TechSpot

Major infection with sirefef.Y, sirefef.B, and necurs.A help if can

By Maddogg
Jul 4, 2012
  1. Will post mbam log both dds logs and gmer in replys
     
  2. Maddogg

    Maddogg TS Rookie Topic Starter Posts: 23

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.07.04.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Maddogg :: MADDOGG-PC [administrator]

    Protection: Disabled

    7/4/2012 11:52:44 AM
    mbam-log-2012-07-04 (11-52-44).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 272385
    Time elapsed: 8 minute(s), 9 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 1
    HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: () Good: (regedit.exe "%1") -> Delete on reboot.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\Users\Maddogg\AppData\Local\Temp\cis46BFa.exe (Trojan.Happili) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{ab474432-8c08-3d67-4496-6617cc4c8684}\n (Trojan.Sirefef) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{ab474432-8c08-3d67-4496-6617cc4c8684}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

    (end)
     
  3. Maddogg

    Maddogg TS Rookie Topic Starter Posts: 23

    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
    Run by Maddogg at 12:32:12 on 2012-07-04
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16354.14530 [GMT -7:00]
    .
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\IProsetMonitor.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
    C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
    C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
    C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCHelper.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://yahoo.com/?ilc=10&fr=ydwnld-home
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: Splashtop Connect SearchHook: {0f3dc9e0-c459-4a40-bcf8-747bd9322e10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll
    uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
    mURLSearchHooks: Splashtop Connect SearchHook: {0f3dc9e0-c459-4a40-bcf8-747bd9322e10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll
    mURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
    BHO: Splashtop Connect VisualBookmark: {0e5680d1-bf44-4929-94af-fd30d784ad1d} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
    uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe" -bootmode
    uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    uRun: [PlayNC Launcher]
    uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
    uRun: [GNU] Rundll32.exe C:\Users\Maddogg\AppData\Local\GNU\vueuiaof.dll,UnPack_CRC
    mRun: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\LU5.exe /reminder
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
    mRun: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
    mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
    mRun: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SETPOI~1.LNK - C:\Program Files (x86)\Logitech\SetPoint II\SetPointII.exe
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
    TCP: DhcpNameServer = 10.0.1.1
    TCP: Interfaces\{608EF4BA-4FF9-4B89-B743-3A635C503453} : DhcpNameServer = 10.0.1.1
    TCP: Interfaces\{6912C265-4FB8-4262-9F9A-3CC72B1D5B46} : DhcpNameServer = 10.0.1.1
    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
    BHO-X64: 0x1 - No File
    BHO-X64: Splashtop Connect VisualBookmark: {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
    mRun-x64: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\LU5.exe /reminder
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
    mRun-x64: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
    mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
    mRun-x64: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Maddogg\AppData\Roaming\Mozilla\Firefox\Profiles\pltqbs6r.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.wowhead.com/
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-6-26 913792]
    R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-1-14 1839616]
    R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
    R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
    R2 MSI_SuperCharger;MSI_SuperCharger;C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [2012-3-5 138768]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-6-29 2348352]
    R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?]
    R2 SCBackService;Splashtop Connect Service;C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
    R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
    R2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-3-23 493384]
    R2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-3-22 497480]
    R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
    R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
    R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
    R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?]
    R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
    R3 LVUVC64;Logitech Webcam 120(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
