TechSpot

Google redirect, fake warnings

By Pershh
Jun 16, 2012
  1. I've had this redirect issue where clicking on any search in google would redirect to to an advertising page nearly every time. After about 4-5 searches clicking the same button it would bring me to the correct page. Another issue I've noticed is random alert notifications will pop up in the background such as the computer being infected. A few other issues I've noticed is that when I play a game in windowed mode, (minecraft, WoW) the games seem to unfocus as if another application had been clicked in the background, and I must reclick on the game window before I can start playing again. Another issue that seems to appear are random "Do you want to leave this page?" Boxes that appear quite randomly, sometimes even when I am not browsing the internet. And lastly, I've noticed my email has sent spam messages advertising products to people on my contacts list. I finished the 5 step process, and here are the logs. (No Gmer log generated) And thanks in advance for the help and time, I've had this problem for a bit and nothing I've tried worked to fix this.

    Also, is it safe to continue playing games, or would it hurt the cleaning process?

    .Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.06.16.01
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Justin :: JUSTIN-PC [administrator]
    6/16/2012 12:29:04 AM
    mbam-log-2012-06-16 (00-29-04).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 208679
    Time elapsed: 1 minute(s), 43 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)

    ---
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Justin at 0:45:55 on 2012-06-16
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2336 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
    C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\DAODx.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    C:\Program Files (x86)\ASUS\EPU\EPU.exe
    C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\REGSVR32.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    uDefault_Page_URL = hxxp://www.msn.com
    mStart Page = hxxp://www.msn.com
    uInternet Settings,ProxyOverride = 127.0.0.1:9421
    mURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
    TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
    mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMLDEV~1.LNK - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    TCP: Interfaces\{2A9E3075-1912-4E2B-B5F9-31FF1BCDDACB} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
    BHO-X64: Conduit Engine - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File
    BHO-X64: AMD SteadyVideo BHO - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
    BHO-X64: uTorrentBar - No File
    BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB-X64: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
    TB-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
    mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun-x64: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
    mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
    mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-2-14 361984]
    R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936]
    R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2011-6-18 109056]
    R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
    R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
    S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\C3DB.tmp --> C:\Windows\system32\C3DB.tmp [?]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-06-16 04:41:22 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4BEFA3E6-56DD-4D8F-9464-62C1C226A40C}\mpengine.dll
    2012-06-16 04:25:17 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-06-16 04:25:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-15 02:24:15 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-06-15 01:59:18 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F9D94BE4-A55B-4AAA-A449-3C18F16896D4}\gapaengine.dll
    2012-06-15 01:59:16 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-06-15 01:57:26 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2012-06-15 01:57:24 -------- d-----w- C:\Program Files\Microsoft Security Client
    2012-06-15 01:50:50 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-06-15 01:50:50 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-06-14 21:45:29 6144 ------w- C:\Windows\System32\C3DB.tmp
    2012-06-14 21:37:05 6144 ------w- C:\Windows\System32\1219.tmp
    2012-06-14 21:24:43 6144 ------w- C:\Windows\System32\926.tmp
    2012-06-14 21:22:51 6144 ------w- C:\Windows\System32\53EA.tmp
    2012-06-14 21:22:41 -------- d-----w- C:\Program Files (x86)\Sophos
    2012-06-14 21:11:52 12872 ----a-w- C:\Windows\System32\bootdelete.exe
    2012-06-14 21:07:44 -------- d-----w- C:\ProgramData\HitmanPro
    2012-06-14 20:57:54 -------- d-sh--w- C:\$RECYCLE.BIN
    2012-06-14 19:50:12 -------- d-----w- C:\ComboFix
    2012-06-14 06:12:40 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FBB33B4E-1854-4332-AFF3-29671E7927D1}\mpengine.dll
    2012-06-14 02:32:11 98816 ----a-w- C:\Windows\sed.exe
    2012-06-14 02:32:11 518144 ----a-w- C:\Windows\SWREG.exe
    2012-06-14 02:32:11 256000 ----a-w- C:\Windows\PEV.exe
    2012-06-14 02:32:11 208896 ----a-w- C:\Windows\MBR.exe
    2012-06-13 15:33:40 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-06-13 15:33:40 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-06-13 15:33:40 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-06-13 15:33:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-06-13 15:33:09 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-06-13 15:33:09 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-06-13 15:33:09 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-06-13 15:33:03 3146752 ----a-w- C:\Windows\System32\win32k.sys
    2012-06-13 15:32:51 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-06-13 15:32:36 3216384 ----a-w- C:\Windows\System32\msi.dll
    2012-06-13 15:32:36 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
    2012-06-13 15:32:19 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-06-13 15:32:19 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-06-13 15:32:18 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-06-13 15:32:18 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-06-13 15:32:18 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-06-13 15:32:18 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-06-09 14:04:43 -------- d-----w- C:\temp
    2012-05-25 02:32:27 -------- d-----w- C:\Users\Justin\AppData\Roaming\LolClient2
    .
    ==================== Find3M ====================
    .
    2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-05-04 23:29:16 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-03-21 00:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
    2012-03-21 00:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
    .
    ============= FINISH: 0:53:38.02 ===============
     
  2. Pershh

    Pershh TS Rookie Topic Starter

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/29/2011 12:57:48 PM
    System Uptime: 6/16/2012 12:20:39 AM (0 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M4A87TD EVO
    Processor: AMD Phenom(tm) II X4 965 Processor | AM3 | 3400/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 931 GiB total, 805.871 GiB free.
    D: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: SASKUTIL
    Device ID: ROOT\LEGACY_SASKUTIL\0000
    Manufacturer:
    Name: SASKUTIL
    PNP Device ID: ROOT\LEGACY_SASKUTIL\0000
    Service: SASKUTIL
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: SASDIFSV
    Device ID: ROOT\LEGACY_SASDIFSV\0000
    Manufacturer:
    Name: SASDIFSV
    PNP Device ID: ROOT\LEGACY_SASDIFSV\0000
    Service: SASDIFSV
    .
    ==== System Restore Points ===================
    .
    RP214: 6/5/2012 3:00:16 AM - Windows Update
    RP215: 6/8/2012 4:03:16 AM - Windows Update
    RP216: 6/11/2012 12:32:25 PM - Windows Update
    RP217: 6/13/2012 1:30:49 PM - Windows Update
    RP218: 6/14/2012 9:50:56 PM - Windows Update
    RP219: 6/14/2012 10:15:49 PM - Removed Java(TM) 6 Update 31
    RP220: 6/14/2012 10:23:15 PM - Installed Java(TM) 7 Update 5
    RP221: 6/14/2012 10:24:19 PM - Installed JavaFX 2.1.1
    RP222: 6/15/2012 11:39:14 PM - Removed JavaFX 2.1.1
    RP223: 6/15/2012 11:39:52 PM - Removed Java(TM) 7 Update 5
    RP224: 6/15/2012 11:41:16 PM - Removed TurboV EVO
    RP225: 6/16/2012 12:01:37 AM - Removed SAIO
    RP226: 6/16/2012 12:02:31 AM - Removed NCsoft Launcher
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe AIR
    Adobe Reader X (10.1.2)
    Adobe Shockwave Player 11.6
    Aion
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    AMD USB Filter Driver
    AMD VISION Engine Control Center
    Bandisoft MPEG-1 Decoder
    Browser Configuration Utility
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Company of Heroes
    Company of Heroes - FAKEMSI
    Conduit Engine
    EPU
    Half-Life: Source
    Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
    HydraVision
    JMicron JMB36X Driver
    Junk Mail filter update
    KAG 0.95A
    League of Legends
    Malwarebytes Anti-Malware version 1.61.0.1400
    Microsoft Choice Guard
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2010
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft XNA Framework Redistributable 4.0
    Mount&Blade Warband
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Natural Selection 2
    Nexon Game Manager
    NVIDIA PhysX
    Pando Media Booster
    Platform
    Realtek Ethernet Controller Driver For Windows 7
    Renesas Electronics USB 3.0 Host Controller Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Skype™ 5.9
    StarCraft II
    Steam
    swMSM
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Ventrilo Client
    VIA Platform Device Manager
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    WinRAR 4.10 (32-bit)
    World of Warcraft
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/16/2012 12:44:50 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    6/16/2012 12:21:07 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
    6/16/2012 12:17:00 AM, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    6/16/2012 12:02:03 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    6/14/2012 9:25:30 PM, Error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    6/14/2012 7:37:43 PM, Error: Service Control Manager [7000] - The MEMSWEEP2 service failed to start due to the following error: This driver has been blocked from loading
    6/14/2012 7:37:43 PM, Error: Application Popup [1060] - \??\C:\Windows\system32\C3DB.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    6/14/2012 7:11:50 PM, Error: Application Popup [1060] - \??\C:\Windows\system32\1219.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    6/14/2012 5:41:10 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    6/14/2012 5:24:44 PM, Error: Application Popup [1060] - \??\C:\Windows\system32\926.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    6/14/2012 5:22:59 PM, Error: Application Popup [1060] - \??\C:\Windows\system32\53EA.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    6/14/2012 4:25:57 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
    6/14/2012 4:24:55 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    6/14/2012 3:52:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
    6/14/2012 3:47:21 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    6/14/2012 3:47:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    6/14/2012 3:47:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    6/14/2012 3:47:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    6/14/2012 3:47:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    6/14/2012 3:47:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    6/14/2012 3:47:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    6/14/2012 3:47:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    6/14/2012 3:46:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    6/14/2012 3:46:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx Wanarpv6 WfpLwf ws2ifsl
    6/14/2012 3:46:54 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/14/2012 3:46:54 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    6/14/2012 3:46:54 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    6/14/2012 3:46:54 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    6/14/2012 3:46:54 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    6/14/2012 3:46:54 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    6/14/2012 3:46:54 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/14/2012 3:46:54 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/14/2012 3:46:54 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/14/2012 3:46:54 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    6/14/2012 3:46:54 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    6/14/2012 2:46:05 PM, Error: Service Control Manager [7034] - The ASUS System Control Service service terminated unexpectedly. It has done this 1 time(s).
    6/13/2012 7:36:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
    6/13/2012 7:36:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
    6/13/2012 7:36:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
    6/13/2012 7:36:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
    6/13/2012 7:36:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.127.1941.0 Previous Signature Version: 1.127.71.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Delta User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: 1.1.8304.0 Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
    6/13/2012 7:36:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.127.1941.0 Previous Signature Version: 1.127.71.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Delta User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: 1.1.8304.0 Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
    6/13/2012 7:36:39 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.127.1941.0).
    6/13/2012 7:36:34 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070643 Error description: Fatal error during installation.
    6/13/2012 7:36:29 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.127.1941.0 Previous Signature Version: 1.127.71.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Delta User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.8304.0 Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
    6/13/2012 7:36:29 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.127.1941.0 Previous Signature Version: 1.127.71.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Delta User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.8304.0 Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
    6/13/2012 11:06:59 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    6/13/2012 10:20:34 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the BFE service which failed to start because of the following error: Access is denied.
    6/13/2012 10:20:34 PM, Error: Service Control Manager [7000] - The BFE service failed to start due to the following error: Access is denied.
    6/13/2012 10:16:13 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    6/13/2012 10:13:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx Wanarpv6 WfpLwf ws2ifsl
    6/13/2012 10:13:15 PM, Error: Service Control Manager [7001] - The iphlpsvc service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/12/2012 1:51:24 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
    6/12/2012 1:51:24 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
    6/12/2012 1:51:24 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
    6/12/2012 1:51:24 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
    6/12/2012 1:51:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.127.1848.0 Previous Signature Version: 1.127.71.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Delta User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: 1.1.8304.0 Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
    6/12/2012 1:51:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.127.1848.0 Previous Signature Version: 1.127.71.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Delta User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: 1.1.8304.0 Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
    6/12/2012 1:51:16 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.127.1848.0).
    6/12/2012 1:51:11 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070643 Error description: Fatal error during installation.
    6/12/2012 1:51:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.127.1848.0 Previous Signature Version: 1.127.71.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Delta User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.8304.0 Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
    6/12/2012 1:51:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.127.1848.0 Previous Signature Version: 1.127.71.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Delta User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.8304.0 Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
    6/11/2012 12:33:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
    6/11/2012 12:33:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
    6/11/2012 12:33:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
    6/11/2012 12:33:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
    6/11/2012 12:32:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.127.1752.0 Previous Signature Version: 1.127.71.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Delta User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: 1.1.8304.0 Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
    6/11/2012 12:32:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.127.1752.0 Previous Signature Version: 1.127.71.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Delta User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: 1.1.8304.0 Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
    6/11/2012 12:32:51 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070643 Error description: Fatal error during installation.
    6/11/2012 12:32:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.127.1752.0 Previous Signature Version: 1.127.71.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Delta User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.8304.0 Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
    6/11/2012 12:32:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.127.1752.0 Previous Signature Version: 1.127.71.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Delta User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.8304.0 Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
    6/11/2012 1:50:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
    6/11/2012 1:50:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
    6/11/2012 1:50:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
    6/11/2012 1:50:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
    6/11/2012 1:50:42 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.127.1752.0 Previous Signature Version: 1.127.71.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Delta User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: 1.1.8304.0 Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
    6/11/2012 1:50:42 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.127.1752.0 Previous Signature Version: 1.127.71.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Delta User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: 1.1.8304.0 Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
    6/11/2012 1:50:42 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.127.1752.0).
    6/11/2012 1:50:33 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070643 Error description: Fatal error during installation.
    6/11/2012 1:50:27 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.127.1752.0 Previous Signature Version: 1.127.71.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Delta User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.8304.0 Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
    6/11/2012 1:50:27 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.127.1752.0 Previous Signature Version: 1.127.71.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Delta User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.8304.0 Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
    .
    ==== End Of File ===========================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    =================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  4. Pershh

    Pershh TS Rookie Topic Starter

    I downloaded the aswMBR file as requested, but upon double clicking it and confirming administration, nothing opens or happens. One thing that just popped up from downloading avast was a threat recognized as
    MBR:Alureon-K [Rtk] found under filename MBR: \\.\PhysicalDrive0\Partition3. Trying the "move to chest" options shows an error code 50 for an unsupported option, so I've left this alone.

    The boot kit log is as follows.
    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
    , 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000

    Size Device Name MBR Status
    --------------------------------------------
    931 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
     
  5. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  6. Pershh

    Pershh TS Rookie Topic Starter

    Finished running tdss and did as told.


