump_wmimmc - ok
02:57:54.0034 4352 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
02:57:54.0049 4352 DXGKrnl - ok
02:57:54.0080 4352 EagleX64 - ok
02:57:54.0112 4352 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
02:57:54.0127 4352 EapHost - ok
02:57:56.0155 4352 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
02:57:56.0233 4352 ebdrv - ok
02:57:56.0951 4352 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
02:57:56.0966 4352 EFS - ok
02:57:57.0653 4352 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
02:57:57.0668 4352 ehRecvr - ok
02:57:57.0793 4352 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
02:57:57.0840 4352 ehSched - ok
02:57:57.0949 4352 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
02:57:57.0980 4352 elxstor - ok
02:57:58.0027 4352 EMSC (e47d9d7e6e53892fc97282482f4ae307) C:\Windows\system32\DRIVERS\EMSC.SYS
02:57:58.0027 4352 EMSC - ok
02:57:58.0090 4352 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
02:57:58.0090 4352 ErrDev - ok
02:57:58.0168 4352 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
02:57:58.0199 4352 EventSystem - ok
02:57:58.0386 4352 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
02:57:58.0417 4352 exfat - ok
02:57:58.0511 4352 FACAP (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys
02:57:58.0526 4352 FACAP - ok
02:58:00.0040 4352 FAService (53e30a6e86aa93c0ffc0bc0439e3e636) C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
02:58:00.0055 4352 FAService - ok
02:58:01.0303 4352 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
02:58:01.0319 4352 fastfat - ok
02:58:01.0537 4352 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
02:58:01.0568 4352 Fax - ok
02:58:01.0584 4352 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
02:58:01.0600 4352 fdc - ok
02:58:01.0615 4352 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
02:58:01.0615 4352 fdPHost - ok
02:58:01.0631 4352 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
02:58:01.0646 4352 FDResPub - ok
02:58:01.0646 4352 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
02:58:01.0646 4352 FileInfo - ok
02:58:01.0678 4352 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
02:58:01.0678 4352 Filetrace - ok
02:58:01.0693 4352 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
02:58:01.0693 4352 flpydisk - ok
02:58:01.0849 4352 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
02:58:01.0865 4352 FltMgr - ok
02:58:03.0175 4352 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
02:58:03.0222 4352 FontCache - ok
02:58:03.0331 4352 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:58:03.0331 4352 FontCache3.0.0.0 - ok
02:58:03.0378 4352 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
02:58:03.0378 4352 FsDepends - ok
02:58:03.0440 4352 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
02:58:03.0440 4352 Fs_Rec - ok
02:58:03.0518 4352 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
02:58:03.0518 4352 fvevol - ok
02:58:03.0596 4352 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
02:58:03.0596 4352 gagp30kx - ok
02:58:03.0643 4352 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
02:58:03.0659 4352 GEARAspiWDM - ok
02:58:04.0298 4352 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
02:58:04.0330 4352 gpsvc - ok
02:58:04.0610 4352 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:58:04.0642 4352 gupdate - ok
02:58:04.0673 4352 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:58:04.0673 4352 gupdatem - ok
02:58:04.0704 4352 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
02:58:04.0704 4352 hcw85cir - ok
02:58:04.0782 4352 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
02:58:04.0782 4352 HDAudBus - ok
02:58:04.0798 4352 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
02:58:04.0798 4352 HidBatt - ok
02:58:04.0813 4352 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
02:58:04.0829 4352 HidBth - ok
02:58:04.0844 4352 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
02:58:04.0844 4352 HidIr - ok
02:58:04.0860 4352 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
02:58:04.0876 4352 hidserv - ok
02:58:04.0922 4352 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
02:58:04.0922 4352 HidUsb - ok
02:58:05.0078 4352 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
02:58:05.0094 4352 hkmsvc - ok
02:58:05.0203 4352 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
02:58:05.0203 4352 HomeGroupListener - ok
02:58:05.0266 4352 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
02:58:05.0281 4352 HomeGroupProvider - ok
02:58:05.0344 4352 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
02:58:05.0344 4352 HpSAMD - ok
02:58:05.0671 4352 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
02:58:05.0718 4352 HTTP - ok
02:58:05.0765 4352 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
02:58:05.0765 4352 hwpolicy - ok
02:58:05.0796 4352 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
02:58:05.0796 4352 i8042prt - ok
02:58:05.0905 4352 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
02:58:05.0905 4352 iaStor - ok
02:58:06.0030 4352 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
02:58:06.0030 4352 IAStorDataMgrSvc - ok
02:58:06.0248 4352 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
02:58:06.0280 4352 iaStorV - ok
02:58:06.0467 4352 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
02:58:06.0482 4352 IDriverT - ok
02:58:07.0465 4352 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:58:07.0512 4352 idsvc - ok
02:58:10.0554 4352 igfx (31569a2e836c12014148bf7342716946) C:\Windows\system32\DRIVERS\igdkmd64.sys
02:58:10.0788 4352 igfx - ok
02:58:10.0960 4352 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
02:58:10.0960 4352 iirsp - ok
02:58:11.0053 4352 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
02:58:11.0100 4352 IKEEXT - ok
02:58:11.0162 4352 InstallFilterService (a4a87c2f228dd2ac93dae94e103792d3) C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
02:58:11.0162 4352 InstallFilterService - ok
02:58:11.0381 4352 IntcAzAudAddService (0adf714079ae174a39d69036143e4c50) C:\Windows\system32\drivers\RTKVHD64.sys
02:58:11.0396 4352 IntcAzAudAddService - ok
02:58:11.0584 4352 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys
02:58:11.0584 4352 IntcDAud - ok
02:58:11.0662 4352 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
02:58:11.0662 4352 intelide - ok
02:58:11.0708 4352 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
02:58:11.0724 4352 intelppm - ok
02:58:11.0740 4352 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
02:58:11.0755 4352 IPBusEnum - ok
02:58:11.0786 4352 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:58:11.0802 4352 IpFilterDriver - ok
02:58:12.0457 4352 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
02:58:12.0488 4352 iphlpsvc - ok
02:58:12.0535 4352 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
02:58:12.0535 4352 IPMIDRV - ok
02:58:12.0582 4352 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
02:58:12.0613 4352 IPNAT - ok
02:58:13.0658 4352 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
02:58:13.0705 4352 iPod Service - ok
02:58:13.0752 4352 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
02:58:13.0752 4352 IRENUM - ok
02:58:13.0830 4352 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
02:58:13.0830 4352 isapnp - ok
02:58:13.0877 4352 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
02:58:13.0892 4352 iScsiPrt - ok
02:58:13.0986 4352 JMCR (1ea84fc4df200ff77a823078532123bf) C:\Windows\system32\DRIVERS\jmcr.sys
02:58:13.0986 4352 JMCR - ok
02:58:14.0048 4352 johci (0b585d18c93379227fa2a645181a6da2) C:\Windows\system32\DRIVERS\johci.sys
02:58:14.0048 4352 johci - ok
02:58:14.0080 4352 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
02:58:14.0080 4352 kbdclass - ok
02:58:14.0142 4352 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
02:58:14.0158 4352 kbdhid - ok
02:58:14.0220 4352 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:58:14.0220 4352 KeyIso - ok
02:58:14.0267 4352 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
02:58:14.0267 4352 KSecDD - ok
02:58:14.0314 4352 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
02:58:14.0329 4352 KSecPkg - ok
02:58:14.0360 4352 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
02:58:14.0360 4352 ksthunk - ok
02:58:14.0407 4352 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
02:58:14.0423 4352 KtmRm - ok
02:58:14.0470 4352 L1C (9c46a5421de9d116c47155317cabb522) C:\Windows\system32\DRIVERS\L1C62x64.sys
02:58:14.0470 4352 L1C - ok
02:58:14.0532 4352 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
02:58:14.0548 4352 LanmanServer - ok
02:58:14.0594 4352 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
02:58:14.0626 4352 LanmanWorkstation - ok
02:58:14.0657 4352 libusb0 - ok
02:58:14.0672 4352 libusbd - ok
02:58:14.0719 4352 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
02:58:14.0719 4352 lltdio - ok
02:58:14.0797 4352 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
02:58:14.0813 4352 lltdsvc - ok
02:58:14.0844 4352 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
02:58:14.0844 4352 lmhosts - ok
02:58:17.0246 4352 LOWERP (f455fdacb5c7921947a65bf2850de1a9) C:\Program Files (x86)\LowerPing\LowerP.EXE
02:58:17.0278 4352 LOWERP - ok
02:58:17.0636 4352 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
02:58:17.0652 4352 LSI_FC - ok
02:58:17.0668 4352 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
02:58:17.0683 4352 LSI_SAS - ok
02:58:17.0699 4352 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:58:17.0699 4352 LSI_SAS2 - ok
02:58:17.0714 4352 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:58:17.0730 4352 LSI_SCSI - ok