    R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [2012-3-3 33592]
    R3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2012-3-5 14136]
    R3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2012-3-3 14136]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-4 654408]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-3-3 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-3-3 79360]
    S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2012-3-7 79360]
    S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
    S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
    S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
    S3 e1qexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver Q;C:\Windows\system32\DRIVERS\e1q62x64.sys --> C:\Windows\system32\DRIVERS\e1q62x64.sys [?]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]
    S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]
    S3 MSILiveVirtualCamera;MSI Live Virtual Camera;C:\Windows\system32\DRIVERS\MSILiveVirtualCamera.sys --> C:\Windows\system32\DRIVERS\MSILiveVirtualCamera.sys [?]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 NTIOLib_1_0_1;NTIOLib_1_0_1;C:\Program Files (x86)\MSI\ControlCenter\NTIOLib_X64.sys [2012-3-3 14136]
    S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-07-04 19:05:06 328704 ----a-w- C:\Windows\System32\services.exe.F4712C8F15D6535F
    2012-07-04 18:30:53 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-07-04 18:23:27 328704 ----a-w- C:\Windows\System32\services.exe.E4EB0CC719A32B16
    2012-07-04 18:20:29 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4998D024-F7D5-46F7-9288-EDE69ABD7B1C}\gapaengine.dll
    2012-07-04 18:20:06 9013136 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{04D2F8FB-05ED-4F21-8289-692A990FD431}\mpengine.dll
    2012-07-04 18:07:37 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2012-07-04 18:07:36 -------- d-----w- C:\Program Files\Microsoft Security Client
    2012-07-04 04:02:23 -------- d-----w- C:\Windows\System32\MpEngineStore
    2012-07-03 23:03:15 -------- d-----w- C:\ProgramData\Tarma Installer
    2012-07-03 06:42:33 -------- d-----w- C:\Program Files\ESET
    2012-07-03 06:05:15 -------- d-----w- C:\Users\Maddogg\AppData\Local\Macromedia
    2012-07-03 05:53:52 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-03 03:54:57 -------- d-----w- C:\Users\Maddogg\AppData\Local\GNU
    2012-07-03 00:37:43 -------- d-----w- C:\ProgramData\Comodo
    2012-07-03 00:25:04 -------- d-----w- C:\ProgramData\CPA_VA
    2012-07-03 00:21:17 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2012-07-03 00:21:17 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
    2012-07-03 00:21:17 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
    2012-06-29 20:21:57 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
    2012-06-29 20:21:57 63296 ----a-w- C:\Windows\System32\nvshext.dll
    2012-06-29 20:21:57 6074176 ----a-w- C:\Windows\System32\nvcpl.dll
    2012-06-29 20:21:57 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll
    2012-06-29 20:21:57 2515790 ----a-w- C:\Windows\System32\nvcoproc.bin
    2012-06-29 20:21:57 118080 ----a-w- C:\Windows\System32\nvmctray.dll
    2012-06-29 20:21:43 -------- d-----w- C:\ProgramData\NVIDIA Corporation
    2012-06-29 19:07:33 24448 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
    2012-06-29 11:10:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-27 16:25:56 -------- d-----w- C:\Splashtop
    2012-06-27 00:31:18 -------- d-----w- C:\ProgramData\IObit
    2012-06-27 00:31:11 -------- d-----w- C:\Users\Maddogg\AppData\Roaming\IObit
    2012-06-27 00:31:09 -------- d-----w- C:\Program Files (x86)\IObit
    2012-06-27 00:12:34 -------- d-----w- C:\Users\Maddogg\AppData\Roaming\FixCleaner
    2012-06-27 00:12:34 -------- d-----w- C:\Program Files (x86)\FixCleaner
    2012-06-26 23:51:23 -------- d-----w- C:\Users\Maddogg\AppData\Roaming\LockHunter
    2012-06-26 23:50:42 -------- d-----w- C:\Program Files\LockHunter
    2012-06-21 05:02:14 -------- d--h--w- C:\ProgramData\Common Files
    2012-06-19 08:44:32 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-19 08:44:20 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-19 08:44:11 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-19 08:44:11 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-14 19:05:22 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2012-06-14 19:05:22 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2012-06-14 19:05:22 1139200 ----a-w- C:\Windows\System32\FntCache.dll
    2012-06-12 19:44:47 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-06-08 04:26:24 -------- d-sh--w- C:\Windows\System32\%APPDATA%
    2012-06-07 05:49:44 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-07 05:49:44 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
    .
    ==================== Find3M ====================
    .
    2012-07-03 05:53:52 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
    2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
    .
    ============= FINISH: 12:32:35.75 ===============
     