    18:09:46.0662 0932TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
    18:09:46.0961 0932============================================================
    18:09:46.0961 0932Current date / time: 2012/06/16 18:09:46.0961
    18:09:46.0961 0932SystemInfo:
    18:09:46.0961 0932
    18:09:46.0961 0932OS Version: 6.1.7601 ServicePack: 1.0
    18:09:46.0961 0932Product type: Workstation
    18:09:46.0962 0932ComputerName: JUSTIN-PC
    18:09:46.0962 0932UserName: Justin
    18:09:46.0962 0932Windows directory: C:\Windows
    18:09:46.0962 0932System windows directory: C:\Windows
    18:09:46.0962 0932Running under WOW64
    18:09:46.0962 0932Processor architecture: Intel x64
    18:09:46.0962 0932Number of processors: 3
    18:09:46.0962 0932Page size: 0x1000
    18:09:46.0962 0932Boot type: Normal boot
    18:09:46.0962 0932============================================================
    18:09:47.0925 0932Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    18:09:47.0929 0932============================================================
    18:09:47.0929 0932\Device\Harddisk0\DR0:
    18:09:47.0929 0932MBR partitions:
    18:09:47.0929 0932\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    18:09:47.0929 0932\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
    18:09:47.0929 0932============================================================
    18:09:47.0948 0932C: <-> \Device\Harddisk0\DR0\Partition1
    18:09:47.0948 0932============================================================
    18:09:47.0948 0932Initialize success
    18:09:47.0948 0932============================================================
    18:10:06.0680 2308============================================================
    18:10:06.0680 2308Scan started
    18:10:06.0680 2308Mode: Manual;
    18:10:06.0680 2308============================================================
    18:10:07.0069 2308!SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    18:10:07.0070 2308!SASCORE - ok
    18:10:07.0167 23081394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
    18:10:07.0169 23081394ohci - ok
    18:10:07.0191 2308ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    18:10:07.0194 2308ACPI - ok
    18:10:07.0204 2308AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    18:10:07.0204 2308AcpiPmi - ok
    18:10:07.0258 2308AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    18:10:07.0259 2308AdobeARMservice - ok
    18:10:07.0289 2308adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
    18:10:07.0293 2308adp94xx - ok
    18:10:07.0328 2308adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
    18:10:07.0331 2308adpahci - ok
    18:10:07.0340 2308adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
    18:10:07.0341 2308adpu320 - ok
    18:10:07.0364 2308AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    18:10:07.0365 2308AeLookupSvc - ok
    18:10:07.0396 2308AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    18:10:07.0400 2308AFD - ok
    18:10:07.0411 2308agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    18:10:07.0412 2308agp440 - ok
    18:10:07.0533 2308Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll
    18:10:07.0533 2308Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af
    18:10:07.0537 2308Akamai ( HiddenFile.Multi.Generic ) - warning
    18:10:07.0537 2308Akamai - detected HiddenFile.Multi.Generic (1)
    18:10:07.0574 2308ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    18:10:07.0575 2308ALG - ok
    18:10:07.0589 2308aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    18:10:07.0589 2308aliide - ok
    18:10:07.0623 2308AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe
    18:10:07.0625 2308AMD External Events Utility - ok
    18:10:07.0660 2308AMD FUEL Service - ok
    18:10:07.0664 2308amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    18:10:07.0665 2308amdide - ok
    18:10:07.0712 2308amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
    18:10:07.0712 2308amdiox64 - ok
    18:10:07.0737 2308AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
    18:10:07.0738 2308AmdK8 - ok
    18:10:07.0961 2308amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
    18:10:08.0077 2308amdkmdag - ok
    18:10:08.0124 2308amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
    18:10:08.0127 2308amdkmdap - ok
    18:10:08.0140 2308AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    18:10:08.0141 2308AmdPPM - ok
    18:10:08.0165 2308amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    18:10:08.0166 2308amdsata - ok
    18:10:08.0176 2308amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
    18:10:08.0178 2308amdsbs - ok
    18:10:08.0193 2308amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    18:10:08.0194 2308amdxata - ok
    18:10:08.0265 2308AODDriver4.1 (0e2ba6dc63e9cf3bf275856735a3e3be) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
    18:10:08.0266 2308AODDriver4.1 - ok
    18:10:08.0284 2308AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    18:10:08.0285 2308AppID - ok
    18:10:08.0297 2308AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    18:10:08.0298 2308AppIDSvc - ok
    18:10:08.0306 2308Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    18:10:08.0307 2308Appinfo - ok
    18:10:08.0332 2308arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
    18:10:08.0333 2308arc - ok
    18:10:08.0338 2308arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
    18:10:08.0339 2308arcsas - ok
    18:10:08.0388 2308AsIO (f6bda026e4157dc4e321ca391e9d9bc6) C:\Windows\syswow64\drivers\AsIO.sys
    18:10:08.0389 2308AsIO - ok
    18:10:08.0461 2308aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    18:10:08.0462 2308aspnet_state - ok
    18:10:08.0491 2308AsSysCtrlService (8c1fd73cc27edd8d3344c632571c224c) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
    18:10:08.0492 2308AsSysCtrlService - ok
    18:10:08.0533 2308aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
    18:10:08.0534 2308aswFsBlk - ok
    18:10:08.0569 2308aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
    18:10:08.0570 2308aswMonFlt - ok
    18:10:08.0583 2308aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
    18:10:08.0584 2308aswRdr - ok
    18:10:08.0607 2308aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
    18:10:08.0612 2308aswSnx - ok
    18:10:08.0633 2308aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
    18:10:08.0636 2308aswSP - ok
    18:10:08.0649 2308aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
    18:10:08.0649 2308aswTdi - ok
    18:10:08.0681 2308AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    18:10:08.0681 2308AsyncMac - ok
    18:10:08.0686 2308atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    18:10:08.0687 2308atapi - ok
    18:10:08.0729 2308AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) C:\Windows\system32\drivers\AtihdW76.sys
    18:10:08.0730 2308AtiHDAudioService - ok
    18:10:08.0750 2308AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
    18:10:08.0751 2308AtiPcie - ok
    18:10:08.0813 2308AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    18:10:08.0818 2308AudioEndpointBuilder - ok
    18:10:08.0822 2308AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    18:10:08.0825 2308AudioSrv - ok
    18:10:09.0049 2308avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    18:10:09.0049 2308avast! Antivirus - ok
    18:10:09.0081 2308AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    18:10:09.0082 2308AxInstSV - ok
    18:10:09.0109 2308b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
    18:10:09.0113 2308b06bdrv - ok
    18:10:09.0146 2308b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    18:10:09.0148 2308b57nd60a - ok
    18:10:09.0184 2308BCUService (7ed4e1d2e124ad4e6a287cf49dbc9bba) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
    18:10:09.0185 2308BCUService - ok
    18:10:09.0276 2308BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    18:10:09.0302 2308BDESVC - ok
    18:10:09.0322 2308Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    18:10:09.0323 2308Beep - ok
    18:10:09.0362 2308BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    18:10:09.0367 2308BFE - ok
    18:10:09.0407 2308BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
    18:10:09.0415 2308BITS - ok
    18:10:09.0445 2308blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    18:10:09.0446 2308blbdrive - ok
    18:10:09.0468 2308bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    18:10:09.0469 2308bowser - ok
    18:10:09.0480 2308BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
    18:10:09.0481 2308BrFiltLo - ok
    18:10:09.0493 2308BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
    18:10:09.0493 2308BrFiltUp - ok
    18:10:09.0513 2308BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    18:10:09.0514 2308BridgeMP - ok
    18:10:09.0521 2308Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    18:10:09.0523 2308Browser - ok
    18:10:09.0540 2308Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    18:10:09.0542 2308Brserid - ok
    18:10:09.0545 2308BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    18:10:09.0546 2308BrSerWdm - ok
    18:10:09.0558 2308BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    18:10:09.0558 2308BrUsbMdm - ok
    18:10:09.0561 2308BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    18:10:09.0561 2308BrUsbSer - ok
    18:10:09.0567 2308BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
    18:10:09.0568 2308BTHMODEM - ok
    18:10:09.0574 2308bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    18:10:09.0576 2308bthserv - ok
    18:10:09.0598 2308catchme - ok
    18:10:09.0615 2308cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    18:10:09.0617 2308cdfs - ok
    18:10:09.0626 2308cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    18:10:09.0627 2308cdrom - ok
    18:10:09.0643 2308CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    18:10:09.0644 2308CertPropSvc - ok
    18:10:09.0659 2308circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
    18:10:09.0659 2308circlass - ok
    18:10:09.0690 2308CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    18:10:09.0693 2308CLFS - ok
    18:10:09.0728 2308clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    18:10:09.0729 2308clr_optimization_v2.0.50727_32 - ok
    18:10:09.0760 2308clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    18:10:09.0761 2308clr_optimization_v2.0.50727_64 - ok
    18:10:09.0801 2308clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    18:10:09.0802 2308clr_optimization_v4.0.30319_32 - ok
    18:10:09.0833 2308clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    18:10:09.0835 2308clr_optimization_v4.0.30319_64 - ok
    18:10:09.0838 2308CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
    18:10:09.0838 2308CmBatt - ok
    18:10:09.0852 2308cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    18:10:09.0852 2308cmdide - ok
    18:10:09.0881 2308CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    18:10:09.0884 2308CNG - ok
    18:10:09.0887 2308Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
    18:10:09.0888 2308Compbatt - ok
    18:10:09.0896 2308CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
    18:10:09.0896 2308CompositeBus - ok
    18:10:09.0898 2308COMSysApp - ok
    18:10:09.0910 2308crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
    18:10:09.0911 2308crcdisk - ok
    18:10:09.0944 2308CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
    18:10:09.0946 2308CryptSvc - ok
    18:10:09.0969 2308DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    18:10:09.0975 2308DcomLaunch - ok
    18:10:10.0000 2308defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    18:10:10.0003 2308defragsvc - ok
    18:10:10.0014 2308DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    18:10:10.0015 2308DfsC - ok
    18:10:10.0034 2308Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    18:10:10.0037 2308Dhcp - ok
    18:10:10.0044 2308discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    18:10:10.0045 2308discache - ok
    18:10:10.0068 2308Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
    18:10:10.0069 2308Disk - ok
    18:10:10.0093 2308Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    18:10:10.0095 2308Dnscache - ok
    18:10:10.0108 2308dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    18:10:10.0111 2308dot3svc - ok
    18:10:10.0119 2308DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    18:10:10.0121 2308DPS - ok
    18:10:10.0128 2308drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    18:10:10.0129 2308drmkaud - ok
    18:10:10.0157 2308DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    18:10:10.0164 2308DXGKrnl - ok
    18:10:10.0174 2308EagleX64 - ok
    18:10:10.0182 2308EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    18:10:10.0183 2308EapHost - ok
    18:10:10.0254 2308ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
    18:10:10.0299 2308ebdrv - ok
    18:10:10.0372 2308EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    18:10:10.0374 2308EFS - ok
    18:10:10.0408 2308ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    18:10:10.0414 2308ehRecvr - ok
    18:10:10.0418 2308ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    18:10:10.0420 2308ehSched - ok
    18:10:10.0450 2308elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
    18:10:10.0454 2308elxstor - ok
    18:10:10.0456 2308ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    18:10:10.0457 2308ErrDev - ok
    18:10:10.0476 2308EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    18:10:10.0480 2308EventSystem - ok
    18:10:10.0490 2308exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    18:10:10.0492 2308exfat - ok
    18:10:10.0511 2308fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    18:10:10.0512 2308fastfat - ok
    18:10:10.0539 2308Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    18:10:10.0545 2308Fax - ok
    18:10:10.0548 2308fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
    18:10:10.0549 2308fdc - ok
    18:10:10.0556 2308fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    18:10:10.0557 2308fdPHost - ok
    18:10:10.0565 2308FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    18:10:10.0566 2308FDResPub - ok
    18:10:10.0571 2308FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    18:10:10.0572 2308FileInfo - ok
    18:10:10.0586 2308Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    18:10:10.0586 2308Filetrace - ok
    18:10:10.0589 2308flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
    18:10:10.0590 2308flpydisk - ok
    18:10:10.0605 2308FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    18:10:10.0608 2308FltMgr - ok
    18:10:10.0658 2308FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    18:10:10.0676 2308FontCache - ok
    18:10:10.0709 2308FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    18:10:10.0710 2308FontCache3.0.0.0 - ok
    18:10:10.0722 2308FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    18:10:10.0723 2308FsDepends - ok
    18:10:10.0751 2308Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    18:10:10.0752 2308Fs_Rec - ok
    18:10:10.0764 2308fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    18:10:10.0765 2308fvevol - ok
    18:10:10.0784 2308gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
    18:10:10.0785 2308gagp30kx - ok
    18:10:10.0808 2308gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    18:10:10.0814 2308gpsvc - ok
    18:10:10.0906 2308gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    18:10:10.0908 2308gupdate - ok
    18:10:10.0918 2308gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    18:10:10.0919 2308gupdatem - ok
    18:10:10.0944 2308hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    18:10:10.0945 2308hcw85cir - ok
    18:10:10.0972 2308HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    18:10:10.0975 2308HdAudAddService - ok
    18:10:10.0989 2308HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    18:10:10.0990 2308HDAudBus - ok
    18:10:10.0993 2308HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
    18:10:10.0994 2308HidBatt - ok
    18:10:11.0000 2308HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
    18:10:11.0001 2308HidBth - ok
    18:10:11.0005 2308HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
    18:10:11.0005 2308HidIr - ok
    18:10:11.0018 2308hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
    18:10:11.0019 2308hidserv - ok
    18:10:11.0030 2308HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    18:10:11.0031 2308HidUsb - ok
    18:10:11.0043 2308hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    18:10:11.0045 2308hkmsvc - ok
    18:10:11.0061 2308HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    18:10:11.0064 2308HomeGroupListener - ok
    18:10:11.0076 2308HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    18:10:11.0079 2308HomeGroupProvider - ok
    18:10:11.0084 2308HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    18:10:11.0085 2308HpSAMD - ok