02:58:17.0808 4352 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
02:58:17.0808 4352 luafv - ok
02:58:17.0855 4352 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
02:58:17.0855 4352 ManyCam - ok
02:58:17.0980 4352 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
02:58:17.0995 4352 Mcx2Svc - ok
02:58:18.0011 4352 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
02:58:18.0011 4352 megasas - ok
02:58:18.0182 4352 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
02:58:18.0214 4352 MegaSR - ok
02:58:18.0245 4352 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
02:58:18.0245 4352 MMCSS - ok
02:58:18.0260 4352 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
02:58:18.0260 4352 Modem - ok
02:58:18.0307 4352 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
02:58:18.0307 4352 monitor - ok
02:58:18.0370 4352 MotioninJoyXFilter (c030f9e822a057c1a7a9bb4ea3e8877e) C:\Windows\system32\DRIVERS\MijXfilt.sys
02:58:18.0370 4352 MotioninJoyXFilter - ok
02:58:18.0416 4352 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
02:58:18.0416 4352 mouclass - ok
02:58:18.0479 4352 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
02:58:18.0479 4352 mouhid - ok
02:58:18.0650 4352 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
02:58:18.0666 4352 mountmgr - ok
02:58:18.0713 4352 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
02:58:18.0728 4352 mpio - ok
02:58:18.0760 4352 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
02:58:18.0760 4352 mpsdrv - ok
02:58:18.0916 4352 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
02:58:18.0947 4352 MpsSvc - ok
02:58:19.0009 4352 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
02:58:19.0025 4352 MRxDAV - ok
02:58:19.0072 4352 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:58:19.0072 4352 mrxsmb - ok
02:58:19.0352 4352 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:58:19.0384 4352 mrxsmb10 - ok
02:58:19.0399 4352 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:58:19.0399 4352 mrxsmb20 - ok
02:58:19.0430 4352 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
02:58:19.0430 4352 msahci - ok
02:58:19.0462 4352 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
02:58:19.0477 4352 msdsm - ok
02:58:19.0508 4352 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
02:58:19.0555 4352 MSDTC - ok
02:58:19.0571 4352 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
02:58:19.0571 4352 Msfs - ok
02:58:19.0618 4352 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
02:58:19.0618 4352 mshidkmdf - ok
02:58:19.0633 4352 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
02:58:19.0633 4352 msisadrv - ok
02:58:19.0680 4352 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
02:58:19.0711 4352 MSiSCSI - ok
02:58:19.0711 4352 msiserver - ok
02:58:19.0774 4352 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
02:58:19.0774 4352 MSKSSRV - ok
02:58:19.0820 4352 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
02:58:19.0820 4352 MSPCLOCK - ok
02:58:19.0836 4352 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
02:58:19.0852 4352 MSPQM - ok
02:58:20.0054 4352 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
02:58:20.0086 4352 MsRPC - ok
02:58:20.0117 4352 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
02:58:20.0117 4352 mssmbios - ok
02:58:20.0132 4352 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
02:58:20.0132 4352 MSTEE - ok
02:58:20.0148 4352 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
02:58:20.0148 4352 MTConfig - ok
02:58:20.0164 4352 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
02:58:20.0164 4352 Mup - ok
02:58:20.0242 4352 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
02:58:20.0273 4352 napagent - ok
02:58:20.0351 4352 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
02:58:20.0382 4352 NativeWifiP - ok
02:58:20.0569 4352 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
02:58:20.0616 4352 NDIS - ok
02:58:20.0632 4352 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
02:58:20.0632 4352 NdisCap - ok
02:58:20.0678 4352 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
02:58:20.0678 4352 NdisTapi - ok
02:58:20.0741 4352 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
02:58:20.0741 4352 Ndisuio - ok
02:58:20.0788 4352 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
02:58:20.0788 4352 NdisWan - ok
02:58:20.0834 4352 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
02:58:20.0850 4352 NDProxy - ok
02:58:20.0850 4352 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
02:58:20.0866 4352 NetBIOS - ok
02:58:20.0928 4352 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
02:58:20.0944 4352 NetBT - ok
02:58:20.0990 4352 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:58:20.0990 4352 Netlogon - ok
02:58:21.0068 4352 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
02:58:21.0131 4352 Netman - ok
02:58:21.0209 4352 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:58:21.0256 4352 NetMsmqActivator - ok
02:58:21.0256 4352 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:58:21.0256 4352 NetPipeActivator - ok
02:58:21.0318 4352 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
02:58:21.0334 4352 netprofm - ok
02:58:21.0349 4352 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:58:21.0349 4352 NetTcpActivator - ok
02:58:21.0349 4352 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:58:21.0349 4352 NetTcpPortSharing - ok
02:58:21.0427 4352 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
02:58:21.0443 4352 nfrd960 - ok
02:58:21.0490 4352 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
02:58:21.0505 4352 NlaSvc - ok
02:58:21.0521 4352 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
02:58:21.0536 4352 Npfs - ok
02:58:21.0552 4352 npggsvc - ok
02:58:21.0568 4352 NPPTNT2 - ok
02:58:21.0614 4352 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
02:58:21.0630 4352 nsi - ok
02:58:21.0646 4352 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
02:58:21.0646 4352 nsiproxy - ok
02:58:23.0658 4352 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
02:58:23.0705 4352 Ntfs - ok
02:58:24.0469 4352 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
02:58:24.0485 4352 Null - ok
02:58:36.0247 4352 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
02:58:36.0372 4352 nvlddmkm - ok
02:58:36.0824 4352 nvpciflt (715d45ed30003fc70cfa0d9c6dd0b538) C:\Windows\system32\DRIVERS\nvpciflt.sys
02:58:36.0840 4352 nvpciflt - ok
02:58:36.0934 4352 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
02:58:36.0934 4352 nvraid - ok
02:58:36.0996 4352 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
02:58:37.0012 4352 nvstor - ok
02:58:37.0308 4352 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
02:58:37.0339 4352 nvsvc - ok
02:58:38.0400 4352 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
02:58:38.0447 4352 nvUpdatusService - ok
02:58:39.0554 4352 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
02:58:39.0554 4352 nv_agp - ok
02:58:39.0570 4352 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
02:58:39.0586 4352 ohci1394 - ok
02:58:39.0726 4352 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
02:58:39.0866 4352 p2pimsvc - ok
02:58:39.0929 4352 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
02:58:39.0960 4352 p2psvc - ok
02:58:39.0976 4352 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
02:58:39.0991 4352 Parport - ok
02:58:40.0038 4352 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
02:58:40.0038 4352 partmgr - ok
02:58:40.0054 4352 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
02:58:40.0069 4352 PcaSvc - ok
02:58:40.0100 4352 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
02:58:40.0116 4352 pci - ok
02:58:40.0147 4352 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
02:58:40.0147 4352 pciide - ok
02:58:40.0178 4352 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
02:58:40.0194 4352 pcmcia - ok
02:58:40.0194 4352 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
02:58:40.0194 4352 pcw - ok
02:58:40.0288 4352 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
02:58:40.0319 4352 PEAUTH - ok
02:58:40.0428 4352 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
02:58:40.0444 4352 PerfHost - ok
02:58:41.0660 4352 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
02:58:41.0692 4352 pla - ok
02:58:41.0816 4352 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
02:58:41.0832 4352 PlugPlay - ok
02:58:41.0863 4352 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
02:58:41.0863 4352 PNRPAutoReg - ok
02:58:41.0910 4352 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
02:58:41.0910 4352 PNRPsvc - ok
02:58:42.0284 4352 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
02:58:42.0316 4352 PolicyAgent - ok
02:58:42.0362 4352 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
02:58:42.0378 4352 Power - ok
02:58:42.0503 4352 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
02:58:42.0518 4352 PptpMiniport - ok
02:58:42.0550 4352 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
02:58:42.0550 4352 Processor - ok
02:58:42.0628 4352 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
02:58:42.0643 4352 ProfSvc - ok
02:58:42.0674 4352 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:58:42.0690 4352 ProtectedStorage - ok
02:58:42.0752 4352 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
02:58:42.0768 4352 Psched - ok
02:58:43.0314 4352 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
02:58:43.0361 4352 ql2300 - ok
02:58:43.0907 4352 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
02:58:43.0907 4352 ql40xx - ok
02:58:43.0985 4352 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