    18:10:11.0111 2308HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    18:10:11.0117 2308HTTP - ok
    18:10:11.0125 2308hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    18:10:11.0126 2308hwpolicy - ok
    18:10:11.0135 2308i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    18:10:11.0137 2308i8042prt - ok
    18:10:11.0170 2308iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    18:10:11.0173 2308iaStorV - ok
    18:10:11.0250 2308idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    18:10:11.0257 2308idsvc - ok
    18:10:11.0273 2308iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
    18:10:11.0273 2308iirsp - ok
    18:10:11.0304 2308IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    18:10:11.0311 2308IKEEXT - ok
    18:10:11.0316 2308intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    18:10:11.0317 2308intelide - ok
    18:10:11.0332 2308intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
    18:10:11.0333 2308intelppm - ok
    18:10:11.0346 2308IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    18:10:11.0348 2308IPBusEnum - ok
    18:10:11.0360 2308IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    18:10:11.0361 2308IpFilterDriver - ok
    18:10:11.0381 2308iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    18:10:11.0386 2308iphlpsvc - ok
    18:10:11.0391 2308IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    18:10:11.0392 2308IPMIDRV - ok
    18:10:11.0409 2308IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    18:10:11.0417 2308IPNAT - ok
    18:10:11.0430 2308IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    18:10:11.0430 2308IRENUM - ok
    18:10:11.0433 2308isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    18:10:11.0434 2308isapnp - ok
    18:10:11.0455 2308iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    18:10:11.0457 2308iScsiPrt - ok
    18:10:11.0512 2308JRAID (4a8a242fda43765f4f73ecde2ba0d62a) C:\Windows\system32\DRIVERS\jraid.sys
    18:10:11.0514 2308JRAID - ok
    18:10:11.0535 2308kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    18:10:11.0535 2308kbdclass - ok
    18:10:11.0555 2308kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    18:10:11.0556 2308kbdhid - ok
    18:10:11.0579 2308KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    18:10:11.0581 2308KeyIso - ok
    18:10:11.0588 2308KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    18:10:11.0589 2308KSecDD - ok
    18:10:11.0597 2308KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    18:10:11.0599 2308KSecPkg - ok
    18:10:11.0610 2308ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    18:10:11.0611 2308ksthunk - ok
    18:10:11.0629 2308KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    18:10:11.0633 2308KtmRm - ok
    18:10:11.0648 2308LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
    18:10:11.0652 2308LanmanServer - ok
    18:10:11.0672 2308LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    18:10:11.0676 2308LanmanWorkstation - ok
    18:10:11.0698 2308lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    18:10:11.0699 2308lltdio - ok
    18:10:11.0716 2308lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    18:10:11.0720 2308lltdsvc - ok
    18:10:11.0734 2308lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    18:10:11.0736 2308lmhosts - ok
    18:10:11.0766 2308LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
    18:10:11.0767 2308LSI_FC - ok
    18:10:11.0772 2308LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
    18:10:11.0773 2308LSI_SAS - ok
    18:10:11.0786 2308LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
    18:10:11.0787 2308LSI_SAS2 - ok
    18:10:11.0792 2308LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
    18:10:11.0793 2308LSI_SCSI - ok
    18:10:11.0807 2308luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    18:10:11.0809 2308luafv - ok
    18:10:11.0826 2308Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    18:10:11.0828 2308Mcx2Svc - ok
    18:10:11.0832 2308megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
    18:10:11.0833 2308megasas - ok
    18:10:11.0845 2308MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
    18:10:11.0848 2308MegaSR - ok
    18:10:11.0894 2308MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\Windows\system32\C3DB.tmp
    18:10:11.0895 2308MEMSWEEP2 - ok
    18:10:11.0983 2308Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
    18:10:11.0984 2308Microsoft Office Groove Audit Service - ok
    18:10:11.0990 2308MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    18:10:11.0992 2308MMCSS - ok
    18:10:12.0004 2308Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    18:10:12.0005 2308Modem - ok
    18:10:12.0033 2308monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    18:10:12.0033 2308monitor - ok
    18:10:12.0048 2308mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    18:10:12.0049 2308mouclass - ok
    18:10:12.0077 2308mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    18:10:12.0078 2308mouhid - ok
    18:10:12.0086 2308mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    18:10:12.0087 2308mountmgr - ok
    18:10:12.0119 2308MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
    18:10:12.0121 2308MpFilter - ok
    18:10:12.0129 2308mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    18:10:12.0131 2308mpio - ok
    18:10:12.0136 2308mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    18:10:12.0137 2308mpsdrv - ok
    18:10:12.0157 2308MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
    18:10:12.0164 2308MpsSvc - ok
    18:10:12.0179 2308MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    18:10:12.0181 2308MRxDAV - ok
    18:10:12.0209 2308mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    18:10:12.0210 2308mrxsmb - ok
    18:10:12.0244 2308mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    18:10:12.0246 2308mrxsmb10 - ok
    18:10:12.0255 2308mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    18:10:12.0257 2308mrxsmb20 - ok
    18:10:12.0265 2308msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    18:10:12.0266 2308msahci - ok
    18:10:12.0277 2308msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    18:10:12.0278 2308msdsm - ok
    18:10:12.0287 2308MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    18:10:12.0290 2308MSDTC - ok
    18:10:12.0301 2308Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    18:10:12.0302 2308Msfs - ok
    18:10:12.0307 2308mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    18:10:12.0308 2308mshidkmdf - ok
    18:10:12.0321 2308msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    18:10:12.0321 2308msisadrv - ok
    18:10:12.0343 2308MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    18:10:12.0345 2308MSiSCSI - ok
    18:10:12.0347 2308msiserver - ok
    18:10:12.0356 2308MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    18:10:12.0356 2308MSKSSRV - ok
    18:10:12.0403 2308MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
    18:10:12.0403 2308MsMpSvc - ok
    18:10:12.0415 2308MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    18:10:12.0416 2308MSPCLOCK - ok
    18:10:12.0421 2308MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    18:10:12.0421 2308MSPQM - ok
    18:10:12.0437 2308MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    18:10:12.0441 2308MsRPC - ok
    18:10:12.0446 2308mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    18:10:12.0446 2308mssmbios - ok
    18:10:12.0459 2308MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    18:10:12.0459 2308MSTEE - ok
    18:10:12.0472 2308MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
    18:10:12.0473 2308MTConfig - ok
    18:10:12.0532 2308MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
    18:10:12.0533 2308MTsensor - ok
    18:10:12.0537 2308Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    18:10:12.0538 2308Mup - ok
    18:10:12.0558 2308napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    18:10:12.0563 2308napagent - ok
    18:10:12.0594 2308NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    18:10:12.0597 2308NativeWifiP - ok
    18:10:12.0621 2308NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    18:10:12.0627 2308NDIS - ok
    18:10:12.0653 2308NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    18:10:12.0653 2308NdisCap - ok
    18:10:12.0662 2308NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    18:10:12.0663 2308NdisTapi - ok
    18:10:12.0677 2308Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    18:10:12.0678 2308Ndisuio - ok
    18:10:12.0689 2308NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    18:10:12.0690 2308NdisWan - ok
    18:10:12.0694 2308NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    18:10:12.0695 2308NDProxy - ok
    18:10:12.0709 2308NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    18:10:12.0710 2308NetBIOS - ok
    18:10:12.0722 2308NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    18:10:12.0724 2308NetBT - ok
    18:10:12.0753 2308Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    18:10:12.0754 2308Netlogon - ok
    18:10:12.0783 2308Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    18:10:12.0787 2308Netman - ok
    18:10:12.0850 2308NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    18:10:12.0852 2308NetMsmqActivator - ok
    18:10:12.0854 2308NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    18:10:12.0855 2308NetPipeActivator - ok
    18:10:12.0874 2308netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    18:10:12.0879 2308netprofm - ok
    18:10:12.0882 2308NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    18:10:12.0883 2308NetTcpActivator - ok
    18:10:12.0885 2308NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    18:10:12.0886 2308NetTcpPortSharing - ok
    18:10:12.0933 2308nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
    18:10:12.0934 2308nfrd960 - ok
    18:10:12.0980 2308NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    18:10:12.0981 2308NisDrv - ok
    18:10:13.0030 2308NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
    18:10:13.0032 2308NisSrv - ok
    18:10:13.0068 2308NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    18:10:13.0072 2308NlaSvc - ok
    18:10:13.0081 2308Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    18:10:13.0081 2308Npfs - ok
    18:10:13.0103 2308npggsvc - ok
    18:10:13.0110 2308NPPTNT2 - ok
    18:10:13.0120 2308nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    18:10:13.0122 2308nsi - ok
    18:10:13.0128 2308nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    18:10:13.0129 2308nsiproxy - ok
    18:10:13.0197 2308Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    18:10:13.0236 2308Ntfs - ok
    18:10:13.0276 2308Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    18:10:13.0277 2308Null - ok
    18:10:13.0301 2308nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
    18:10:13.0302 2308nusb3hub - ok
    18:10:13.0318 2308nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
    18:10:13.0320 2308nusb3xhc - ok
    18:10:13.0558 2308nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    18:10:13.0696 2308nvlddmkm - ok
    18:10:13.0770 2308nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    18:10:13.0772 2308nvraid - ok
    18:10:13.0792 2308nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    18:10:13.0793 2308nvstor - ok
    18:10:13.0801 2308nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    18:10:13.0802 2308nv_agp - ok
    18:10:13.0884 2308odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    18:10:13.0888 2308odserv - ok
    18:10:13.0898 2308ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    18:10:13.0899 2308ohci1394 - ok
    18:10:13.0929 2308ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    18:10:13.0930 2308ose - ok
    18:10:13.0953 2308p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    18:10:13.0957 2308p2pimsvc - ok
    18:10:13.0971 2308p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    18:10:13.0976 2308p2psvc - ok
    18:10:13.0993 2308Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
    18:10:13.0995 2308Parport - ok
    18:10:14.0022 2308partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
    18:10:14.0023 2308partmgr - ok
    18:10:14.0033 2308PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    18:10:14.0036 2308PcaSvc - ok
    18:10:14.0046 2308pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    18:10:14.0048 2308pci - ok
    18:10:14.0055 2308pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    18:10:14.0055 2308pciide - ok
    18:10:14.0071 2308pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
    18:10:14.0073 2308pcmcia - ok
    18:10:14.0077 2308pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    18:10:14.0078 2308pcw - ok
    18:10:14.0101 2308PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    18:10:14.0106 2308PEAUTH - ok
    18:10:14.0147 2308PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    18:10:14.0149 2308PerfHost - ok
    18:10:14.0211 2308pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    18:10:14.0234 2308pla - ok
    18:10:14.0279 2308PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    18:10:14.0285 2308PlugPlay - ok
    18:10:14.0287 2308PnkBstrA - ok
    18:10:14.0300 2308PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    18:10:14.0302 2308PNRPAutoReg - ok
    18:10:14.0321 2308PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    18:10:14.0324 2308PNRPsvc - ok
    18:10:14.0449 2308PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    18:10:14.0454 2308PolicyAgent - ok
    18:10:14.0473 2308Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    18:10:14.0476 2308Power - ok
    18:10:14.0502 2308PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    18:10:14.0503 2308PptpMiniport - ok
    18:10:14.0521 2308Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
    18:10:14.0522 2308Processor - ok
    18:10:14.0555 2308ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
    18:10:14.0558 2308ProfSvc - ok
    18:10:14.0576 2308ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    18:10:14.0577 2308ProtectedStorage - ok
    18:10:14.0603 2308Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    18:10:14.0605 2308Psched - ok
    18:10:14.0647 2308ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
    18:10:14.0669 2308ql2300 - ok
    18:10:14.0712 2308ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
    18:10:14.0714 2308ql40xx - ok
    18:10:14.0726 2308QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    18:10:14.0730 2308QWAVE - ok
    18:10:14.0741 2308QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    18:10:14.0741 2308QWAVEdrv - ok
    18:10:14.0744 2308RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    18:10:14.0745 2308RasAcd - ok
    18:10:14.0757 2308RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    18:10:14.0758 2308RasAgileVpn - ok
    18:10:14.0769 2308RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    18:10:14.0772 2308RasAuto - ok
    18:10:14.0780 2308Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    18:10:14.0781 2308Rasl2tp - ok
    18:10:14.0796 2308RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    18:10:14.0800 2308RasMan - ok
    18:10:14.0806 2308RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    18:10:14.0807 2308RasPppoe - ok
    18:10:14.0813 2308RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    18:10:14.0814 2308RasSstp - ok
    18:10:14.0829 2308rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    18:10:14.0831 2308rdbss - ok
    18:10:14.0848 2308rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
    18:10:14.0848 2308rdpbus - ok
    18:10:14.0858 2308RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    18:10:14.0859 2308RDPCDD - ok
    18:10:14.0883 2308RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    18:10:14.0883 2308RDPENCDD - ok
    18:10:14.0888 2308RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    18:10:14.0889 2308RDPREFMP - ok
    18:10:14.0918 2308RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
    18:10:14.0920 2308RDPWD - ok
    18:10:14.0932 2308rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    18:10:14.0934 2308rdyboost - ok
    18:10:14.0964 2308RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    18:10:14.0967 2308RemoteAccess - ok
    18:10:14.0982 2308RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    18:10:14.0985 2308RemoteRegistry - ok
    18:10:15.0001 2308RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    18:10:15.0003 2308RpcEptMapper - ok
    18:10:15.0015 2308RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    18:10:15.0017 2308RpcLocator - ok
    18:10:15.0039 2308RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    18:10:15.0043 2308RpcSs - ok
    18:10:15.0048 2308rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    18:10:15.0049 2308rspndr - ok
    18:10:15.0093 2308RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0)
     
  7. Pershh

    Pershh TS Rookie Topic Starter

    C:\Windows\system32\DRIVERS\Rt64win7.sys
    18:10:15.0097 2308RTL8167 - ok
    18:10:15.0117 2308SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    18:10:15.0118 2308SamSs - ok
    18:10:15.0186 2308SASDIFSV - ok
    18:10:15.0197 2308SASKUTIL - ok
    18:10:15.0211 2308sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    18:10:15.0212 2308sbp2port - ok
    18:10:15.0229 2308SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    18:10:15.0233 2308SCardSvr - ok
    18:10:15.0247 2308scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    18:10:15.0247 2308scfilter - ok
    18:10:15.0277 2308Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    18:10:15.0296 2308Schedule - ok
    18:10:15.0317 2308SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    18:10:15.0318 2308SCPolicySvc - ok
    18:10:15.0331 2308SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    18:10:15.0335 2308SDRSVC - ok
    18:10:15.0374 2308secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    18:10:15.0375 2308secdrv - ok
    18:10:15.0394 2308seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    18:10:15.0397 2308seclogon - ok
    18:10:15.0405 2308SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
    18:10:15.0408 2308SENS - ok
    18:10:15.0419 2308SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    18:10:15.0421 2308SensrSvc - ok
    18:10:15.0441 2308Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    18:10:15.0441 2308Serenum - ok
    18:10:15.0457 2308Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    18:10:15.0459 2308Serial - ok
    18:10:15.0472 2308sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
    18:10:15.0473 2308sermouse - ok
    18:10:15.0485 2308SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    18:10:15.0488 2308SessionEnv - ok
    18:10:15.0494 2308sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    18:10:15.0495 2308sffdisk - ok
    18:10:15.0498 2308sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    18:10:15.0499 2308sffp_mmc - ok
    18:10:15.0507 2308sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    18:10:15.0508 2308sffp_sd - ok
    18:10:15.0511 2308sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
    18:10:15.0512 2308sfloppy - ok
    18:10:15.0552 2308SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    18:10:15.0555 2308SharedAccess - ok
    18:10:15.0574 2308ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    18:10:15.0579 2308ShellHWDetection - ok
    18:10:15.0594 2308SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
    18:10:15.0595 2308SiSRaid2 - ok
    18:10:15.0600 2308SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
    18:10:15.0601 2308SiSRaid4 - ok
    18:10:15.0700 2308SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
    18:10:15.0702 2308SkypeUpdate - ok
    18:10:15.0712 2308Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    18:10:15.0713 2308Smb - ok
    18:10:15.0735 2308SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    18:10:15.0737 2308SNMPTRAP - ok
    18:10:15.0750 2308spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    18:10:15.0751 2308spldr - ok
    18:10:15.0774 2308Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    18:10:15.0780 2308Spooler - ok
    18:10:15.0855 2308sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    18:10:15.0907 2308sppsvc - ok
    18:10:15.0960 2308sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    18:10:15.0963 2308sppuinotify - ok
    18:10:15.0991 2308srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    18:10:15.0995 2308srv - ok
    18:10:16.0014 2308srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    18:10:16.0017 2308srv2 - ok
    18:10:16.0031 2308srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    18:10:16.0033 2308srvnet - ok
    18:10:16.0063 2308ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
    18:10:16.0065 2308ssadbus - ok
    18:10:16.0075 2308ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
    18:10:16.0076 2308ssadmdfl - ok
    18:10:16.0084 2308ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
    18:10:16.0086 2308ssadmdm - ok
    18:10:16.0105 2308SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    18:10:16.0109 2308SSDPSRV - ok
    18:10:16.0122 2308SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    18:10:16.0125 2308SstpSvc - ok
    18:10:16.0174 2308Steam Client Service - ok
    18:10:16.0197 2308stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
    18:10:16.0198 2308stexstor - ok
    18:10:16.0223 2308stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    18:10:16.0229 2308stisvc - ok
    18:10:16.0243 2308swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    18:10:16.0243 2308swenum - ok
    18:10:16.0261 2308swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    18:10:16.0267 2308swprv - ok
    18:10:16.0307 2308SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    18:10:16.0337 2308SysMain - ok
    18:10:16.0385 2308TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    18:10:16.0389 2308TabletInputService - ok
    18:10:16.0404 2308TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    18:10:16.0409 2308TapiSrv - ok
    18:10:16.0416 2308TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    18:10:16.0419 2308TBS - ok
    18:10:16.0493 2308Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
    18:10:16.0523 2308Tcpip - ok
    18:10:16.0617 2308TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
    18:10:16.0625 2308TCPIP6 - ok
    18:10:16.0676 2308tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    18:10:16.0677 2308tcpipreg - ok
    18:10:16.0689 2308TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    18:10:16.0690 2308TDPIPE - ok
    18:10:16.0723 2308TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    18:10:16.0723 2308TDTCP - ok
    18:10:16.0733 2308tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    18:10:16.0734 2308tdx - ok
    18:10:16.0740 2308TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
    18:10:16.0741 2308TermDD - ok
    18:10:16.0764 2308TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    18:10:16.0771 2308TermService - ok
    18:10:16.0785 2308Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    18:10:16.0788 2308Themes - ok
    18:10:16.0811 2308THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    18:10:16.0813 2308THREADORDER - ok
    18:10:16.0824 2308TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    18:10:16.0827 2308TrkWks - ok
    18:10:16.0864 2308TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    18:10:16.0866 2308TrustedInstaller - ok
    18:10:16.0878 2308tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    18:10:16.0879 2308tssecsrv - ok
    18:10:16.0889 2308TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    18:10:16.0890 2308TsUsbFlt - ok
    18:10:16.0893 2308TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
    18:10:16.0894 2308TsUsbGD - ok
    18:10:16.0914 2308tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    18:10:16.0915 2308tunnel - ok
    18:10:16.0920 2308uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
    18:10:16.0921 2308uagp35 - ok
    18:10:16.0937 2308udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    18:10:16.0939 2308udfs - ok
    18:10:16.0956 2308UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    18:10:16.0959 2308UI0Detect - ok
    18:10:16.0974 2308uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    18:10:16.0975 2308uliagpkx - ok
    18:10:16.0984 2308umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    18:10:16.0985 2308umbus - ok
    18:10:16.0999 2308UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
    18:10:16.0999 2308UmPass - ok
    18:10:17.0015 2308upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    18:10:17.0020 2308upnphost - ok
    18:10:17.0037 2308usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
    18:10:17.0038 2308usbccgp - ok
    18:10:17.0053 2308usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    18:10:17.0055 2308usbcir - ok
    18:10:17.0066 2308usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    18:10:17.0067 2308usbehci - ok
    18:10:17.0079 2308usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
    18:10:17.0080 2308usbfilter - ok
    18:10:17.0093 2308usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    18:10:17.0096 2308usbhub - ok
    18:10:17.0105 2308usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
    18:10:17.0106 2308usbohci - ok
    18:10:17.0122 2308usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
    18:10:17.0123 2308usbprint - ok
    18:10:17.0141 2308USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    18:10:17.0142 2308USBSTOR - ok
    18:10:17.0153 2308usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    18:10:17.0154 2308usbuhci - ok
    18:10:17.0170 2308UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    18:10:17.0173 2308UxSms - ok
    18:10:17.0198 2308VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    18:10:17.0199 2308VaultSvc - ok
    18:10:17.0212 2308vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    18:10:17.0213 2308vdrvroot - ok
    18:10:17.0238 2308vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    18:10:17.0244 2308vds - ok
    18:10:17.0247 2308vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    18:10:17.0248 2308vga - ok
    18:10:17.0264 2308VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    18:10:17.0265 2308VgaSave - ok
    18:10:17.0274 2308vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    18:10:17.0276 2308vhdmp - ok
    18:10:17.0320 2308VIAHdAudAddService (dfdf7f9caa50ee72a633ea4bbd65a557) C:\Windows\system32\drivers\viahduaa.sys
    18:10:17.0344 2308VIAHdAudAddService - ok
    18:10:17.0348 2308viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    18:10:17.0349 2308viaide - ok
    18:10:17.0364 2308volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    18:10:17.0365 2308volmgr - ok
    18:10:17.0374 2308volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    18:10:17.0376 2308volmgrx - ok
    18:10:17.0417 2308volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    18:10:17.0419 2308volsnap - ok
    18:10:17.0442 2308vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
    18:10:17.0444 2308vsmraid - ok
    18:10:17.0488 2308VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    18:10:17.0519 2308VSS - ok
    18:10:17.0590 2308vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    18:10:17.0591 2308vwifibus - ok
    18:10:17.0610 2308W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    18:10:17.0615 2308W32Time - ok
    18:10:17.0642 2308WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
    18:10:17.0643 2308WacomPen - ok
    18:10:17.0649 2308WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    18:10:17.0650 2308WANARP - ok
    18:10:17.0652 2308Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    18:10:17.0653 2308Wanarpv6 - ok
    18:10:17.0704 2308WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    18:10:17.0729 2308WatAdminSvc - ok
    18:10:17.0769 2308wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    18:10:17.0810 2308wbengine - ok
    18:10:17.0857 2308WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    18:10:17.0861 2308WbioSrvc - ok
    18:10:17.0876 2308wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    18:10:17.0881 2308wcncsvc - ok
    18:10:17.0892 2308WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    18:10:17.0895 2308WcsPlugInService - ok
    18:10:17.0908 2308Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
    18:10:17.0908 2308Wd - ok
    18:10:17.0943 2308Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    18:10:17.0959 2308Wdf01000 - ok
    18:10:17.0969 2308WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    18:10:17.0973 2308WdiServiceHost - ok
    18:10:17.0975 2308WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    18:10:17.0977 2308WdiSystemHost - ok
    18:10:17.0999 2308WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    18:10:18.0003 2308WebClient - ok
    18:10:18.0016 2308Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    18:10:18.0021 2308Wecsvc - ok
    18:10:18.0034 2308wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    18:10:18.0038 2308wercplsupport - ok
    18:10:18.0058 2308WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    18:10:18.0061 2308WerSvc - ok
    18:10:18.0068 2308WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    18:10:18.0069 2308WfpLwf - ok
    18:10:18.0081 2308WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    18:10:18.0082 2308WIMMount - ok
    18:10:18.0124 2308WinDefend - ok
    18:10:18.0129 2308WinHttpAutoProxySvc - ok
    18:10:18.0179 2308Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    18:10:18.0182 2308Winmgmt - ok
    18:10:18.0239 2308WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    18:10:18.0274 2308WinRM - ok
    18:10:18.0349 2308WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    18:10:18.0350 2308WinUsb - ok
    18:10:18.0382 2308Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    18:10:18.0391 2308Wlansvc - ok
    18:10:18.0503 2308wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    18:10:18.0529 2308wlidsvc - ok
    18:10:18.0567 2308WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    18:10:18.0568 2308WmiAcpi - ok
    18:10:18.0588 2308wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    18:10:18.0590 2308wmiApSrv - ok
    18:10:18.0614 2308WMPNetworkSvc - ok
    18:10:18.0642 2308WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    18:10:18.0645 2308WPCSvc - ok
    18:10:18.0658 2308WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    18:10:18.0662 2308WPDBusEnum - ok
    18:10:18.0672 2308ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    18:10:18.0673 2308ws2ifsl - ok
    18:10:18.0692 2308wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
    18:10:18.0696 2308wscsvc - ok
    18:10:18.0698 2308WSearch - ok
    18:10:18.0774 2308wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
    18:10:18.0811 2308wuauserv - ok
    18:10:18.0857 2308WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    18:10:18.0858 2308WudfPf - ok
    18:10:18.0886 2308WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    18:10:18.0888 2308WUDFRd - ok
    18:10:18.0895 2308wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    18:10:18.0898 2308wudfsvc - ok
    18:10:18.0916 2308WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    18:10:18.0920 2308WwanSvc - ok
    18:10:18.0946 2308yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
    18:10:18.0949 2308yukonw7 - ok
    18:10:18.0958 2308MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    18:10:18.0987 2308\Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
    18:10:18.0987 2308\Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
    18:10:19.0015 2308Boot (0x1200) (d305ef3018d1b1a4db1921fcc48d2733) \Device\Harddisk0\DR0\Partition0
    18:10:19.0018 2308\Device\Harddisk0\DR0\Partition0 - ok
    18:10:19.0035 2308Boot (0x1200) (db8b4b9afafbcece5bbd5cc542c1ce06) \Device\Harddisk0\DR0\Partition1
    18:10:19.0037 2308\Device\Harddisk0\DR0\Partition1 - ok
    18:10:19.0038 2308============================================================
    18:10:19.0038 2308Scan finished
    18:10:19.0038 2308============================================================
    18:10:19.0044 0956Detected object count: 2
    18:10:19.0044 0956Actual detected object count: 2
    18:10:44.0278 0956Akamai ( HiddenFile.Multi.Generic ) - skipped by user
    18:10:44.0279 0956Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
    18:10:44.0587 0956\Device\Harddisk0\DR0\# - copied to quarantine
    18:10:44.0767 0956\Device\Harddisk0\DR0 - copied to quarantine
    18:10:45.0730 0956\Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
    18:10:45.0772 0956\Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
    18:10:45.0774 0956\Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
    18:10:45.0776 0956\Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
    18:10:45.0778 0956\Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
    18:10:45.0781 0956\Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
    18:10:48.0121 0956\Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
    18:10:48.0170 0956\Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
    18:10:48.0223 0956\Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
    18:10:48.0374 0956\Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    18:10:48.0579 0956\Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    18:10:48.0644 0956\Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    18:10:48.0685 0956\Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    18:10:48.0751 0956\Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
    18:10:48.0754 0956\Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
    18:10:48.0757 0956\Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
    18:10:48.0795 0956\Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
    18:10:48.0847 0956\Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
    18:10:51.0205 0956\Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine
    18:10:51.0440 0956\Device\Harddisk0\DR0\TDLFS\sant64 - copied to quarantine
    18:10:51.0663 0956\Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
    18:10:51.0666 0956\Device\Harddisk0\DR0\TDLFS\time.txt - copied to quarantine
    18:10:51.0669 0956\Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
    18:10:51.0674 0956\Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
    18:10:51.0817 0956\Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
    18:10:52.0040 0956\Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
    18:10:52.0081 0956\Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
    18:10:52.0082 0956\Device\Harddisk0\DR0 - ok
    18:10:52.0233 0956\Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
    18:11:23.0904 4756Deinitialize success
     
  8. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Good :)

    See if aswMBR will run now.
     
  9. Pershh

    Pershh TS Rookie Topic Starter

    It worked fine without any problems, and I ran the scan as requested. And here is the log.

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-06-16 18:31:03
    -----------------------------
    18:31:03.117 OS Version: Windows x64 6.1.7601 Service Pack 1
    18:31:03.117 Number of processors: 3 586 0x403
    18:31:03.118 ComputerName: JUSTIN-PC UserName: Justin
    18:31:07.945 Initialize success
    18:31:08.794 AVAST engine defs: 12061601
    18:33:06.885 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    18:33:06.886 Disk 0 Vendor: ST31000524AS JC45 Size: 953869MB BusType: 3
    18:33:06.911 Disk 0 MBR read successfully
    18:33:06.912 Disk 0 MBR scan
    18:33:06.914 Disk 0 Windows 7 default MBR code
    18:33:06.921 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    18:33:06.933 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
    18:33:06.942 Disk 0 scanning C:\Windows\system32\drivers
    18:33:12.302 Service scanning
    18:33:21.594 Modules scanning
    18:33:21.598 Disk 0 trace - called modules:
    18:33:21.614 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    18:33:21.616 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a2f060]
    18:33:21.942 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8004a2b1b0]
    18:33:21.945 5 ACPI.sys[fffff88000f017a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004a19060]
    18:33:24.215 AVAST engine scan C:\Windows
    18:33:26.620 AVAST engine scan C:\Windows\system32
    18:35:01.660 AVAST engine scan C:\Windows\system32\drivers
    18:35:10.667 AVAST engine scan C:\Users\Justin
    18:40:40.410 AVAST engine scan C:\ProgramData
    18:44:02.530 Scan finished successfully
    18:45:33.689 Disk 0 MBR has been saved successfully to "C:\Users\Justin\Desktop\MBR.dat"
    18:45:33.734 The log file has been saved successfully to "C:\Users\Justin\Desktop\aswMBR.txt"
     
  10. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Very well :)

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  11. Pershh

    Pershh TS Rookie Topic Starter

    Ran combofix and received that registry key error, but after restarting everything worked fine again. Here are the logs.