02:58:44.0000 4352 QWAVE - ok
02:58:44.0016 4352 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
02:58:44.0032 4352 QWAVEdrv - ok
02:58:44.0032 4352 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
02:58:44.0032 4352 RasAcd - ok
02:58:44.0094 4352 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
02:58:44.0110 4352 RasAgileVpn - ok
02:58:44.0125 4352 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
02:58:44.0141 4352 RasAuto - ok
02:58:44.0188 4352 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:58:44.0188 4352 Rasl2tp - ok
02:58:44.0281 4352 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
02:58:44.0297 4352 RasMan - ok
02:58:44.0312 4352 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
02:58:44.0312 4352 RasPppoe - ok
02:58:44.0359 4352 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
02:58:44.0375 4352 RasSstp - ok
02:58:44.0406 4352 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
02:58:44.0422 4352 rdbss - ok
02:58:44.0437 4352 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
02:58:44.0437 4352 rdpbus - ok
02:58:44.0468 4352 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:58:44.0468 4352 RDPCDD - ok
02:58:44.0500 4352 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
02:58:44.0500 4352 RDPENCDD - ok
02:58:44.0515 4352 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
02:58:44.0515 4352 RDPREFMP - ok
02:58:44.0827 4352 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
02:58:44.0843 4352 RDPWD - ok
02:58:44.0921 4352 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
02:58:44.0936 4352 rdyboost - ok
02:58:44.0999 4352 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
02:58:45.0014 4352 RemoteAccess - ok
02:58:45.0046 4352 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
02:58:45.0061 4352 RemoteRegistry - ok
02:58:45.0092 4352 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
02:58:45.0108 4352 RpcEptMapper - ok
02:58:45.0124 4352 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
02:58:45.0139 4352 RpcLocator - ok
02:58:45.0404 4352 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
02:58:45.0420 4352 RpcSs - ok
02:58:45.0514 4352 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
02:58:45.0529 4352 rspndr - ok
02:58:45.0576 4352 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:58:45.0576 4352 SamSs - ok
02:58:45.0670 4352 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
02:58:45.0670 4352 sbp2port - ok
02:58:45.0716 4352 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
02:58:45.0732 4352 SCardSvr - ok
02:58:45.0779 4352 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
02:58:45.0779 4352 scfilter - ok
02:58:47.0058 4352 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
02:58:47.0089 4352 Schedule - ok
02:58:47.0152 4352 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
02:58:47.0152 4352 SCPolicySvc - ok
02:58:47.0401 4352 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
02:58:47.0464 4352 SDRSVC - ok
02:58:47.0526 4352 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
02:58:47.0542 4352 secdrv - ok
02:58:47.0573 4352 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
02:58:47.0588 4352 seclogon - ok
02:58:47.0744 4352 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
02:58:47.0776 4352 SENS - ok
02:58:47.0791 4352 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
02:58:47.0807 4352 SensrSvc - ok
02:58:47.0822 4352 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
02:58:47.0822 4352 Serenum - ok
02:58:47.0869 4352 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
02:58:47.0869 4352 Serial - ok
02:58:47.0932 4352 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
02:58:47.0947 4352 sermouse - ok
02:58:47.0994 4352 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
02:58:48.0010 4352 SessionEnv - ok
02:58:48.0041 4352 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
02:58:48.0041 4352 sffdisk - ok
02:58:48.0056 4352 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
02:58:48.0056 4352 sffp_mmc - ok
02:58:48.0072 4352 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
02:58:48.0072 4352 sffp_sd - ok
02:58:48.0088 4352 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
02:58:48.0103 4352 sfloppy - ok
02:58:49.0757 4352 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\AlienRespawn\sftservice.EXE
02:58:49.0772 4352 SftService - ok
02:58:50.0474 4352 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
02:58:50.0521 4352 SharedAccess - ok
02:58:50.0584 4352 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
02:58:50.0615 4352 ShellHWDetection - ok
02:58:50.0771 4352 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:58:50.0771 4352 SiSRaid2 - ok
02:58:50.0802 4352 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
02:58:50.0818 4352 SiSRaid4 - ok
02:58:51.0192 4352 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
02:58:51.0192 4352 SkypeUpdate - ok
02:58:51.0223 4352 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
02:58:51.0239 4352 Smb - ok
02:58:51.0332 4352 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
02:58:51.0348 4352 SNMPTRAP - ok
02:58:51.0473 4352 speedfan (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys
02:58:51.0488 4352 speedfan - ok
02:58:51.0520 4352 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
02:58:51.0520 4352 spldr - ok
02:58:51.0660 4352 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
02:58:51.0707 4352 Spooler - ok
02:58:56.0106 4352 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
02:58:56.0200 4352 sppsvc - ok
02:58:57.0931 4352 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
02:58:57.0962 4352 sppuinotify - ok
02:58:58.0072 4352 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
02:58:58.0087 4352 srv - ok
02:58:58.0352 4352 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
02:58:58.0384 4352 srv2 - ok
02:58:58.0415 4352 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
02:58:58.0415 4352 srvnet - ok
02:58:58.0477 4352 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
02:58:58.0493 4352 SSDPSRV - ok
02:58:58.0555 4352 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
02:58:58.0571 4352 SstpSvc - ok
02:58:58.0586 4352 stdflt (c568fdb21ce77a44fd166f28f104ac46) C:\Windows\system32\DRIVERS\stdfltn.sys
02:58:58.0586 4352 stdflt - ok
02:58:58.0664 4352 Steam Client Service - ok
02:58:59.0366 4352 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
02:58:59.0366 4352 Stereo Service - ok
02:58:59.0398 4352 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
02:58:59.0398 4352 stexstor - ok
02:59:00.0193 4352 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
02:59:00.0240 4352 stisvc - ok
02:59:00.0271 4352 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
02:59:00.0271 4352 swenum - ok
02:59:00.0755 4352 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
02:59:00.0786 4352 swprv - ok
02:59:00.0958 4352 SynTP (be2b928de9af2848289db7a54c7e2398) C:\Windows\system32\DRIVERS\SynTP.sys
02:59:00.0958 4352 SynTP - ok
02:59:03.0220 4352 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
02:59:03.0282 4352 SysMain - ok
02:59:03.0906 4352 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
02:59:03.0906 4352 TabletInputService - ok
02:59:03.0937 4352 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
02:59:03.0968 4352 TapiSrv - ok
02:59:04.0000 4352 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
02:59:04.0000 4352 TBS - ok
02:59:05.0684 4352 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
02:59:05.0747 4352 Tcpip - ok
02:59:08.0711 4352 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
02:59:08.0726 4352 TCPIP6 - ok
02:59:09.0694 4352 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
02:59:09.0694 4352 tcpipreg - ok
02:59:09.0756 4352 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
02:59:09.0756 4352 TDPIPE - ok
02:59:09.0787 4352 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
02:59:09.0787 4352 TDTCP - ok
02:59:09.0850 4352 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
02:59:09.0850 4352 tdx - ok
02:59:09.0990 4352 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
02:59:09.0990 4352 TermDD - ok
02:59:10.0942 4352 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
02:59:10.0957 4352 TermService - ok
02:59:11.0004 4352 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
02:59:11.0020 4352 Themes - ok
02:59:11.0035 4352 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
02:59:11.0051 4352 THREADORDER - ok
02:59:11.0066 4352 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
02:59:11.0082 4352 TrkWks - ok
02:59:11.0160 4352 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
02:59:11.0176 4352 TrustedInstaller - ok
02:59:11.0222 4352 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:59:11.0222 4352 tssecsrv - ok
02:59:11.0300 4352 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
02:59:11.0316 4352 TsUsbFlt - ok
02:59:11.0378 4352 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
02:59:11.0394 4352 tunnel - ok
02:59:11.0425 4352 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
02:59:11.0425 4352 uagp35 - ok
02:59:11.0456 4352 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
02:59:11.0472 4352 udfs - ok
02:59:11.0503 4352 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
02:59:11.0519 4352 UI0Detect - ok
02:59:11.0581 4352 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
02:59:11.0597 4352 uliagpkx - ok
02:59:11.0644 4352 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
02:59:11.0644 4352 umbus - ok
02:59:11.0862 4352 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
02:59:11.0862 4352 UmPass - ok
02:59:11.0909 4352 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
02:59:11.0924 4352 upnphost - ok
02:59:11.0971 4352 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
02:59:11.0971 4352 USBAAPL64 - ok
02:59:11.0987 4352 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
02:59:11.0987 4352 usbccgp - ok
02:59:12.0034 4352 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
02:59:12.0034 4352 usbcir - ok
02:59:12.0080 4352 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
02:59:12.0080 4352 usbehci - ok
02:59:12.0158 4352 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
02:59:12.0174 4352 usbhub - ok
02:59:12.0205 4352 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
02:59:12.0205 4352 usbohci - ok
02:59:12.0236 4352 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
02:59:12.0236 4352 usbprint - ok
02:59:12.0268 4352 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:59:12.0268 4352 USBSTOR - ok
02:59:12.0283 4352 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
02:59:12.0283 4352 usbuhci - ok
02:59:12.0361 4352 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
02:59:12.0377 4352 usbvideo - ok
02:59:12.0408 4352 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
02:59:12.0424 4352 UxSms - ok
02:59:12.0455 4352 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:59:12.0455 4352 VaultSvc - ok
02:59:12.0470 4352 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
02:59:12.0486 4352 vdrvroot - ok
02:59:12.0564 4352 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
02:59:12.0611 4352 vds - ok
02:59:12.0626 4352 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
02:59:12.0642 4352 vga - ok
02:59:12.0658 4352 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
02:59:12.0658 4352 VgaSave - ok
02:59:12.0704 4352 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
02:59:12.0720 4352 vhdmp - ok
02:59:12.0736 4352 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
02:59:12.0736 4352 viaide - ok
02:59:12.0767 4352 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
02:59:12.0767 4352 volmgr - ok
02:59:13.0219 4352 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
02:59:13.0266 4352 volmgrx - ok
02:59:13.0297 4352 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
02:59:13.0313 4352 volsnap - ok
02:59:13.0375 4352 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
02:59:13.0391 4352 vsmraid - ok
02:59:13.0828 4352 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
02:59:13.0874 4352 VSS - ok
02:59:14.0951 4352 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
02:59:14.0951 4352 vwifibus - ok
02:59:14.0998 4352 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
02:59:14.0998 4352 vwififlt - ok
02:59:15.0060 4352 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
02:59:15.0060 4352 vwifimp - ok
02:59:15.0216 4352 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
02:59:15.0263 4352 W32Time - ok
02:59:15.0278 4352 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
02:59:15.0278 4352 WacomPen - ok
02:59:15.0325 4352 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:59:15.0325 4352 WANARP - ok
02:59:15.0341 4352 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:59:15.0356 4352 Wanarpv6 - ok
02:59:16.0074 4352 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
02:59:16.0105 4352 WatAdminSvc - ok
02:59:17.0057 4352 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
02:59:17.0088 4352 wbengine - ok
02:59:17.0275 4352 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
02:59:17.0306 4352 WbioSrvc - ok
02:59:17.0369 4352 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
02:59:17.0400 4352 wcncsvc - ok
02:59:17.0416 4352 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
02:59:17.0431 4352 WcsPlugInService - ok
02:59:17.0462 4352 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
02:59:17.0462 4352 Wd - ok
02:59:17.0509 4352 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
02:59:17.0540 4352 Wdf01000 - ok
02:59:17.0572 4352 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
02:59:17.0587 4352 WdiServiceHost - ok
02:59:17.0587 4352 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
02:59:17.0587 4352 WdiSystemHost - ok
02:59:17.0665 4352 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
02:59:17.0681 4352 WebClient - ok
02:59:17.0712 4352 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
02:59:17.0728 4352 Wecsvc - ok
02:59:17.0743 4352 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
02:59:17.0759 4352 wercplsupport - ok
02:59:17.0806 4352 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
02:59:17.0821 4352 WerSvc - ok
02:59:17.0852 4352 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
02:59:17.0852 4352 WfpLwf - ok
02:59:17.0899 4352 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
02:59:17.0915 4352 WimFltr - ok
02:59:17.0930 4352 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
02:59:17.0930 4352 WIMMount - ok
02:59:17.0962 4352 WinDefend - ok
02:59:17.0993 4352 WinHttpAutoProxySvc - ok
02:59:18.0055 4352 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
02:59:18.0071 4352 Winmgmt - ok
02:59:18.0242 4352 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
02:59:18.0305 4352 WinRM - ok
02:59:18.0539 4352 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
02:59:18.0554 4352 WinUsb - ok
02:59:18.0632 4352 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
02:59:18.0679 4352 Wlansvc - ok
02:59:18.0866 4352 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:59:18.0929 4352 wlidsvc - ok
02:59:18.0960 4352 wltrysvc (a96d6c0613dcf84f2d07faeb75663072) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
02:59:18.0976 4352 wltrysvc - ok
02:59:19.0147 4352 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
02:59:19.0147 4352 WmiAcpi - ok
02:59:19.0210 4352 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
02:59:19.0225 4352 wmiApSrv - ok
02:59:19.0288 4352 WMPNetworkSvc - ok
02:59:19.0334 4352 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
02:59:19.0334 4352 WPCSvc - ok
02:59:19.0381 4352 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
02:59:19.0397 4352 WPDBusEnum - ok
02:59:19.0428 4352 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
02:59:19.0428 4352 ws2ifsl - ok
02:59:19.0459 4352 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
02:59:19.0475 4352 wscsvc - ok
02:59:19.0475 4352 WSearch - ok
02:59:21.0908 4352 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
02:59:21.0986 4352 wuauserv - ok
02:59:22.0954 4352 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
02:59:22.0954 4352 WudfPf - ok
02:59:23.0016 4352 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:59:23.0032 4352 WUDFRd - ok
02:59:23.0063 4352 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
02:59:23.0078 4352 wudfsvc - ok
02:59:23.0125 4352 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
02:59:23.0156 4352 WwanSvc - ok
02:59:23.0484 4352 X6va002 - ok
02:59:23.0515 4352 X6va005 - ok
02:59:23.0593 4352 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
02:59:23.0609 4352 xusb21 - ok
02:59:23.0671 4352 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
02:59:26.0417 4352 \Device\Harddisk0\DR0 - ok
02:59:26.0432 4352 Boot (0x1200) (17b95ac8758f902c0b46373ca4e68d06) \Device\Harddisk0\DR0\Partition0
02:59:26.0432 4352 \Device\Harddisk0\DR0\Partition0 - ok
02:59:26.0448 4352 Boot (0x1200) (37bf278f24d9a16ab75e3393c41c8b64) \Device\Harddisk0\DR0\Partition1
02:59:26.0464 4352 \Device\Harddisk0\DR0\Partition1 - ok
02:59:26.0464 4352 ============================================================
02:59:26.0464 4352 Scan finished
02:59:26.0464 4352 ============================================================
02:59:26.0479 6428 Detected object count: 0
02:59:26.0479 6428 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-17 03:00:27
-----------------------------
03:00:27.565 OS Version: Windows x64 6.1.7601 Service Pack 1
03:00:27.565 Number of processors: 4 586 0x2505
03:00:27.565 ComputerName: LENN-PC UserName: Lenn
03:00:30.998 Initialize success
03:00:31.201 AVAST engine defs: 12071700
03:06:16.694 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
03:06:16.694 Disk 0 Vendor: ST932042 D005 Size: 305245MB BusType: 3
03:06:16.710 Disk 0 MBR read successfully
03:06:16.725 Disk 0 MBR scan
03:06:16.725 Disk 0 Windows VISTA default MBR code
03:06:16.725 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
03:06:16.741 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 21732 MB offset 81920
03:06:16.757 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 283472 MB offset 44589056
03:06:16.788 Disk 0 scanning C:\Windows\system32\drivers
03:06:25.836 Service scanning
03:06:43.713 Modules scanning
03:06:43.713 Disk 0 trace - called modules:
03:06:43.745 ntoskrnl.exe CLASSPNP.SYS disk.sys stdfltn.sys ACPI.sys iaStor.sys hal.dll
03:06:43.760 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80075c9060]
03:06:43.760 3 CLASSPNP.SYS[fffff8800185b43f] -> nt!IofCallDriver -> [0xfffffa800746ec90]
03:06:43.776 5 stdfltn.sys[fffff88001b7faf2] -> nt!IofCallDriver -> [0xfffffa80055c9b20]
03:06:43.776 7 ACPI.sys[fffff88000ebe7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa80055ca050]
03:06:46.381 AVAST engine scan C:\Windows
03:06:48.612 AVAST engine scan C:\Windows\system32
03:09:15.790 AVAST engine scan C:\Windows\system32\drivers
03:09:26.242 AVAST engine scan C:\Users\Lenn
03:18:40.034 AVAST engine scan C:\ProgramData
03:20:38.049 Scan finished successfully
03:24:54.872 Disk 0 MBR has been saved successfully to "C:\Users\Lenn\Desktop\MBR.dat"
03:24:54.888 The log file has been saved successfully to "C:\Users\Lenn\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:38 PM