    ComboFix 12-06-15.06 - Justin 06/16/2012 19:39:05.4.3 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2359 [GMT -4:00]
    Running from: c:\users\Justin\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-16 to 2012-06-16 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-16 23:47 . 2012-06-16 23:479310----a-w-c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
    2012-06-16 23:47 . 2012-06-16 23:478646----a-w-c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
    2012-06-16 23:47 . 2012-06-16 23:476429----a-w-c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
    2012-06-16 23:47 . 2012-06-16 23:4763115----a-w-c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
    2012-06-16 23:47 . 2012-06-16 23:475927----a-w-c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
    2012-06-16 23:47 . 2012-06-16 23:474599----a-w-c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
    2012-06-16 22:14 . 2012-06-16 22:14116016----a-w-c:\windows\system32\drivers\66027724.sys
    2012-06-16 22:10 . 2012-06-16 22:10--------d-----w-C:\TDSSKiller_Quarantine
    2012-06-16 05:36 . 2012-06-16 05:38--------d-----w-c:\program files (x86)\Google
    2012-06-16 05:36 . 2012-03-06 23:0124408----a-w-c:\windows\system32\drivers\aswFsBlk.sys
    2012-06-16 05:36 . 2012-03-06 23:04337240----a-w-c:\windows\system32\drivers\aswSP.sys
    2012-06-16 05:36 . 2012-03-06 23:0253080----a-w-c:\windows\system32\drivers\aswRdr2.sys
    2012-06-16 05:36 . 2012-03-06 23:0159224----a-w-c:\windows\system32\drivers\aswTdi.sys
    2012-06-16 05:35 . 2012-03-06 23:04819032----a-w-c:\windows\system32\drivers\aswSnx.sys
    2012-06-16 05:35 . 2012-03-06 23:15258520----a-w-c:\windows\system32\aswBoot.exe
    2012-06-16 05:35 . 2012-03-06 23:0169976----a-w-c:\windows\system32\drivers\aswMonFlt.sys
    2012-06-16 05:35 . 2012-03-06 23:1541184----a-w-c:\windows\avastSS.scr
    2012-06-16 05:35 . 2012-03-06 23:15201352----a-w-c:\windows\SysWow64\aswBoot.exe
    2012-06-16 05:35 . 2012-06-16 05:35--------d-----w-c:\programdata\AVAST Software
    2012-06-16 05:35 . 2012-06-16 05:35--------d-----w-c:\program files\AVAST Software
    2012-06-16 05:01 . 2012-05-08 14:028955792----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{79801836-08E0-4822-8348-5B3512B410D2}\mpengine.dll
    2012-06-16 04:25 . 2012-06-16 04:25--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-06-15 02:24 . 2012-05-04 23:29772504----a-w-c:\windows\SysWow64\npDeployJava1.dll
    2012-06-15 01:59 . 2012-06-15 01:59927800------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9D94BE4-A55B-4AAA-A449-3C18F16896D4}\gapaengine.dll
    2012-06-15 01:59 . 2012-05-08 14:028955792----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-06-15 01:57 . 2012-06-15 01:57--------d-----w-c:\program files (x86)\Microsoft Security Client
    2012-06-15 01:57 . 2012-06-15 01:57--------d-----w-c:\program files\Microsoft Security Client
    2012-06-15 01:50 . 2012-05-04 11:00366592----a-w-c:\windows\system32\qdvd.dll
    2012-06-15 01:50 . 2012-05-04 09:59514560----a-w-c:\windows\SysWow64\qdvd.dll
    2012-06-14 21:45 . 2011-05-12 18:036144------w-c:\windows\system32\C3DB.tmp
    2012-06-14 21:37 . 2011-05-12 18:036144------w-c:\windows\system32\1219.tmp
    2012-06-14 21:24 . 2011-05-12 18:036144------w-c:\windows\system32\926.tmp
    2012-06-14 21:22 . 2011-05-12 18:036144------w-c:\windows\system32\53EA.tmp
    2012-06-14 21:22 . 2012-06-14 21:22--------d-----w-c:\program files (x86)\Sophos
    2012-06-14 21:11 . 2012-06-14 21:1112872----a-w-c:\windows\system32\bootdelete.exe
    2012-06-14 21:07 . 2012-06-14 21:11--------d-----w-c:\programdata\HitmanPro
    2012-06-14 06:12 . 2012-05-15 05:418955792----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{FBB33B4E-1854-4332-AFF3-29671E7927D1}\mpengine.dll
    2012-06-13 15:33 . 2012-04-26 05:4177312----a-w-c:\windows\system32\rdpwsx.dll
    2012-06-13 15:33 . 2012-04-26 05:41149504----a-w-c:\windows\system32\rdpcorekmts.dll
    2012-06-13 15:33 . 2012-04-26 05:349216----a-w-c:\windows\system32\rdrmemptylst.exe
    2012-06-13 15:33 . 2012-05-01 05:40209920----a-w-c:\windows\system32\profsvc.dll
    2012-06-13 15:33 . 2012-05-04 11:065559664----a-w-c:\windows\system32\ntoskrnl.exe
    2012-06-13 15:33 . 2012-05-04 10:033968368----a-w-c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-13 15:33 . 2012-05-04 10:033913072----a-w-c:\windows\SysWow64\ntoskrnl.exe
    2012-06-13 15:33 . 2012-05-15 01:323146752----a-w-c:\windows\system32\win32k.sys
    2012-06-13 15:32 . 2012-04-28 03:55210944----a-w-c:\windows\system32\drivers\rdpwd.sys
    2012-06-13 15:32 . 2012-04-07 12:313216384----a-w-c:\windows\system32\msi.dll
    2012-06-13 15:32 . 2012-04-07 11:262342400----a-w-c:\windows\SysWow64\msi.dll
    2012-06-13 15:32 . 2012-04-24 05:371462272----a-w-c:\windows\system32\crypt32.dll
    2012-06-13 15:32 . 2012-04-24 04:361158656----a-w-c:\windows\SysWow64\crypt32.dll
    2012-06-13 15:32 . 2012-04-24 05:37184320----a-w-c:\windows\system32\cryptsvc.dll
    2012-06-13 15:32 . 2012-04-24 05:37140288----a-w-c:\windows\system32\cryptnet.dll
    2012-06-13 15:32 . 2012-04-24 04:36140288----a-w-c:\windows\SysWow64\cryptsvc.dll
    2012-06-13 15:32 . 2012-04-24 04:36103936----a-w-c:\windows\SysWow64\cryptnet.dll
    2012-06-09 14:04 . 2012-06-09 14:04--------d-----w-C:\temp
    2012-05-25 02:32 . 2012-05-25 02:32--------d-----w-c:\users\Justin\AppData\Roaming\LolClient2
    2012-05-18 17:02 . 2012-05-18 17:02--------d-----w-c:\programdata\ATI
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-04 23:29 . 2011-06-29 17:03687504----a-w-c:\windows\SysWow64\deployJava1.dll
    2012-03-30 11:35 . 2012-05-10 15:211918320----a-w-c:\windows\system32\drivers\tcpip.sys
    2012-03-29 07:21 . 2012-03-29 07:2174752----a-w-c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-03-29 07:21 . 2012-03-29 07:21161792----a-w-c:\windows\SysWow64\msls31.dll
    2012-03-29 07:21 . 2012-03-29 07:21110592----a-w-c:\windows\SysWow64\IEAdvpack.dll
    2012-03-29 07:21 . 2012-03-29 07:2186528----a-w-c:\windows\SysWow64\iesysprep.dll
    2012-03-29 07:21 . 2012-03-29 07:2176800----a-w-c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-03-29 07:21 . 2012-03-29 07:2163488----a-w-c:\windows\SysWow64\tdc.ocx
    2012-03-29 07:21 . 2012-03-29 07:2148640----a-w-c:\windows\SysWow64\mshtmler.dll
    2012-03-29 07:21 . 2012-03-29 07:21367104----a-w-c:\windows\SysWow64\html.iec
    2012-03-29 07:21 . 2012-03-29 07:2174752----a-w-c:\windows\SysWow64\iesetup.dll
    2012-03-29 07:21 . 2012-03-29 07:21420864----a-w-c:\windows\SysWow64\vbscript.dll
    2012-03-29 07:21 . 2012-03-29 07:2123552----a-w-c:\windows\SysWow64\licmgr10.dll
    2012-03-29 07:21 . 2012-03-29 07:21152064----a-w-c:\windows\SysWow64\wextract.exe
    2012-03-29 07:21 . 2012-03-29 07:21150528----a-w-c:\windows\SysWow64\iexpress.exe
    2012-03-29 07:21 . 2012-03-29 07:2135840----a-w-c:\windows\SysWow64\imgutil.dll
    2012-03-29 07:21 . 2012-03-29 07:2111776----a-w-c:\windows\SysWow64\mshta.exe
    2012-03-29 07:21 . 2012-03-29 07:21101888----a-w-c:\windows\SysWow64\admparse.dll
    2012-03-29 07:21 . 2012-03-29 07:2189088----a-w-c:\windows\system32\RegisterIEPKEYs.exe
    2012-03-29 07:21 . 2012-03-29 07:21222208----a-w-c:\windows\system32\msls31.dll
    2012-03-29 07:21 . 2012-03-29 07:2149664----a-w-c:\windows\system32\imgutil.dll
    2012-03-29 07:21 . 2012-03-29 07:21135168----a-w-c:\windows\system32\IEAdvpack.dll
    2012-03-29 07:21 . 2012-03-29 07:2112288----a-w-c:\windows\system32\mshta.exe
    2012-03-29 07:21 . 2012-03-29 07:21114176----a-w-c:\windows\system32\admparse.dll
    2012-03-29 07:21 . 2012-03-29 07:2191648----a-w-c:\windows\system32\SetIEInstalledDate.exe
    2012-03-29 07:21 . 2012-03-29 07:2176800----a-w-c:\windows\system32\tdc.ocx
    2012-03-29 07:21 . 2012-03-29 07:2148640----a-w-c:\windows\system32\mshtmler.dll
    2012-03-29 07:21 . 2012-03-29 07:21448512----a-w-c:\windows\system32\html.iec
    2012-03-29 07:21 . 2012-03-29 07:21111616----a-w-c:\windows\system32\iesysprep.dll
    2012-03-29 07:21 . 2012-03-29 07:2185504----a-w-c:\windows\system32\iesetup.dll
    2012-03-29 07:21 . 2012-03-29 07:2130720----a-w-c:\windows\system32\licmgr10.dll
    2012-03-29 07:21 . 2012-03-29 07:21160256----a-w-c:\windows\system32\wextract.exe
    2012-03-29 07:21 . 2012-03-29 07:21603648----a-w-c:\windows\system32\vbscript.dll
    2012-03-29 07:21 . 2012-03-29 07:21165888----a-w-c:\windows\system32\iexpress.exe
    2012-03-21 00:44 . 2012-03-21 00:4498688----a-w-c:\windows\system32\drivers\NisDrvWFP.sys
    2012-03-21 00:44 . 2012-03-21 00:44203888----a-w-c:\windows\system32\drivers\MpFilter.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-06-14_03.13.05 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 04:54 . 2012-01-20 09:1716384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-06-16 23:4616384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-01-20 09:1732768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-06-16 23:4632768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-01-20 09:1716384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-06-16 23:4616384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-11-21 03:09 . 2012-06-16 22:1456630 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-06-16 22:1453546 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-06-29 17:01 . 2012-06-16 22:1419806 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-342600129-2650440487-3029507804-1002_UserData.bin
    + 2011-01-07 19:02 . 2011-01-07 19:0257168 c:\windows\system64\vcomp100.dll
    - 2010-03-18 16:36 . 2010-03-18 16:3657168 c:\windows\system64\vcomp100.dll
    + 2011-01-07 19:02 . 2011-01-07 19:0291472 c:\windows\system64\mfcm100u.dll
    - 2010-03-18 16:36 . 2010-03-18 16:3691472 c:\windows\system64\mfcm100u.dll
    + 2011-01-07 19:02 . 2011-01-07 19:0291472 c:\windows\system64\mfcm100.dll
    - 2010-03-18 16:36 . 2010-03-18 16:3691472 c:\windows\system64\mfcm100.dll
    + 2011-01-07 19:02 . 2011-01-07 19:0260752 c:\windows\system64\mfc100rus.dll
    - 2010-03-18 16:36 . 2010-03-18 16:3660752 c:\windows\system64\mfc100rus.dll
    + 2011-01-07 19:02 . 2011-01-07 19:0243344 c:\windows\system64\mfc100kor.dll
    - 2010-03-18 16:36 . 2010-03-18 16:3643344 c:\windows\system64\mfc100kor.dll
    + 2011-01-07 19:02 . 2011-01-07 19:0243856 c:\windows\system64\mfc100jpn.dll
    - 2010-03-18 16:36 . 2010-03-18 16:3643856 c:\windows\system64\mfc100jpn.dll
    - 2010-03-18 16:36 . 2010-03-18 16:3662288 c:\windows\system64\mfc100ita.dll
    + 2011-01-07 19:02 . 2011-01-07 19:0262288 c:\windows\system64\mfc100ita.dll
    - 2010-03-18 16:36 . 2010-03-18 16:3664336 c:\windows\system64\mfc100fra.dll
    + 2011-01-07 19:02 . 2011-01-07 19:0264336 c:\windows\system64\mfc100fra.dll
    + 2011-01-07 19:02 . 2011-01-07 19:0263824 c:\windows\system64\mfc100esn.dll
    - 2010-03-18 16:36 . 2010-03-18 16:3663824 c:\windows\system64\mfc100esn.dll
    + 2011-01-07 19:02 . 2011-01-07 19:0255120 c:\windows\system64\mfc100enu.dll
    - 2010-03-18 16:36 . 2010-03-18 16:3655120 c:\windows\system64\mfc100enu.dll
    + 2011-01-07 19:02 . 2011-01-07 19:0264336 c:\windows\system64\mfc100deu.dll
    - 2010-03-18 16:36 . 2010-03-18 16:3664336 c:\windows\system64\mfc100deu.dll
    - 2010-03-18 16:36 . 2010-03-18 16:3636176 c:\windows\system64\mfc100cht.dll
    + 2011-01-07 19:02 . 2011-01-07 19:0236176 c:\windows\system64\mfc100cht.dll
    + 2011-01-07 19:02 . 2011-01-07 19:0236176 c:\windows\system64\mfc100chs.dll
    - 2010-03-18 16:36 . 2010-03-18 16:3636176 c:\windows\system64\mfc100chs.dll
    + 2012-03-21 00:44 . 2012-03-21 00:4498688 c:\windows\system64\drivers\NisDrvWFP.sys
    + 2012-06-16 05:36 . 2012-03-06 23:0159224 c:\windows\system64\drivers\aswTdi.sys
    + 2012-06-16 05:36 . 2012-03-06 23:0253080 c:\windows\system64\drivers\aswRdr2.sys
    + 2012-06-16 05:35 . 2012-03-06 23:0169976 c:\windows\system64\drivers\aswMonFlt.sys
    + 2012-06-16 05:36 . 2012-03-06 23:0124408 c:\windows\system64\drivers\aswFsBlk.sys
    + 2011-06-29 19:51 . 2012-06-16 05:2116384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-06-29 19:51 . 2012-06-14 02:1916384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-06-29 19:51 . 2012-06-16 05:2132768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-06-29 19:51 . 2012-06-14 02:1932768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-06-16 05:2116384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-06-14 02:1916384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-06-14 21:11 . 2012-06-14 21:1112872 c:\windows\system64\bootdelete.exe
    + 2010-11-21 03:09 . 2012-06-16 22:1456630 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-06-16 22:1453546 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-06-29 17:01 . 2012-06-16 22:1419806 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-342600129-2650440487-3029507804-1002_UserData.bin
    - 2010-03-18 16:36 . 2010-03-18 16:3657168 c:\windows\system32\vcomp100.dll
    + 2011-01-07 19:02 . 2011-01-07 19:0257168 c:\windows\system32\vcomp100.dll
    + 2011-01-07 19:02 . 2011-01-07 19:0291472 c:\windows\system32\mfcm100u.dll
    - 2010-03-18 16:36 . 2010-03-18 16:3691472 c:\windows\system32\mfcm100u.dll
    - 2010-03-18 16:36 . 2010-03-18 16:3691472 c:\windows\system32\mfcm100.dll
    + 2011-01-07 19:02 . 2011-01-07 19:0291472 c:\windows\system32\mfcm100.dll
    + 2011-01-07 19:02 . 2011-01-07 19:0260752 c:\windows\system32\mfc100rus.dll
    - 2010-03-18 16:36 . 2010-03-18 16:3660752 c:\windows\system32\mfc100rus.dll
    + 2011-01-07 19:02 . 2011-01-07 19:0243344 c:\windows\system32\mfc100kor.dll
    - 2010-03-18 16:36 . 2010-03-18 16:3643344 c:\windows\system32\mfc100kor.dll
    - 2010-03-18 16:36 . 2010-03-18 16:3643856 c:\windows\system32\mfc100jpn.dll
    + 2011-01-07 19:02 . 2011-01-07 19:0243856 c:\windows\system32\mfc100jpn.dll
    - 2010-03-18 16:36 . 2010-03-18 16:3662288 c:\windows\system32\mfc100ita.dll
    + 2011-01-07 19:02 . 2011-01-07 19:0262288 c:\windows\system32\mfc100ita.dll
    + 2011-01-07 19:02 . 2011-01-07 19:0264336 c:\windows\system32\mfc100fra.dll
    - 2010-03-18 16:36 . 2010-03-18 16:3664336 c:\windows\system32\mfc100fra.dll
    + 2011-01-07 19:02 . 2011-01-07 19:0263824 c:\windows\system32\mfc100esn.dll
    - 2010-03-18 16:36 . 2010-03-18 16:3663824 c:\windows\system32\mfc100esn.dll
    - 2010-03-18 16:36 . 2010-03-18 16:3655120 c:\windows\system32\mfc100enu.dll
    + 2011-01-07 19:02 . 2011-01-07 19:0255120 c:\windows\system32\mfc100enu.dll
    - 2010-03-18 16:36 . 2010-03-18 16:3664336 c:\windows\system32\mfc100deu.dll
    + 2011-01-07 19:02 . 2011-01-07 19:0264336 c:\windows\system32\mfc100deu.dll
    + 2011-01-07 19:02 . 2011-01-07 19:0236176 c:\windows\system32\mfc100cht.dll
    - 2010-03-18 16:36 . 2010-03-18 16:3636176 c:\windows\system32\mfc100cht.dll
    + 2011-01-07 19:02 . 2011-01-07 19:0236176 c:\windows\system32\mfc100chs.dll
    - 2010-03-18 16:36 . 2010-03-18 16:3636176 c:\windows\system32\mfc100chs.dll
    - 2011-06-29 19:51 . 2012-06-14 02:1916384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-06-29 19:51 . 2012-06-16 05:2116384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-06-29 19:51 . 2012-06-14 02:1932768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-06-29 19:51 . 2012-06-16 05:2132768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-06-14 02:1916384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-06-16 05:2116384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:46 . 2012-06-15 23:5892960 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    - 2009-07-14 04:46 . 2012-06-14 02:2392960 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2012-06-16 05:42 . 2012-06-16 05:4225600 c:\windows\Installer\44ce36.msi
    + 2011-07-06 05:38 . 2012-06-15 02:185104 c:\windows\system64\wdi\ERCQueuedResolutions.dat
    - 2011-07-06 05:38 . 2012-06-10 09:045104 c:\windows\system64\wdi\ERCQueuedResolutions.dat
    - 2011-07-06 05:38 . 2012-06-10 09:045104 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    + 2011-07-06 05:38 . 2012-06-15 02:185104 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    - 2012-06-14 03:11 . 2012-06-14 03:112048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-06-16 23:46 . 2012-06-16 23:462048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-06-16 23:46 . 2012-06-16 23:462048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-06-14 03:11 . 2012-06-14 03:112048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-01-20 01:15 . 2011-10-26 05:25366592 c:\windows\system64\qdvd.dll
    + 2012-06-15 01:50 . 2012-05-04 11:00366592 c:\windows\system64\qdvd.dll
    + 2011-01-07 19:02 . 2011-01-07 19:02827728 c:\windows\system64\msvcr100.dll
    - 2010-03-18 16:36 . 2010-03-18 16:36827728 c:\windows\system64\msvcr100.dll
    + 2011-01-07 19:02 . 2011-01-07 19:02608080 c:\windows\system64\msvcp100.dll
    - 2010-11-21 03:27 . 2012-01-31 12:44279656 c:\windows\system64\MpSigStub.exe
    + 2010-11-21 03:27 . 2012-02-23 14:18279656 c:\windows\system64\MpSigStub.exe
    + 2012-03-21 00:44 . 2012-03-21 00:44203888 c:\windows\system64\drivers\MpFilter.sys
    + 2012-06-16 05:36 . 2012-03-06 23:04337240 c:\windows\system64\drivers\aswSP.sys
    + 2012-06-16 05:35 . 2012-03-06 23:04819032 c:\windows\system64\drivers\aswSnx.sys
    + 2012-06-16 22:14 . 2012-06-16 22:14116016 c:\windows\system64\drivers\66027724.sys
    + 2011-01-07 19:02 . 2011-01-07 19:02158536 c:\windows\system64\atl100.dll
    - 2010-03-18 16:36 . 2010-03-18 16:36158536 c:\windows\system64\atl100.dll
    + 2012-06-16 05:35 . 2012-03-06 23:15258520 c:\windows\system64\aswBoot.exe
    - 2010-03-18 16:36 . 2010-03-18 16:36827728 c:\windows\system32\msvcr100.dll
    + 2011-01-07 19:02 . 2011-01-07 19:02827728 c:\windows\system32\msvcr100.dll
    + 2011-01-07 19:02 . 2011-01-07 19:02608080 c:\windows\system32\msvcp100.dll
    - 2010-11-21 03:27 . 2012-01-31 12:44279656 c:\windows\system32\MpSigStub.exe
    + 2010-11-21 03:27 . 2012-02-23 14:18279656 c:\windows\system32\MpSigStub.exe
    - 2010-03-18 16:36 . 2010-03-18 16:36158536 c:\windows\system32\atl100.dll
    + 2011-01-07 19:02 . 2011-01-07 19:02158536 c:\windows\system32\atl100.dll
    - 2009-07-14 05:01 . 2012-06-14 03:10389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-06-16 23:45389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2012-05-01 07:01 . 2012-05-01 07:01109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
    + 2012-05-01 07:01 . 2012-06-15 01:57109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
    + 2012-06-15 01:57 . 2012-06-15 01:57123352 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\MSE.exe
    - 2012-05-01 07:01 . 2012-05-01 07:01109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
    + 2012-05-01 07:01 . 2012-06-15 01:57109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
    + 2012-05-01 07:01 . 2012-06-15 01:57109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
    - 2012-05-01 07:01 . 2012-05-01 07:01109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
    + 2012-05-01 07:01 . 2012-06-15 01:57109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
    - 2012-05-01 07:01 . 2012-05-01 07:01109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
    + 2011-01-14 11:10 . 2011-01-14 11:10155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL
    + 2011-01-14 11:10 . 2011-01-14 11:10140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL
    + 2009-07-14 02:36 . 2012-06-16 22:164851446 c:\windows\system64\perfh009.dat
    + 2009-07-14 02:36 . 2012-06-16 22:161538826 c:\windows\system64\perfc009.dat
    + 2011-01-07 19:02 . 2011-01-07 19:025523280 c:\windows\system64\mfc100u.dll
    - 2010-03-18 16:36 . 2010-03-18 16:365493576 c:\windows\system64\mfc100.dll
    + 2011-01-07 19:02 . 2011-01-07 19:025493576 c:\windows\system64\mfc100.dll
    + 2009-07-14 02:36 . 2012-06-16 22:164851446 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-06-16 22:161538826 c:\windows\system32\perfc009.dat
    + 2011-01-07 19:02 . 2011-01-07 19:025523280 c:\windows\system32\mfc100u.dll
    + 2011-01-07 19:02 . 2011-01-07 19:025493576 c:\windows\system32\mfc100.dll
    - 2010-03-18 16:36 . 2010-03-18 16:365493576 c:\windows\system32\mfc100.dll
    + 2009-07-14 04:45 . 2012-06-15 02:217226345 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    - 2009-07-14 04:45 . 2012-06-13 23:287226345 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2012-01-20 02:43 . 2012-06-16 22:112248084 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-342600129-2650440487-3029507804-1002-12288.dat
    + 2012-03-26 23:21 . 2012-03-26 23:217622656 c:\windows\Installer\f067b0.msi
    + 2011-01-08 00:05 . 2011-01-08 00:054583936 c:\windows\Installer\eabe6e.msp
    + 2011-01-15 13:46 . 2011-01-15 13:462049536 c:\windows\Installer\eabe57.msi
    + 2011-07-21 16:34 . 2011-07-21 16:343456000 c:\windows\Installer\43d15c.msp
    + 2011-01-14 11:10 . 2011-01-14 11:102395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL
    + 2011-01-14 11:10 . 2011-01-14 11:102180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL
    + 2011-01-14 11:10 . 2011-01-14 11:103443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL
    + 2011-06-30 09:03 . 2012-06-16 22:1115608172 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-342600129-2650440487-3029507804-1002-8192.dat
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-03-28 16:22176936----a-w-c:\program files (x86)\ConduitEngine\prxConduitEngin.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-15 2369536]
    "Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-03-17 5309056]
    "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-16 136176]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-16 136176]
    R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\C3DB.tmp [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-15 361984]
    S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]
    S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    AkamaiREG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-16 05:36]
    .
    2012-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-16 05:36]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-06 23:15135408----a-w-c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://www.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = 127.0.0.1:9421
    TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    Toolbar-Locked - (no file)
    Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    Wow6432Node-HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    AddRemove-NCsoft-Aion - c:\program files (x86)\NCSoft\Launcher\NCLauncher.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\C3DB.tmp"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\windows\DAODx.exe
    .
    **************************************************************************
    .
    Completion time: 2012-06-16 19:52:47 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-06-16 23:52
    ComboFix2.txt 2012-06-14 20:47
    ComboFix3.txt 2012-06-14 19:35
    ComboFix4.txt 2012-06-14 03:31
    .
    Pre-Run: 886,003,773,440 bytes free
    Post-Run: 885,917,589,504 bytes free
    .
    - - End Of File - - FBFDD37AFE363627BB4338789A3D9D52
     
  12. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    How is redirection?

    How come do you have two AV programs running now, Avast and MSE?
    You must uninstall one of them.

    Combofix log looks good.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. Pershh

    Pershh TS Rookie Topic Starter

    OTL logfile created on: 6/16/2012 10:48:13 PM - Run 1
    OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Justin\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 69.30% Memory free
    7.99 Gb Paging File | 6.73 Gb Available in Paging File | 84.12% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 825.23 Gb Free Space | 88.60% Space Free | Partition Type: NTFS

    Computer Name: JUSTIN-PC | User Name: Justin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/06/16 21:40:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe
    PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/07/22 02:57:30 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2010/06/24 02:19:50 | 000,109,056 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
    PRC - [2010/04/26 22:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    PRC - [2010/03/16 21:22:40 | 005,309,056 | ---- | M] (
    ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU\EPU.exe
    PRC - [2009/10/26 16:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
    PRC - [2009/10/26 16:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
    PRC - [2009/03/30 02:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe


    ========== Modules (No Company Name) ==========

    MOD - [2010/01/08 20:17:24 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\pngio.dll
    MOD - [2010/01/08 20:17:24 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll
    MOD - [2009/09/29 23:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
    MOD - [2009/06/27 13:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
    MOD - [2009/04/22 23:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsusService.dll
    MOD - [2009/03/30 02:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2012/02/14 23:16:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
    SRV:64bit: - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2011/04/19 22:04:18 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/05/29 19:16:19 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
    SRV - [2012/05/09 19:36:28 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/07/22 02:57:30 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2011/01/19 01:40:00 | 004,225,592 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
    SRV - [2010/06/24 02:19:50 | 000,109,056 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/10/26 16:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
    DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
    DRV:64bit: - [2012/03/06 19:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012/03/06 19:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012/03/06 19:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2012/03/06 19:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012/03/06 19:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012/03/06 19:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/01/03 23:22:54 | 000,055,936 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
    DRV:64bit: - [2011/12/08 00:22:28 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
    DRV:64bit: - [2011/12/08 00:22:28 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
    DRV:64bit: - [2011/12/08 00:22:28 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
    DRV:64bit: - [2011/12/05 15:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/05/12 14:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\C3DB.tmp -- (MEMSWEEP2)
    DRV:64bit: - [2011/04/19 22:44:48 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/04/19 21:22:32 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/04/26 21:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2010/04/26 21:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2010/03/02 07:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV:64bit: - [2010/02/18 12:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
    DRV:64bit: - [2010/01/11 07:28:35 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
    DRV:64bit: - [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2009/07/15 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/04 21:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2005/01/04 14:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {21A51130-7285-49FE-B3F6-2385CC71CDEA}
    IE:64bit: - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
    IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
    IE - HKLM\..\SearchScopes,DefaultScope = {21A51130-7285-49FE-B3F6-2385CC71CDEA}
    IE - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-342600129-2650440487-3029507804-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKU\S-1-5-21-342600129-2650440487-3029507804-1002\..\SearchScopes,DefaultScope = {65E8C3A6-53D0-47ba-9000-63E2077867BE}
    IE - HKU\S-1-5-21-342600129-2650440487-3029507804-1002\..\SearchScopes\{54762E6D-7573-4bd0-9C31-2402712B01A1}: "URL" = http://www.google.com/cse?cx=partne...me?cx=partner-pub-3794288947762788:4067623346
    IE - HKU\S-1-5-21-342600129-2650440487-3029507804-1002\..\SearchScopes\{65E8C3A6-53D0-47ba-9000-63E2077867BE}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM
    IE - HKU\S-1-5-21-342600129-2650440487-3029507804-1002\..\SearchScopes\{703B5B95-CB18-414c-8F76-BF0FE9F328FA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH
    IE - HKU\S-1-5-21-342600129-2650440487-3029507804-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-342600129-2650440487-3029507804-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: avast! WebRep = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
    CHR - Extension: Gmail = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/06/16 19:49:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
    O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-342600129-2650440487-3029507804-1002\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
    O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
    O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
    ASUSTeK Computer Inc.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-342600129-2650440487-3029507804-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-342600129-2650440487-3029507804-1002\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-342600129-2650440487-3029507804-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A9E3075-1912-4E2B-B5F9-31FF1BCDDACB}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.bdmpeg - C:\Windows\SysWow64\bdmpega.acm ()
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.mpeg - C:\Windows\SysWow64\bdmpegv.dll ()

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/06/16 21:40:50 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe
    [2012/06/16 19:52:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/06/16 19:49:46 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/06/16 19:34:46 | 004,559,503 | R--- | C] (Swearware) -- C:\Users\Justin\Desktop\ComboFix.exe
    [2012/06/16 18:14:05 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\66027724.sys
    [2012/06/16 18:10:44 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/06/16 18:08:57 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Justin\Desktop\TDSSKiller.exe
    [2012/06/16 18:07:32 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2012/06/16 18:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2012/06/16 02:34:12 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Justin\Desktop\aswMBR.exe
    [2012/06/16 01:38:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2012/06/16 01:36:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
    [2012/06/16 01:36:08 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/06/16 01:36:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/06/16 01:36:07 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/06/16 01:36:01 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2012/06/16 01:36:00 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/06/16 01:35:58 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/06/16 01:35:54 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/06/16 01:35:54 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/06/16 01:35:30 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/06/16 01:35:29 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/06/16 01:35:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/06/16 01:35:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/06/16 01:27:09 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Justin\Desktop\boot_cleaner.exe
    [2012/06/16 00:42:55 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Justin\Desktop\dds.scr
    [2012/06/16 00:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/06/16 00:25:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/06/14 17:22:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
    [2012/06/14 17:11:52 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
    [2012/06/14 17:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
    [2012/06/13 22:32:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/06/13 22:32:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/06/13 22:32:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/06/13 22:31:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/06/13 22:07:01 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/06/09 10:04:43 | 000,000,000 | ---D | C] -- C:\temp
    [2012/05/31 03:23:36 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Justin\Desktop\minecraft.exe
    [2012/05/24 22:32:27 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\LolClient2
    [2012/05/18 13:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
    [4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/06/16 22:48:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/16 21:40:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe
    [2012/06/16 21:39:03 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/06/16 20:47:10 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/06/16 20:47:10 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/06/16 20:44:34 | 004,888,592 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/06/16 20:44:34 | 001,551,384 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/06/16 20:44:34 | 000,006,402 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/06/16 20:40:15 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/16 20:39:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/06/16 20:39:52 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys
    [2012/06/16 19:49:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/06/16 19:34:44 | 004,559,503 | R--- | M] (Swearware) -- C:\Users\Justin\Desktop\ComboFix.exe
    [2012/06/16 18:45:33 | 000,000,512 | ---- | M] () -- C:\Users\Justin\Desktop\MBR.dat
    [2012/06/16 18:14:05 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\66027724.sys
    [2012/06/16 02:34:34 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Justin\Desktop\aswMBR.exe
    [2012/06/16 01:38:12 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/06/16 01:38:12 | 000,002,239 | ---- | M] () -- C:\Users\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/06/16 01:36:08 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/06/16 01:35:54 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/06/16 00:42:55 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Justin\Desktop\dds.scr
    [2012/06/16 00:35:51 | 000,302,592 | ---- | M] () -- C:\Users\Justin\Desktop\t9sm08gw.exe
    [2012/06/16 00:25:21 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/06/15 15:15:16 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Justin\Desktop\TDSSKiller.exe
    [2012/06/14 21:57:28 | 000,006,368 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/06/14 17:11:52 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
    [2012/06/13 19:25:53 | 000,413,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/06/01 00:01:16 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Justin\Desktop\minecraft.exe
    [2012/05/18 14:31:58 | 000,000,024 | ---- | M] () -- C:\Users\Justin\random.dat
    [2012/05/18 14:09:19 | 000,000,045 | ---- | M] () -- C:\Users\Justin\jagex_cl_runescape_LIVE.dat
    [4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/06/16 18:45:33 | 000,000,512 | ---- | C] () -- C:\Users\Justin\Desktop\MBR.dat
    [2012/06/16 01:38:12 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/06/16 01:38:12 | 000,002,239 | ---- | C] () -- C:\Users\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/06/16 01:36:20 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/16 01:36:18 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/16 01:36:08 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/06/16 01:35:54 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2012/06/16 00:35:51 | 000,302,592 | ---- | C] () -- C:\Users\Justin\Desktop\t9sm08gw.exe
    [2012/06/16 00:25:21 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/06/13 22:32:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/06/13 22:32:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/06/13 22:32:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/06/13 22:32:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/06/13 22:32:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/04/30 16:03:29 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2012/02/19 03:29:45 | 000,007,605 | ---- | C] () -- C:\Users\Justin\AppData\Local\Resmon.ResmonCfg
    [2012/02/14 23:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
    [2012/02/14 22:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012/02/14 22:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2012/02/02 22:44:56 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
    [2012/02/02 22:44:56 | 000,002,411 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
    [2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
    [2011/12/27 01:49:11 | 000,000,224 | -H-- | C] () -- C:\ProgramData\~5udwrCj7Ny6dnCr
    [2011/12/27 01:49:10 | 000,000,312 | -H-- | C] () -- C:\ProgramData\~5udwrCj7Ny6dnC
    [2011/12/27 01:49:07 | 000,000,456 | -H-- | C] () -- C:\ProgramData\5udwrCj7Ny6dnC
    [2011/12/23 03:06:45 | 000,012,238 | -HS- | C] () -- C:\Users\Justin\AppData\Local\125513a6u583a638v131u6gte1t8
    [2011/12/17 20:27:51 | 000,012,650 | -HS- | C] () -- C:\Users\Justin\AppData\Local\63770g56ne81shr88ulk37k8lq5j6
    [2011/12/17 20:27:51 | 000,012,650 | -HS- | C] () -- C:\ProgramData\63770g56ne81shr88ulk37k8lq5j6
    [2011/12/13 21:00:50 | 000,006,368 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/10/31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
    [2011/10/31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
    [2011/10/31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
    [2011/10/31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
    [2011/10/09 00:27:52 | 000,000,272 | ---- | C] () -- C:\Windows\reimage.ini
    [2011/10/08 19:10:25 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
    [2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011/08/30 13:40:49 | 000,000,032 | RH-- | C] () -- C:\ProgramData\hash.dat
    [2011/07/22 02:57:32 | 000,281,656 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2011/07/22 02:57:30 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2011/06/18 04:08:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011/06/18 04:04:15 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
    [2011/06/18 04:04:15 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
    [2011/06/18 04:00:53 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
    [2011/06/18 04:00:30 | 000,043,709 | ---- | C] () -- C:\Windows\Ascd_log.ini
    [2011/06/18 03:59:57 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2011/06/18 03:59:53 | 000,030,223 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
    [2011/03/17 13:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