Posted 17 July 2012 - 10:49 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 AndyLynn

AndyLynn
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 18 July 2012 - 06:51 AM

ComboFix 12-07-18.01 - Lenn 07/18/2012 4:30.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2294 [GMT -7:00]
Running from: c:\users\Lenn\Desktop\ComboFix.exe
Command switches used :: c:\users\Lenn\Desktop\CFscript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lenn\AppData\Local\ApneaSoft\Adobe\knywun.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-18 to 2012-07-18 )))))))))))))))))))))))))))))))
.
.
2012-07-18 11:43 . 2012-07-18 11:43 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-18 11:43 . 2012-07-18 11:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-17 16:26 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{16D69E57-C5A1-42D3-9EEA-B867E7F5CC02}\mpengine.dll
2012-07-14 22:58 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-14 22:58 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-14 22:58 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-14 22:58 . 2012-07-03 16:21 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-14 22:58 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-14 22:57 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-14 22:57 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-14 22:57 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-14 22:57 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-14 22:54 . 2012-07-14 22:57 -------- d-----w- c:\programdata\AVAST Software
2012-07-14 22:54 . 2012-07-14 22:57 -------- d-----w- c:\program files\AVAST Software
2012-07-14 21:23 . 2012-07-14 21:30 -------- d-----w- c:\users\Lenn\AppData\Roaming\AVG
2012-07-14 20:51 . 2012-07-15 00:25 -------- d-----w- c:\programdata\AVG2012
2012-07-14 20:51 . 2012-07-15 00:25 -------- d-----w- C:\$AVG
2012-07-14 20:50 . 2012-07-14 21:20 -------- d-----w- c:\program files (x86)\AVG
2012-07-14 20:47 . 2012-07-16 19:48 -------- d-----w- c:\programdata\MFAData
2012-07-11 19:52 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 11:19 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 11:19 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 11:19 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 11:19 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 11:19 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 11:19 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-03 02:55 . 2012-07-03 02:55 -------- d-----w- c:\users\Lenn\AppData\Local\ParseModXIV
2012-07-03 00:17 . 2012-07-03 00:18 -------- d-----w- C:\FRST
2012-07-03 00:04 . 2012-07-03 00:04 -------- d-----w- c:\program files (x86)\ESET
2012-06-22 18:57 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 18:57 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 18:57 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 18:57 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 18:56 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 18:56 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 18:56 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 18:56 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 18:56 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 09:36 . 2012-06-20 09:36 -------- d-----w- c:\program files (x86)\LibUSB-Win32-0.1.10.1
2012-06-20 09:36 . 2005-03-10 03:50 19456 ----a-w- c:\windows\SysWow64\libusbd-9x.exe
2012-06-20 09:36 . 2005-03-10 03:50 18944 ----a-w- c:\windows\SysWow64\libusbd-nt.exe
2012-06-20 09:36 . 2005-03-10 03:50 33792 ----a-w- c:\windows\SysWow64\drivers\libusb0.sys
2012-06-20 09:36 . 2005-03-10 03:50 46592 ----a-w- c:\windows\SysWow64\libusb0.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-14 12:43 . 2012-04-20 12:51 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-14 12:43 . 2011-07-04 09:53 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 20:46 . 2011-12-12 07:09 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-31 19:25 . 2011-08-14 17:37 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-15 10:48 . 2012-05-24 00:21 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-05-15 10:48 . 2012-05-24 00:21 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-05-24 00:21 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-05-24 00:21 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-05-24 00:21 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-24 00:21 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-24 00:21 28992 ----a-w- c:\windows\system32\drivers\nvpciflt.sys
2012-05-15 10:48 . 2012-05-24 00:21 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-24 00:21 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-05-24 00:21 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-05-24 00:21 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-05-24 00:21 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-05-24 00:21 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-24 00:21 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2012-05-24 00:21 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-05-24 00:21 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-05-24 00:21 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-05-24 00:21 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2012-05-24 00:21 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-05-24 00:21 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2012-01-25 00:00 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2012-01-25 00:00 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-01-25 00:00 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-01-25 00:00 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2012-01-25 00:00 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-06-27 18:19 246592 ----a-w- c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2011-06-27 18:19 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-05-15 10:48 . 2011-06-27 18:18 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 09:29 . 2010-05-26 16:04 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2010-05-26 16:04 858944 ----a-w- c:\windows\system32\nv3dappshext.dll
2012-05-15 09:29 . 2010-05-26 18:04 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2010-05-26 16:04 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2010-05-26 16:04 55616 ----a-w- c:\windows\system32\nv3dappshextr.dll
2012-05-15 09:29 . 2010-05-26 16:04 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-05-15 09:29 . 2010-05-26 18:04 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2010-05-26 16:04 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2010-05-26 16:04 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:21 . 2012-05-15 09:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-13 01:34 . 2012-05-13 01:33 16384 ----a-w- c:\windows\SysWow64\lgfwunis.exe
2012-05-12 19:31 . 2012-04-07 09:26 121416 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2012-05-04 11:06 . 2012-06-13 03:39 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 03:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 03:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-03 02:55 . 2012-05-03 02:55 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll
2012-05-03 02:55 . 2012-05-03 02:55 28056 ----a-w- c:\windows\system32\xfcodec64.dll
2012-05-01 05:40 . 2012-06-13 03:39 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 03:39 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 03:39 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 03:39 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 03:39 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 03:38 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 03:38 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 03:38 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 03:38 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 03:38 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 03:38 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Lenn\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"Adobe"="c:\users\Lenn\AppData\Local\ApneaSoft\Adobe\knywun.dll" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FAStartup"="" [BU]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-04-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"FATrayAlert"="c:\program files\Alienware\Command Center\AlienSense\FATrayMon.exe" [2010-04-04 95560]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"AlienwareOn-ScreenDisplay"="c:\program files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe" [2010-08-13 1362544]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-04-04 18:43 144712 ----a-w- c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" blrun
"FAStartup"=
.
R0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [2010-04-16 24176]
R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-21 14648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-04 136176]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [x]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\gpotato\PriusOnline\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-04 136176]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-03-30 158320]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 121416]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-04 1255736]
R3 X6va002;X6va002;c:\users\Lenn\AppData\Local\Temp\002A835.tmp [x]
R3 X6va005;X6va005;c:\users\Lenn\AppData\Local\Temp\005B924.tmp [x]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-05-15 28992]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdfltn.sys [2010-01-26 21040]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2010-04-19 98208]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe [2010-04-04 2409800]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [2010-01-26 60928]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2011-08-18 1692480]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-01-26 26160]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 287232]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-12-29 67072]
S3 LOWERP;LOWERP;c:\program files (x86)\LowerPing\LowerP.EXE [2011-10-31 3272704]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-04 09:53]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-04 09:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"(Default)"="" [BU]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-19 10144288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-23 415256]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-23 161304]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-17 5470208]
"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-05-21 63304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
LSP: c:\windows\system32\lp.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Lenn\AppData\Roaming\Mozilla\Firefox\Profiles\3nivjits.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.mystart.com/?pr=pando&id=pandooutsparktb&v=1_0&ent=hp
FF - prefs.js: keyword.URL - hxxp://www.mystart.com/results.php?pr=pando&id=pandooutsparktb&v=1_0&gen=ms&ent=tb&mkt=us&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va002]
"ImagePath"="\??\c:\users\Lenn\AppData\Local\Temp\002A835.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Lenn\AppData\Local\Temp\005B924.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-18 04:49:43
ComboFix-quarantined-files.txt 2012-07-18 11:49
ComboFix2.txt 2012-07-16 16:58
.
Pre-Run: 161,772,888,064 bytes free
Post-Run: 162,006,208,512 bytes free
.
- - End Of File - - 77F7574B5B0288238F75D632E2C5F10C