    ========== LOP Check ==========

    [2011/12/27 03:52:31 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\.minecraft
    [2012/02/10 02:28:40 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\AtomZombieData
    [2012/02/10 21:07:08 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\BigHugeEngine
    [2011/12/27 04:09:35 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\DAEMON Tools Pro
    [2011/07/07 14:19:22 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\GetRightToGo
    [2011/12/27 20:10:07 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\GlarySoft
    [2011/12/27 03:43:35 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Kalypso Media
    [2011/06/30 01:19:02 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\LolClient
    [2012/05/24 22:32:27 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\LolClient2
    [2011/09/16 15:37:46 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Mount&Blade Warband
    [2012/05/29 17:09:14 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Natural Selection 2
    [2012/02/06 19:30:18 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Samsung
    [2012/03/05 02:43:02 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\UDP Software
    [2012/04/16 19:15:23 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========
     
  14. Pershh

    Pershh TS Rookie Topic Starter

    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2012/06/16 19:52:47 | 000,038,809 | ---- | M] () -- C:\ComboFix.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2012/06/16 20:39:52 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2005/09/23 00:39:38 | 000,894,976 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2012/06/16 20:39:57 | 4293,058,560 | -HS- | M] () -- C:\pagefile.sys
    [2012/06/16 18:11:23 | 000,131,414 | ---- | M] () -- C:\TDSSKiller.2.7.40.0_16.06.2012_18.09.46_log.txt
    [2012/06/16 18:14:11 | 000,003,642 | ---- | M] () -- C:\TDSSKiller.2.7.40.0_16.06.2012_18.14.05_log.txt
    [2012/06/16 18:22:44 | 000,126,442 | ---- | M] () -- C:\TDSSKiller.2.7.40.0_16.06.2012_18.22.09_log.txt
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\Fonts\*.com >
    [2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2012/03/06 19:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2010/04/17 04:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2012/03/29 12:47:10 | 000,000,221 | -HS- | M] () -- C:\Users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/06/16 02:34:34 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Justin\Desktop\aswMBR.exe
    [2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Justin\Desktop\boot_cleaner.exe
    [2012/06/16 19:34:44 | 004,559,503 | R--- | M] (Swearware) -- C:\Users\Justin\Desktop\ComboFix.exe
    [2012/06/01 00:01:16 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Justin\Desktop\minecraft.exe
    [2012/06/16 21:40:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe
    [2011/01/25 01:48:50 | 001,400,832 | ---- | M] () -- C:\Users\Justin\Desktop\RelicAutoPatcher_1102_English.exe
    [2012/06/16 00:35:51 | 000,302,592 | ---- | M] () -- C:\Users\Justin\Desktop\t9sm08gw.exe
    [2012/06/15 15:15:16 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Justin\Desktop\TDSSKiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/06/16 20:40:15 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/16 22:48:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/16 20:40:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/04/16 19:15:23 | 000,032,600 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >
    [2009/12/22 20:13:20 | 000,002,216 | ---- | M] () -- C:\Windows\AppPatch\Custom\{1745a178-4028-460a-902d-d37811a4fb1e}.sdb

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/02/15 09:27:33 | 000,000,402 | -HS- | M] () -- C:\Users\Justin\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >
    [2011/12/23 07:58:24 | 000,143,360 | ---- | M] () -- C:\Windows\system32\system32\3DAudio.ax
    [2011/12/23 07:58:24 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\system32\avrt.dll
    [2011/12/23 07:58:24 | 000,974,848 | ---- | M] () -- C:\Windows\system32\system32\cis-2.4.dll
    [2011/12/23 07:58:24 | 000,081,920 | ---- | M] () -- C:\Windows\system32\system32\issacapi_bs-2.3.dll
    [2011/12/23 07:58:24 | 000,065,536 | ---- | M] () -- C:\Windows\system32\system32\issacapi_pe-2.3.dll
    [2011/12/23 07:58:24 | 000,057,344 | ---- | M] () -- C:\Windows\system32\system32\issacapi_se-2.3.dll
    [2011/12/23 07:58:24 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\system32\MACXMLProto.dll
    [2011/12/23 07:58:24 | 000,118,784 | ---- | M] ((주)마크애니) -- C:\Windows\system32\system32\MaDRM.dll
    [2011/12/23 07:58:24 | 000,049,152 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\system32\MaJGUILib.dll
    [2011/12/23 07:58:24 | 000,040,960 | ---- | M] (마크애니연구소) -- C:\Windows\system32\system32\MAMACExtract.dll
    [2011/12/23 07:58:24 | 000,024,576 | ---- | M] ((주)마크애니) -- C:\Windows\system32\system32\MASetupCleaner.exe
    [2011/12/23 07:58:24 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\system32\MaXMLProto.dll
    [2011/12/23 07:58:24 | 000,382,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\system32\mfplat.dll
    [2011/12/23 07:58:24 | 000,057,344 | ---- | M] (Marktek) -- C:\Windows\system32\system32\MK_Lyric.dll
    [2011/12/23 07:58:24 | 000,245,760 | ---- | M] (Teruten Inc.) -- C:\Windows\system32\system32\MSCLib.dll
    [2011/12/23 07:58:24 | 000,155,648 | ---- | M] (Teruten Inc.) -- C:\Windows\system32\system32\MSFLib.dll
    [2011/12/23 07:58:24 | 000,352,256 | ---- | M] (Sample Corporation) -- C:\Windows\system32\system32\MSLUR71.dll
    [2011/12/23 07:58:24 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\system32\msvcp60.dll
    [2011/12/23 07:58:24 | 000,040,960 | ---- | M] (Telechips Inc.,) -- C:\Windows\system32\system32\MTTELECHIP.dll
    [2011/12/23 07:58:24 | 000,057,344 | ---- | M] (Marktek Inc.) -- C:\Windows\system32\system32\MTXSYNCICON.dll
    [2011/12/23 07:58:24 | 000,135,168 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\system32\system32\muzaf1.dll
    [2011/12/23 07:58:24 | 000,491,520 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\system32\system32\muzapp.dll
    [2011/12/23 07:58:24 | 000,172,032 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\system32\system32\muzapp.exe
    [2011/12/23 07:58:24 | 000,569,344 | ---- | M] ((c) MusicCity) -- C:\Windows\system32\system32\muzdecode.ax
    [2011/12/23 07:58:24 | 000,122,880 | ---- | M] ((c) MUSICCITY) -- C:\Windows\system32\system32\muzeffect.ax
    [2011/12/23 07:58:24 | 000,110,592 | ---- | M] ((c) MusicCity) -- C:\Windows\system32\system32\muzmp4sp.ax
    [2011/12/23 07:58:24 | 000,131,072 | ---- | M] ((c) MusicCity) -- C:\Windows\system32\system32\muzmpgsp.ax
    [2011/12/23 07:58:24 | 000,258,048 | ---- | M] ((c) PeeringPortal) -- C:\Windows\system32\system32\muzoggsp.ax
    [2011/12/23 07:58:24 | 000,200,704 | ---- | M] ( (c) MusicCity) -- C:\Windows\system32\system32\muzwmts.dll
    [2011/12/23 07:58:24 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\system32\psapi.dll

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/12/27 01:50:14 | 000,000,456 | -H-- | M] () -- C:\ProgramData\5udwrCj7Ny6dnC
    [2011/12/17 21:20:54 | 000,012,650 | -HS- | M] () -- C:\ProgramData\63770g56ne81shr88ulk37k8lq5j6
    [2011/12/27 01:49:11 | 000,000,312 | -H-- | M] () -- C:\ProgramData\~5udwrCj7Ny6dnC
    [2011/12/27 01:49:11 | 000,000,224 | -H-- | M] () -- C:\ProgramData\~5udwrCj7Ny6dnCr

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\Windows\system64] -> \systemroot\system32 -> Mount Point

    < End of report >
     
  15. Pershh

    Pershh TS Rookie Topic Starter

    OTL Extras logfile created on: 6/16/2012 10:48:13 PM - Run 1
    OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Justin\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 69.30% Memory free
    7.99 Gb Paging File | 6.73 Gb Available in Paging File | 84.12% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 825.23 Gb Free Space | 88.60% Space Free | Partition Type: NTFS