#11 AndyLynn

AndyLynn
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 18 July 2012 - 06:52 AM

no problems yet, ill get back to you if i find any within the hour

#12 AndyLynn

AndyLynn
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 18 July 2012 - 07:39 AM

i've ran into a problem, after using combofix, my MMO games take a dump in FPS or wont even start. normally my computer can run them at a steady 40fps, but twice now, after using combofix, they have 0 framerate

#13 AndyLynn

AndyLynn
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 18 July 2012 - 08:36 AM

i ran a system restore to the backup combofix made before it ran.. sorry if it's an obsticle, but i dont know what it did to my games, and my computer in order to fix it

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:38 PM

Posted 18 July 2012 - 04:36 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 AndyLynn

AndyLynn
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 18 July 2012 - 04:52 PM

OTL logfile created on: 7/18/2012 2:38:00 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Lenn\Downloads
64bit-Windows XP Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 47.30% Memory free
7.60 Gb Paging File | 5.07 Gb Available in Paging File | 66.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 276.83 Gb Total Space | 153.88 Gb Free Space | 55.59% Space Free | Partition Type: NTFS

Computer Name: LENN-PC | User Name: Lenn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Lenn\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Lenn\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\LowerPing\LowerP.EXE (LowerPing)
PRC - C:\Program Files (x86)\AlienRespawn\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe ()
PRC - C:\Program Files (x86)\AlienRespawn\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe ()
PRC - C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe (Alienware)
PRC - C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
PRC - C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe (Sensible Vision )
PRC - C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe (Sensible Vision )
PRC - C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe (Sensible Vision )
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Windows Live\Shared\en\wliduxloc.dll.mui ()
MOD - C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXModelResources\1.0.92.0__bebb3c8816410241\AlienwareAlienFXModelResources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXTools\1.0.92.0__bebb3c8816410241\AlienwareAlienFXTools.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LightFX\1.0.92.0__bebb3c8816410241\LightFX.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication\1.0.92.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication.Core\1.0.92.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.Core.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.92.0__bebb3c8816410241\AlienLabsTools.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.92.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x511\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x511.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x514\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x514.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x512\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x512.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x516\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x516.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x515\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x515.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.DeviceDiscovery\1.0.92.0__bebb3c8816410241\AlienFX.DeviceDiscovery.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.XPS\1.0.92.0__bebb3c8816410241\AlienFX.Communication.XPS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x513\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x513.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.Core\1.0.92.0__bebb3c8816410241\AlienFX.Communication.Core.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication\1.0.92.0__bebb3c8816410241\AlienFX.Communication.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe ()
MOD - C:\Windows\SysWOW64\FAIEExtension.dll ()
MOD - C:\Windows\SysWOW64\FAib.dll ()
MOD - C:\Windows\SysWOW64\FACrashRpt.dll ()
MOD - C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AlienFusionService) -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe (Alienware)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (FAService) -- C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe (Sensible Vision )
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (LOWERP) -- C:\Program Files (x86)\LowerPing\LowerP.EXE (LowerPing)
SRV - (SftService) -- C:\Program Files (x86)\AlienRespawn\SftService.exe (SoftThinks SAS)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (InstallFilterService) -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (libusbd) -- C:\Windows\SysWOW64\libusbd-nt.exe (http://libusb-win32.sourceforge.net)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (johci) -- C:\Windows\SysNative\drivers\johci.sys (JMicron Technology Corp.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics)
DRV:64bit: - (stdflt) -- C:\Windows\SysNative\drivers\stdfltn.sys (ST Microelectronics)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (EMSC) -- C:\Windows\SysNative\drivers\EMSC.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (FACAP) -- C:\Windows\SysNative\drivers\facap.sys (Sensible Vision )
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\ManyCam_x64.sys (ManyCam LLC.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (EMSC) -- C:\Windows\SysWOW64\drivers\EMSC.sys (Windows ® Win 7 DDK provider)
DRV - (libusb0) -- C:\Windows\SysWOW64\drivers\libusb0.sys ()
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1591494213-445130405-732833371-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1591494213-445130405-732833371-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1591494213-445130405-732833371-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1591494213-445130405-732833371-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.mystart.com/results.php?pr=pando&id=pandooutsparktb&v=1_0&gen=ms&ent=ch&q={searchTerms}
IE - HKU\S-1-5-21-1591494213-445130405-732833371-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={1A4AE8EC-85AE-45E3-9F59-4B9A1360A217}&mid=435a84dc9a0147d09dc3d16fff048a7c-9f824e5d3abcbdb21b97dcf6ef5a73ff1e855745&lang=en&ds=AVG&pr=pr&d=2012-07-14 13:53:17&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1591494213-445130405-732833371-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1591494213-445130405-732833371-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..keyword.URL: "http://www.mystart.com/results.php?pr=pando&id=pandooutsparktb&v=1_0&gen=ms&ent=tb&mkt=us&q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/14 10:36:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/03 13:06:05 | 000,000,000 | ---D | M]

[2011/07/23 22:39:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lenn\AppData\Roaming\Mozilla\Extensions
[2012/07/18 09:24:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lenn\AppData\Roaming\Mozilla\Firefox\Profiles\3nivjits.default\extensions
[2012/07/18 09:24:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Lenn\AppData\Roaming\Mozilla\Firefox\Profiles\3nivjits.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/03/10 19:11:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/10 19:11:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/22 04:41:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/05/22 05:08:53 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\LENN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3NIVJITS.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[1832/11/28 21:22:58 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\LENN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3NIVJITS.DEFAULT\EXTENSIONS\AJPQQPWGGC@AJPQQPWGGC.ORG.XPI
[2011/07/08 00:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/07/22 04:08:58 | 000,056,160 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npBFPlugin.dll
[2012/02/22 04:41:14 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/07/14 13:53:14 | 000,003,748 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/04/12 11:51:22 | 000,002,282 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml

O1 HOSTS File: ([2012/07/18 04:45:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll (Sensible Vision )
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1591494213-445130405-732833371-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe ()
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-1591494213-445130405-732833371-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1591494213-445130405-732833371-1001..\Run: [Akamai NetSession Interface] C:\Users\Lenn\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-1591494213-445130405-732833371-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1591494213-445130405-732833371-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1591494213-445130405-732833371-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1591494213-445130405-732833371-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1591494213-445130405-732833371-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1591494213-445130405-732833371-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\lp64.dll (LowerPing)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\lp64.dll (LowerPing)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\lp64.dll (LowerPing)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\lp64.dll (LowerPing)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\lp64.dll (LowerPing)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\lp.dll (LowerPing)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\lp.dll (LowerPing)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\lp.dll (LowerPing)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\lp.dll (LowerPing)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\lp.dll (LowerPing)
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-1591494213-445130405-732833371-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1591494213-445130405-732833371-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1591494213-445130405-732833371-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1591494213-445130405-732833371-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1591494213-445130405-732833371-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1591494213-445130405-732833371-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1591494213-445130405-732833371-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1591494213-445130405-732833371-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (Reg Error: Key error.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} http://www.netgame.com/mplugin/mglaunch_USAv1005.cab (Reg Error: Key error.)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDE77F38-DFDE-4E68-A955-E55820146C0A}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll) - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll ()
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/18 12:42:08 | 025,543,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/07/18 12:42:08 | 009,717,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012/07/18 12:42:08 | 007,713,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012/07/18 12:42:08 | 000,812,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012/07/18 12:42:08 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/07/18 12:42:08 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/07/18 12:42:08 | 000,028,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvpciflt.sys
[2012/07/18 12:42:07 | 025,222,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/07/18 12:42:07 | 019,444,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/07/18 12:42:07 | 017,642,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012/07/18 12:42:07 | 017,543,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/07/18 12:42:07 | 015,009,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012/07/18 12:42:07 | 008,008,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/07/18 12:42:07 | 005,892,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/07/18 12:42:07 | 002,872,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/07/18 12:42:07 | 002,672,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/07/18 12:42:07 | 002,517,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/07/18 12:42:07 | 002,437,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/07/18 12:42:07 | 000,364,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2012/07/18 12:42:07 | 000,301,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2012/07/18 12:42:07 | 000,260,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012/07/18 12:42:07 | 000,215,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012/07/18 09:30:59 | 000,000,000 | ---D | C] -- C:\Users\Lenn\dwhelper
[2012/07/18 08:03:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2012/07/18 06:34:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/18 04:28:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/18 04:03:43 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{490F9AB6-F375-4417-B817-288A0C4EAF7C}
[2012/07/18 04:03:22 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{B1F338EC-5704-4E9E-810A-7AF30090CCC6}
[2012/07/17 11:39:24 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{EE2D6E11-2C5C-4E36-8CDF-71327A1CFC3C}
[2012/07/17 11:38:58 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{8074395A-8342-48CC-B401-687F8CE39439}
[2012/07/16 13:05:57 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{A0F8D4A4-DDB2-4983-872D-48BBB13CFEFB}
[2012/07/16 13:05:45 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{8A14B224-6033-4B86-A503-C2875DD983AC}
[2012/07/16 09:38:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/16 09:25:31 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{A050226A-3EDB-4601-872E-127C46DB5103}
[2012/07/16 09:25:11 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{C64EB1C2-3A2A-446F-B7FB-78D40758B85D}
[2012/07/15 09:23:16 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{F48F5497-D3E4-4A40-84D6-67E284A0128B}
[2012/07/15 09:22:53 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{6BF2AC54-9CAC-4CA2-B75C-84C0296A3D85}
[2012/07/14 15:57:58 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/07/14 15:54:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/07/14 15:54:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/07/14 14:23:32 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Roaming\AVG
[2012/07/14 13:54:11 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Roaming\AVG2012
[2012/07/14 13:51:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/07/14 13:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/07/14 06:36:35 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{B966864D-5E86-4BDF-A54C-765CA7936750}
[2012/07/14 06:36:13 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{A8CBD092-7897-415C-ABDA-DE66552761AB}
[2012/07/13 11:55:19 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{36BAD0D0-EAE2-4F5B-91F7-CCD5DBA25B85}
[2012/07/13 11:54:57 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{1B6A4892-B280-40BD-BF84-2796AE305630}
[2012/07/12 23:54:28 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{C517E771-2A79-410B-8284-83FCB43AFE34}
[2012/07/12 23:54:05 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{516E45F6-031B-463A-A561-3FDD60A9C31D}
[2012/07/12 11:53:38 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{DEA18941-E788-417D-A199-257C177721B9}
[2012/07/12 11:53:17 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{45B450F8-3057-4B24-A12E-091234793AF8}
[2012/07/11 20:41:20 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{3AE3A22A-F3D6-4E4B-BD84-5DAC5D93D11D}
[2012/07/11 20:40:58 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{622098A0-7576-43BC-9046-C2294C83D9DE}
[2012/07/11 13:59:17 | 000,000,000 | R--D | C] -- C:\Users\Lenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/07/11 12:47:18 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/11 12:47:18 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/11 12:47:17 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/11 12:47:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/11 12:47:15 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/11 12:47:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/11 12:47:15 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/11 12:47:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/11 12:47:13 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/11 12:47:13 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/11 12:47:12 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/11 12:47:12 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/11 12:47:12 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/11 08:40:28 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{783B15A8-4444-4B00-B5DA-87FD2B705A2A}
[2012/07/11 08:40:09 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{76AEB5BE-2321-42F6-9290-CBA09B2930E2}
[2012/07/11 04:19:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/11 04:19:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/11 04:18:52 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/11 04:18:48 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/11 04:18:46 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/10 10:30:14 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{FE7E1241-8700-4DAB-8F4B-359F744F914D}
[2012/07/10 10:29:53 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{BA9CA769-A7AC-41A3-847E-0094A7135C73}
[2012/07/09 11:30:33 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{412F7C0D-62A9-45BD-89BC-C722FF6CB42D}
[2012/07/09 11:30:12 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{76240829-8D44-4BD5-B594-315C96865D78}
[2012/07/08 15:34:53 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{9B47A5FD-4421-458D-A172-8687A857184B}
[2012/07/08 15:34:42 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{E2388C0D-9AD2-4E00-ADBD-A43812256B65}
[2012/07/07 16:50:38 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{58E2E7CB-C8E9-46D9-85B7-C828F05F976E}
[2012/07/07 16:50:17 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{6E07B4E4-5AE6-4595-91E8-94C72301DF05}
[2012/07/07 04:06:30 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{AC842350-9BD6-4911-BBBA-5E431DC4FF9B}
[2012/07/07 04:06:20 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{ED95E966-2D9D-4D85-A35E-A3AA3DDF1393}
[2012/07/06 16:06:07 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{B8A9B04E-2B06-4D92-BFBF-1E093116F05E}