    Computer Name: JUSTIN-PC | User Name: Justin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-342600129-2650440487-3029507804-1002\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "UpdatesDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01636542-244E-47B1-A354-12989A50A5B3}" = lport=445 | protocol=6 | dir=in | app=system |
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{07BB1D89-1614-47E0-9964-52410DE234D4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{08DC0219-F1E8-4F6F-BE9C-84D6FAC46B82}" = lport=139 | protocol=6 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4214C395-E5EF-40A9-AE4F-5D508478F036}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{4EFC1B71-A67C-4DF7-A77D-DA7FAFFAC2BE}" = rport=139 | protocol=6 | dir=out | app=system |
    "{5358F1C6-4384-449C-9756-04A13BD2B6A2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{54057BC9-A610-4E4D-A03E-278B6A026C32}" = rport=138 | protocol=17 | dir=out | app=system |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6054BC5F-EC48-4027-8676-B10E63451B1A}" = lport=137 | protocol=17 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6ED5B206-A50F-4508-9A7B-030CF9DEB7E2}" = rport=137 | protocol=17 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{72D0A752-9C7E-4236-8C73-6BD3B1BA0915}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{73488E70-7EE8-4F4E-B343-5EBB26237CC1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A7D39D3A-D358-4537-910D-E8B9BDAFED8F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{B68B5F43-C8B1-44C0-A9D5-C06437776AFC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B92BB471-453D-4101-A322-84CF4A37E3C1}" = lport=138 | protocol=17 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C786BE67-CB9C-424A-B305-0D8C6F6A57FB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C82D830F-6889-483E-9BB8-57F2C59F17AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{CA1C0C48-CBB0-4A61-A510-BB55AB9471F2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D00E53CC-1FBA-4124-A373-86ED61E16B87}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{D434F153-98F3-43B2-B490-73E9AC0D0108}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{D7B1846C-88A0-4041-A589-0E5045B8D4B4}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{EA91D41B-D053-4240-8149-E2B249A55257}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{F4313E37-335B-4419-B9E3-14A4A47356BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{F4CCB40C-3EEF-4C2B-829D-D9B176A9F8F2}" = rport=445 | protocol=6 | dir=out | app=system |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{FC284A92-C3A4-4C06-B149-09795096FEEE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{0A24B5DB-30E3-4A22-9944-0DB8194914C2}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{15285B35-802C-4016-8190-E3EDC021B72F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\launchpad.exe |
    "{1788C47E-C0E7-4638-BAA7-CF09684E55F0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{18C317E8-0D58-4647-ABBE-2EE230594ADA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{1BD1BFF1-866D-479C-B628-B6A7DA4323FD}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
    "{330701A3-A352-4BB1-89E3-731418CEF79F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{338E6B28-7D45-426E-8A75-A878756ECBA2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{33A18AF9-12A9-4E55-BDF9-86F5AA9E8452}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{368F4C44-E21C-49BF-AB44-5C7ACD02ABFA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{37310D53-6FDD-4DE3-A47D-0C7FF66EF1FC}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{3F8CDD59-1DCA-4F28-9BEE-F2D6428142E2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{446A64D1-6C38-4397-B415-E02FF45D6C16}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
    "{45DD60AD-420F-4F34-904D-5D9BDF7D3F14}" = protocol=6 | dir=in | app=c:\users\justin\appdata\local\akamai\netsession_win.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{49371394-59C8-4586-B8A2-E3DE064D87EF}" = protocol=17 | dir=in | app=c:\users\justin\appdata\local\akamai\netsession_win.exe |
    "{49B8DF04-7171-4EB0-A1BA-5A9FE124F2DA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{4A8F17B4-E574-48BF-82A0-855662FEAB0C}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
    "{4C1E7D8B-E6CB-4AC9-BD80-81B6D0301560}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{53AD2BA8-A0BB-4BD7-9BE7-53C94A8019AA}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{59925F6E-CC5D-43DA-9B4D-13BB162B4684}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{5F57464E-20FB-4050-94C3-297F41584D0C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{646E13DD-E0CA-4CEE-83F1-A5569460056F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{6A08DD07-74D0-4681-A09C-A033720E5C3E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe |
    "{702D8959-1637-4658-91D4-F73E7C44B0A4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{70E44D6C-9487-45EB-80CA-296B94D0B0A2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{7409B76B-D7FB-4562-BBA9-948632CE444E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\launchpad.exe |
    "{74B22BF0-FABF-448C-9AA8-90D984F87ACA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{757AF372-81EB-4C6B-88D9-F9E917265258}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
    "{7A9CFC43-B088-4A2D-86E3-D4EA225E9602}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{806F3C11-6F75-447F-9EA4-9859453637B9}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
    "{842D10B7-56BC-4674-8C7B-D24A441EF214}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
    "{859DFB5B-59C6-4326-8A24-9E998E493B2A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{878FA855-9F6C-4D4C-8E69-B131AD44D970}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{8A24CA5E-3B10-449B-91D3-32416BD33E1A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{8E360702-6B87-496D-BB4E-AE3604A6A3C2}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
    "{908FF2B6-3B33-4FA5-B098-94FBE5A7CC06}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{967F32C9-97F6-47FF-A414-76A94F4CE9A2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{97AC42F2-6B20-476D-AB4C-EC0EDFEC51C1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{9B7599FB-F4E0-448E-BEDF-704421D71263}" = protocol=6 | dir=out | app=system |
    "{9BFEF536-108C-48C4-8026-DBBDEC0720D9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{AC84C737-74F7-40A2-A95F-444F22E8D166}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{ADEB51D0-037E-40C6-8587-FBE0CE89143D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{AEE035CE-48E7-4BF7-AAB2-8D0C60E4A128}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{BB738745-9D78-430A-9E62-5075B19D0B65}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{BCCF5811-A4DE-4A77-8080-3A273DADC11F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe |
    "{BDC19092-E467-415F-8352-3A93A6BFDCDE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{C24CAA7D-B0D2-4DF5-9794-B48DCE76FC19}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
    "{C86BD42E-B5CE-44A9-93CD-81200AD0C5B0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{C8F9AC86-5F73-4E0D-BE4A-5893C193507E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D71A1ABB-27E6-4741-A917-E51A8F6F9BD5}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
    "{DA2A17CD-A07D-4B79-9298-B60A0F0D7073}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{DB409C55-9F87-40AD-9F89-0E66BBE92147}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{DC4CBBE7-A0AB-4DC7-9AB4-82331F59A1B5}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
    "{DD626133-CB28-44E1-9CEB-1D16CE79C460}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EF65F343-D43C-4301-9FA9-E978136B655F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F42D7B18-C06E-45A0-8C4C-50411AC90857}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{F49EFBEC-39C8-4911-B840-F8889CDC9A86}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
    "{F5D5F710-CCA1-489D-8632-8F261C115F57}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
    "{F66FDC2A-2A8B-4B27-AA5F-55F18FF6CD20}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F76E161C-CC88-4EDA-9B43-B696314B7BF6}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{FD0A5A4E-44D0-4E5C-AEC0-A9C08F0D595E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{FEEBE73C-525D-4077-AC0C-E0156CC559BC}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
    "TCP Query User{0366BE48-9D27-41A8-A514-F6FB3D69932A}C:\users\justin\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\justin\appdata\local\akamai\netsession_win.exe |
    "TCP Query User{0E5F5EC7-BE73-4F2B-9B46-5429D649CD08}C:\kag\kag.exe" = protocol=6 | dir=in | app=c:\kag\kag.exe |
    "TCP Query User{1FF3CA52-1ED9-497D-A343-CBB72F439C42}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
    "TCP Query User{A05E0D30-6898-484B-87AB-711E0F1DB24D}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
    "UDP Query User{13BE7F32-D89A-4FD5-8C60-91E7831ADAB4}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
    "UDP Query User{1C575370-CC05-481D-BF50-1207242AC350}C:\users\justin\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\justin\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{24135335-A016-4826-BCFA-BD81FBE05FAC}C:\kag\kag.exe" = protocol=17 | dir=in | app=c:\kag\kag.exe |
    "UDP Query User{73B215E1-2A1C-4AFD-9540-0EF3A85DDF58}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0C818871-6337-17AC-CA8C-A3942F15D92A}" = AMD Accelerated Video Transcoding
    "{1745a178-4028-460a-902d-d37811a4fb1e}.sdb" = X-Com
    "{353D1262-B2D2-AD87-EB5E-6B1395AF9FAE}" = AMD Catalyst Install Manager
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{54FFD5AC-7350-52B9-FB8F-1A8A6CF1FB5B}" = AMD Media Foundation Decoders
    "{551F4187-F029-4240-DEF9-836B5E43CB29}" = AMD Fuel
    "{5DF57DB1-D971-3DA3-B4BB-F6FC7D73A997}" = AMD Drag and Drop Transcoding
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D6DDB606-CD15-98C7-AA65-6B617EE8CDA5}" = ccc-utility64
    "{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{030C0401-52A9-BE86-D8A7-52C0DA203275}" = CCC Help Swedish
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
    "{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
    "{283153BB-CEE6-EE9C-81E8-4350D73354BA}" = CCC Help Turkish
    "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
    "{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
    "{355FBF6C-31EB-C660-F07A-1CC93975A5CA}" = HydraVision
    "{39445575-7D3A-52AA-152B-7F9423D1AE69}" = CCC Help German
    "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
    "{3C9A3282-9DAE-F492-13F4-6D4D664AC15F}" = CCC Help Spanish
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
    "{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
    "{5236FA8C-4B70-E30E-93EF-F7D3A5E468C7}" = CCC Help Greek
    "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "{586F0E27-0BC5-34DE-AA0B-96D14397910E}" = CCC Help Russian
    "{5AF7EA0B-F009-CC00-E446-C2286AF80471}" = CCC Help Czech
    "{5FC116F2-4508-A6FC-15FB-C64F05AB0F26}" = CCC Help Chinese Traditional
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
    "{685ACA56-004C-4F80-2BC0-951BF278C03F}" = CCC Help Chinese Standard
    "{6D1AFFC2-AC60-BC3B-2DC9-0D80A1E9CB16}" = CCC Help Thai
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{79CFDE3C-4602-85B2-ACF6-83D897B8B33A}" = CCC Help Korean
    "{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
    "{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
    "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{8972B1C8-B899-0AA0-8596-BFC9AE3311F1}" = CCC Help Finnish
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
    "{92BE4E1B-AEFD-DA72-B805-948290A4BB13}" = CCC Help Hungarian
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{9526B61A-1C35-96D1-531B-C8DB1D36C336}" = CCC Help Danish
    "{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
    "{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A295F81-04C8-FB18-2D1C-A33AA8A442CA}" = CCC Help French
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
    "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B3C8C8EF-77E0-1C0D-1CFA-A39E2E898311}" = CCC Help Italian
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B5AD9952-F716-9862-7ED7-734E0328CF7C}" = AMD VISION Engine Control Center
    "{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C0E69600-E8D1-784D-829C-788D91D65051}" = CCC Help Polish
    "{C37B1C57-DD9B-D1E0-B933-8EA8D56E2222}" = CCC Help Norwegian
    "{CA3A3F20-566B-ABB1-A541-3D93C0D09EE5}" = CCC Help Japanese
    "{D4C4485B-16EB-31A8-C2DE-D778E8E4628B}" = Catalyst Control Center Localization All
    "{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
    "{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility
    "{DAF650C8-AFE5-3460-E1C4-B9716D2DA5D2}" = Catalyst Control Center InstallProxy
    "{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
    "{E0C6F271-FE15-B2D5-FF42-BCA40700DC51}" = CCC Help English
    "{E1D0A4DC-97BD-CE37-3E89-87D3337E55CA}" = CCC Help Dutch
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E6FA341F-8840-6B18-5BCE-C7CCEBDFE516}" = Catalyst Control Center Graphics Previews Common
    "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
    "{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
    "{ED15763E-A6ED-56D2-B0B5-C7D22D4CE248}" = CCC Help Portuguese
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Akamai" = Akamai NetSession Interface Service
    "avast" = avast! Free Antivirus
    "BandiMPEG1" = Bandisoft MPEG-1 Decoder
    "Company of Heroes" = Company of Heroes
    "conduitEngine" = Conduit Engine
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Google Chrome" = Google Chrome
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "King Arthur's Gold (Alpha)_is1" = KAG 0.95A
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Mount&Blade Warband" = Mount&Blade Warband
    "StarCraft II" = StarCraft II
    "Steam App 280" = Half-Life: Source
    "Steam App 4920" = Natural Selection 2
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.20 (32-bit)
    "World of Warcraft" = World of Warcraft

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-342600129-2650440487-3029507804-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Akamai" = Akamai NetSession Interface

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 6/14/2012 1:08:51 PM | Computer Name = Justin-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 6/14/2012 1:13:11 PM | Computer Name = Justin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
    Description = The performance strings in the Performance registry value is corrupted
    when process Performance extension counter provider. The BaseIndex value from the
    Performance registry is the first DWORD in the Data section, LastCounter value
    is the second DWORD in the Data section, and LastHelp value is the third DWORD in
    the Data section.

    Error - 6/14/2012 1:13:11 PM | Computer Name = Justin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
    Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
    failed. The first DWORD in the Data section contains the error code.

    Error - 6/14/2012 3:18:26 PM | Computer Name = Justin-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 6/14/2012 3:20:54 PM | Computer Name = Justin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
    Description = The performance strings in the Performance registry value is corrupted
    when process Performance extension counter provider. The BaseIndex value from the
    Performance registry is the first DWORD in the Data section, LastCounter value
    is the second DWORD in the Data section, and LastHelp value is the third DWORD in
    the Data section.

    Error - 6/14/2012 3:20:54 PM | Computer Name = Justin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
    Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
    failed. The first DWORD in the Data section contains the error code.

    Error - 6/14/2012 3:48:31 PM | Computer Name = Justin-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 6/14/2012 3:52:02 PM | Computer Name = Justin-PC | Source = VSS | ID = 18
    Description =

    Error - 6/14/2012 3:52:02 PM | Computer Name = Justin-PC | Source = VSS | ID = 8193
    Description =

    Error - 6/14/2012 3:52:02 PM | Computer Name = Justin-PC | Source = System Restore | ID = 8193
    Description =

    [ System Events ]
    Error - 6/16/2012 7:47:00 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SASDIFSV SASKUTIL

    Error - 6/16/2012 7:47:04 PM | Computer Name = Justin-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 6/16/2012 7:47:05 PM | Computer Name = Justin-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 6/16/2012 7:47:08 PM | Computer Name = Justin-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 6/16/2012 8:08:32 PM | Computer Name = Justin-PC | Source = DCOM | ID = 10010
    Description =

    Error - 6/16/2012 8:09:29 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SASDIFSV SASKUTIL

    Error - 6/16/2012 8:33:56 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
    Error Reporting Service service to connect.

    Error - 6/16/2012 8:34:26 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
    Error Reporting Service service to connect.

    Error - 6/16/2012 8:39:58 PM | Computer Name = Justin-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 8:38:24 PM on ?6/?16/?2012 was unexpected.

    Error - 6/16/2012 8:40:07 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SASDIFSV SASKUTIL


    < End of report >
     
  16. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    You didn't say:
    [​IMG]

    =============================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
      DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
      IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.
      O2 - BHO: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2011/12/27 01:49:11 | 000,000,224 | -H-- | C] () -- C:\ProgramData\~5udwrCj7Ny6dnCr
      [2011/12/27 01:49:10 | 000,000,312 | -H-- | C] () -- C:\ProgramData\~5udwrCj7Ny6dnC
      [2011/12/27 01:49:07 | 000,000,456 | -H-- | C] () -- C:\ProgramData\5udwrCj7Ny6dnC
      [2011/12/23 03:06:45 | 000,012,238 | -HS- | C] () -- C:\Users\Justin\AppData\Local\125513a6u583a638v131u6gte1t8
      [2011/12/17 20:27:51 | 000,012,650 | -HS- | C] () -- C:\Users\Justin\AppData\Local\63770g56ne81shr88ulk37k8lq5j6
      [2011/12/17 20:27:51 | 000,012,650 | -HS- | C] () -- C:\ProgramData\63770g56ne81shr88ulk37k8lq5j6
      [C:\Windows\system64] -> \systemroot\system32 -> Mount Point
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  17. Pershh

    Pershh TS Rookie Topic Starter

    After doing searches for a bit, the redirect problem seems to have disappeared. I have not noticed any of the symptoms I first mentioned upon creation of this thread. I've followed the above steps as requested and the logs are as follows. (No log produced from eset). The only concern I have is what should I do with the MBR.dat folder you advised I did not delete from my desktop?

    All processes killed
    ========== OTL ==========
    Service SASKUTIL stopped successfully!
    Service SASKUTIL deleted successfully!
    File C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS not found.
    Service SASDIFSV stopped successfully!
    Service SASDIFSV deleted successfully!
    File C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
    C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\ProgramData\~5udwrCj7Ny6dnCr moved successfully.
    C:\ProgramData\~5udwrCj7Ny6dnC moved successfully.
    C:\ProgramData\5udwrCj7Ny6dnC moved successfully.
    C:\Users\Justin\AppData\Local\125513a6u583a638v131u6gte1t8 moved successfully.
    C:\Users\Justin\AppData\Local\63770g56ne81shr88ulk37k8lq5j6 moved successfully.
    C:\ProgramData\63770g56ne81shr88ulk37k8lq5j6 moved successfully.
    Mount Point C:\Windows\system64 removed successfully!
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56468 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Justin
    ->Temp folder emptied: 1739902 bytes
    ->Temporary Internet Files folder emptied: 378817 bytes
    ->Java cache emptied: 259599050 bytes
    ->Google Chrome cache emptied: 13312081 bytes
    ->Flash cache emptied: 8215621 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 200704 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 24576 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 7158 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36097156 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 305.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Justin
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Justin
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.49.0 log created on 06162012_231533

    Files\Folders moved on Reboot...
    C:\Users\Justin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...






    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    avast! Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Adobe Reader X (10.1.2)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    ``````````End of Log````````````






    Farbar Service Scanner Version: 09-06-2012
    Ran by Justin (administrator) on 16-06-2012 at 23:24:47
    Running from "C:\Users\Justin\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll
    [2012-06-13 11:32] - [2012-04-24 01:37] - 0184320 ____A (Microsoft Corporation) 4F5414602E2544A4554D95517948B705

    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  18. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    At this point you can delete MBR.dat file.

    We still need Eset scan.
     
  19. Pershh

    Pershh TS Rookie Topic Starter

    I performed the eset scan as requested but no log was produced. I apologize if I did not mention it in my previous post.
     
  20. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  21. Pershh

    Pershh TS Rookie Topic Starter

    Here is the log from step 1. (I decided to post it before finishing step 2 to avoid the chance of it being deleted.) And I will now be going over the rest of the steps.


    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Justin
    ->Temp folder emptied: 164776 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 10206802 bytes
    ->Flash cache emptied: 587 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 512 bytes

    Total Files Cleaned = 10.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Justin
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Justin
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.49.0 log created on 06172012_005957

    Files\Folders moved on Reboot...
    C:\Users\Justin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...
     
  22. Pershh

    Pershh TS Rookie Topic Starter

    And as a followup to my previous post I have downloaded all suggested applications. After being used to having this virus for so long, I can say I am amazed just how fast searching on google is now, and just about everything else seems to be faster. The redirect problem seems to be completely gone, and I have yet to notice any of the pop-ups or "leave this page?" requests. I can say that I greatly appreciate the time you've spent helping me with my problem, and that you continue to have this same success with everyone else.

    If possible, could I request this thread be left open for another day or two incase any questions or problems arise?
     
  23. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Sure thing :)

    Way to go!! [​IMG]
    Good luck and stay safe :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...