[2012/07/06 16:05:45 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{34430C74-AF34-40CF-8A5F-4FDAA3B6813A}
[2012/07/06 03:06:38 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{042BAB0E-C7A0-4A91-B98A-499F2D51DEAA}
[2012/07/06 03:06:16 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{00F4023B-FC51-4935-AADD-2D044DA18206}
[2012/07/05 15:05:48 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{74157832-A0E5-46FD-B31B-2B11849683A3}
[2012/07/05 15:05:26 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{F475A51B-AA83-461F-B2FB-3E07A5C9CF21}
[2012/07/04 16:48:02 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{1B8521FD-2550-4043-8F1C-2DAD28A70988}
[2012/07/04 16:47:51 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{563CD819-ADF9-4584-8858-9D894D2A84BB}
[2012/07/04 02:12:53 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{9B2D5F4D-48EB-4454-A288-E40DE6F49DCB}
[2012/07/04 02:12:29 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{BB134EAD-7226-4CD4-B1C1-D6CC4CEC3AE0}
[2012/07/03 14:12:15 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{05284023-D3E5-4B72-9E54-18B3D215D606}
[2012/07/03 14:11:59 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{43A996B6-F93D-428D-ADB1-EE6BB05105AC}
[2012/07/02 19:55:54 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\ParseModXIV
[2012/07/02 19:18:32 | 000,000,000 | ---D | C] -- C:\Users\Lenn\Documents\AppModXIV
[2012/07/02 17:04:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/07/02 17:01:44 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/07/02 15:21:08 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{20268C6B-FFE8-46B9-9B8E-0647A3401846}
[2012/07/02 15:20:49 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{63F51E20-933F-4BC4-9705-4FC4E26FBE94}
[2012/07/01 14:57:30 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{32F5C056-B867-483E-97AF-068B2D31CFDA}
[2012/07/01 14:57:19 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{0DA0FCE2-049D-4520-B7A2-40D8F66095A9}
[2012/06/30 14:45:35 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{4B1DF08E-22E9-4629-9EDA-8AFB03B974AF}
[2012/06/30 14:45:24 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{BFE6D307-1C33-46F9-B07E-1591328A6B8C}
[2012/06/29 14:47:55 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{77AC292B-556F-443D-B4E7-F880F60C9088}
[2012/06/29 14:47:36 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{95D9C171-FEA0-406F-B898-1DF064982960}
[2012/06/28 12:57:37 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{CA5CD150-838C-433A-BF71-34D16E6640B8}
[2012/06/28 12:57:26 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{B15632AA-7C60-40C0-ACC7-BE09CEDB4C17}
[2012/06/27 14:38:46 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{F085B896-01C2-40AD-97E0-2A8E290EDB81}
[2012/06/27 14:38:24 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{9E4E6FDE-6F51-4ED8-A4D4-CE3650AADC3D}
[2012/06/26 14:23:05 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{A4C6F820-39A0-44AF-BB3B-6417F3F74482}
[2012/06/26 14:22:43 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{25B2DE8E-699B-4E93-8E0F-2EAA103D58B2}
[2012/06/25 12:21:23 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{37EE8A27-9DEB-4BAB-A476-A2F3ADDC24E3}
[2012/06/25 12:21:12 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{F7C50258-985C-4283-A752-12EE27B5E995}
[2012/06/24 12:14:42 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{9743CA5D-F4E1-4036-B6CA-6F25DB99F266}
[2012/06/24 12:14:18 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{D6CB9E45-1558-4864-B445-064496B5BEE9}
[2012/06/24 00:13:38 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{EB0644C8-FA8F-4C2D-9FFF-D9E139DCA4B5}
[2012/06/24 00:13:13 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{8A718125-9A92-4A9D-9135-593098229B5B}
[2012/06/23 12:12:48 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{83977093-99DA-4B84-9A66-CE74072FC8D4}
[2012/06/23 12:12:37 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{16D4B52C-D1C2-4C40-BD04-49B319D3FBE8}
[2012/06/22 12:00:41 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{F792BE18-4DBE-4BAA-9DE3-AB1E17C988DB}
[2012/06/22 12:00:21 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{0D60F559-CC5E-4197-BC55-FED5086280ED}
[2012/06/22 11:57:16 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/22 11:57:16 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/22 11:57:16 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/22 11:56:49 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/22 11:56:49 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/22 11:56:49 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/22 11:56:38 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/22 11:56:38 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/21 23:18:54 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{8D5757FE-43BE-4C83-8870-547D70D6AF18}
[2012/06/21 23:18:31 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{0F8EF857-C923-4B8F-92AC-9CE11CA95048}
[2012/06/21 11:17:50 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{79805390-1B93-408D-8DEA-DA980EE83AC0}
[2012/06/21 11:17:40 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{1ABA60D5-FCA6-40FE-A637-458ED34AD7BB}
[2012/06/20 11:20:13 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{6B619A7F-DA2D-45FD-AFED-3D1654C4D83F}
[2012/06/20 11:19:58 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{5D7B3A8B-22D5-4426-9020-725B075F4D59}
[2012/06/20 02:36:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibUSB-Win32
[2012/06/20 02:36:21 | 000,046,592 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\libusb0.dll
[2012/06/20 02:36:21 | 000,019,456 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\libusbd-9x.exe
[2012/06/20 02:36:21 | 000,018,944 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\libusbd-nt.exe
[2012/06/20 02:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibUSB-Win32-0.1.10.1
[2012/06/19 11:39:18 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{31419B90-932D-44B1-87C8-19E3F7ADD9DA}
[2012/06/19 11:38:57 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{4F74C688-6B60-4453-9223-C3F762F76177}
[2012/06/18 23:08:18 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{BF48C5B0-5C52-42CF-A3D5-5A2FF15BC71E}
[2012/06/18 23:07:57 | 000,000,000 | ---D | C] -- C:\Users\Lenn\AppData\Local\{E63617E6-5A99-47D6-A98A-21EFAEE0F242}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/18 12:59:26 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/18 12:59:26 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/18 12:51:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/18 12:50:57 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/18 12:06:12 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/18 12:06:12 | 000,660,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/18 12:06:12 | 000,121,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/18 12:00:36 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/18 12:00:36 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/18 11:53:14 | 000,025,528 | ---- | M] () -- C:\Users\Lenn\Documents\cc_20120718_115309.reg
[2012/07/18 04:45:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/16 12:50:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/07/14 16:40:58 | 000,000,512 | ---- | M] () -- C:\Users\Lenn\Documents\MBR.dat
[2012/07/14 13:35:04 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/14 05:43:00 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/14 05:43:00 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/11 13:58:21 | 000,275,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/03 09:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/07/02 17:19:25 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad
[2012/06/29 15:03:51 | 000,001,027 | ---- | M] () -- C:\Users\Lenn\Desktop\lol.launcher.admin - Shortcut.lnk
[2012/06/20 02:18:48 | 000,000,949 | ---- | M] () -- C:\Users\Lenn\Application Data\Microsoft\Internet Explorer\Quick Launch\DS3 Tool.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/18 11:53:12 | 000,025,528 | ---- | C] () -- C:\Users\Lenn\Documents\cc_20120718_115309.reg
[2012/07/14 16:40:58 | 000,000,512 | ---- | C] () -- C:\Users\Lenn\Documents\MBR.dat
[2012/07/14 15:57:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/07/02 16:30:05 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad
[2012/06/29 15:03:51 | 000,001,027 | ---- | C] () -- C:\Users\Lenn\Desktop\lol.launcher.admin - Shortcut.lnk
[2012/06/20 02:36:21 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2012/05/12 18:33:16 | 000,000,306 | ---- | C] () -- C:\Windows\lgfwup.ini
[2012/05/02 19:55:52 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012/04/24 16:39:50 | 002,071,763 | ---- | C] () -- C:\Users\Lenn\biggame.png
[2012/04/18 16:06:33 | 000,083,721 | ---- | C] () -- C:\Users\Lenn\mygod.png
[2012/04/16 01:55:38 | 002,377,036 | ---- | C] () -- C:\Users\Lenn\aasd.png
[2012/03/20 21:15:43 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/03/06 20:17:01 | 000,002,872 | ---- | C] () -- C:\Windows\SysWow64\LOWERP.ini
[2012/03/06 20:17:01 | 000,001,544 | ---- | C] () -- C:\Windows\SysWow64\LPOff.ini
[2012/03/06 19:06:34 | 000,000,600 | ---- | C] () -- C:\Users\Lenn\AppData\Local\PUTTY.RND
[2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/02/08 01:34:52 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2012/02/08 01:34:52 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2012/01/10 22:27:26 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012/01/10 22:27:26 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012/01/10 22:27:26 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012/01/10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/11/24 05:13:20 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\irislauncher.exe
[2011/11/24 05:12:50 | 005,554,176 | ---- | C] () -- C:\Windows\SysWow64\irisclient.exe
[2011/11/24 05:12:02 | 000,000,346 | ---- | C] () -- C:\Windows\SysWow64\irisus.ini
[2011/08/06 07:28:10 | 000,000,102 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/08/06 03:54:18 | 000,773,482 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/25 14:32:51 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/07/19 00:14:14 | 000,003,584 | ---- | C] () -- C:\Users\Lenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/03 14:46:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users