  4. Maddogg

    Maddogg TS Rookie Topic Starter Posts: 23

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/3/2012 2:24:05 AM
    System Uptime: 7/4/2012 12:07:33 PM (0 hours ago)
    .
    Motherboard: MSI | | P67A-G45 (MS-7673)
    Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz | SOCKET 0 | 3292/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 931 GiB total, 704.073 GiB free.
    D: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Universal Serial Bus (USB) Controller
    Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_76731462&REV_04\4&3083804C&0&00E5
    Manufacturer:
    Name: Universal Serial Bus (USB) Controller
    PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_76731462&REV_04\4&3083804C&0&00E5
    Service:
    .
    Class GUID:
    Description: Universal Serial Bus (USB) Controller
    Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_76731462&REV_04\4&C8D7F41&0&00E3
    Manufacturer:
    Name: Universal Serial Bus (USB) Controller
    PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_76731462&REV_04\4&C8D7F41&0&00E3
    Service:
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Intel(R) Gigabit CT Desktop Adapter
    Device ID: PCI\VEN_8086&DEV_10D3&SUBSYS_A01F8086&REV_00\4&1C24DFA1&0&00E2
    Manufacturer: Intel
    Name: Intel(R) Gigabit CT Desktop Adapter
    PNP Device ID: PCI\VEN_8086&DEV_10D3&SUBSYS_A01F8086&REV_00\4&1C24DFA1&0&00E2
    Service: e1qexpress
    .
    ==== System Restore Points ===================
    .
    RP56: 6/29/2012 12:59:28 PM - Device Driver Package Install: NVIDIA Display adapters
    RP57: 6/29/2012 1:00:32 PM - Device Driver Package Install: NVIDIA Universal Serial Bus controllers
    RP58: 6/29/2012 1:01:14 PM - Device Driver Package Install: NVIDIA Corporation Sound, video and game controllers
    RP59: 6/29/2012 1:07:23 PM - Device Driver Package Install: NVIDIA Display adapters
    RP60: 6/29/2012 1:08:44 PM - Device Driver Package Install: NVIDIA Universal Serial Bus controllers
    RP61: 6/29/2012 1:09:03 PM - Device Driver Package Install: NVIDIA Corporation Sound, video and game controllers
    RP67: 7/3/2012 12:07:27 AM - Installed ESET Smart Security
    RP68: 7/3/2012 8:06:47 PM - Installed ESET Smart Security
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe Flash Player 11 Plugin
    Adobe Reader 9
    Advanced SystemCare 5
    Aion
    Apple Application Support
    Apple Software Update
    AudioGenie
    Chicken Shake Game
    ControlCenter
    Creative 3DMIDI Player
    Creative Audio Control Panel
    Creative Diagnostics
    Creative Media Toolbox 6
    Creative Media Toolbox 6 (Shared Components)
    Creative MediaSource 5
    Creative Software AutoUpdate
    Creative Sound Blaster Properties x64 Edition
    Creative System Information
    Creative WaveStudio 7
    Diablo III
    Dolby Digital Live Pack
    DTS Connect Pack
    EasyViewer
    erLT
    eSobi v2
    FINAL FANTASY XIV
    Firebird SQL Server - MAGIX Edition
    FormatFactory 2.90
    Java Auto Updater
    Java(TM) 6 Update 31
    Liveupdate5
    Logitech Vid
    MAGIX Video easy SE
    Malwarebytes Anti-Malware version 1.61.0.1400
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 13.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSI Afterburner 2.1.0
    MSI VideoGenie Application
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    mufin player 2.0
    NCsoft Launcher
    NVIDIA 3D Vision Controller Driver
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    OpenAL
    Pando Media Booster
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Sound Blaster X-Fi
    Splashtop Connect for Firefox
    Splashtop Connect IE
    Star Mission Game
    StarCraft II
    Super-Charger
    TeamingGenie
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    VLC media player 2.0.1
    Windows Media Player Firefox Plugin
    World of Warcraft
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/4/2012 12:09:56 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: A device attached to the system is not functioning.
    7/4/2012 12:09:56 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: A device attached to the system is not functioning.
    7/4/2012 12:08:56 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    7/4/2012 12:08:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
    7/4/2012 12:08:56 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    7/4/2012 12:08:56 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/4/2012 12:08:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.
    7/4/2012 12:07:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter
    7/4/2012 12:07:53 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
    7/4/2012 12:07:52 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    7/4/2012 12:07:52 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    7/4/2012 12:07:52 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    7/4/2012 12:07:52 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    7/4/2012 12:05:06 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.991.0, AS: 1.129.991.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
    7/4/2012 12:04:17 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    7/4/2012 12:04:17 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    7/4/2012 12:04:17 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    7/4/2012 12:04:17 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    7/4/2012 11:25:22 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    7/4/2012 11:25:22 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    7/4/2012 11:25:22 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    7/4/2012 11:25:22 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    7/4/2012 11:23:27 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:500 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.991.0, AS: 1.129.991.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
    7/4/2012 11:21:18 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.991.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    7/4/2012 11:21:18 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.991.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    7/4/2012 11:21:18 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.991.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    7/4/2012 11:21:18 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.991.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    7/4/2012 11:21:18 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.991.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    7/4/2012 11:20:08 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    7/4/2012 11:20:08 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    7/4/2012 11:20:08 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    7/4/2012 11:20:08 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    7/4/2012 11:08:40 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    7/4/2012 11:07:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    7/3/2012 9:15:20 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    7/3/2012 8:14:10 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    7/3/2012 8:14:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    7/3/2012 8:14:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    7/3/2012 8:14:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    7/3/2012 8:14:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    7/3/2012 8:14:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
    7/3/2012 8:13:58 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    7/3/2012 8:13:56 PM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
    7/3/2012 8:09:28 PM, Error: Service Control Manager [7000] - The ehdrv service failed to start due to the following error: A device attached to the system is not functioning.
    7/3/2012 8:09:22 PM, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    7/3/2012 3:53:50 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
    7/3/2012 3:52:08 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
    7/3/2012 12:07:43 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy12.
    7/2/2012 8:21:58 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    7/2/2012 5:23:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cmdGuard cmdHlp inspect
    7/2/2012 5:22:46 PM, Error: Service Control Manager [7000] - The COMODO Internet Security Sandbox Driver service failed to start due to the following error: A device attached to the system is not functioning.
    7/2/2012 5:22:46 PM, Error: Service Control Manager [7000] - The COMODO Internet Security Firewall Driver service failed to start due to the following error: A device attached to the system is not functioning.
    7/2/2012 5:22:40 PM, Error: volsnap [3] - The shadow copy of volume C: could not lock down the location of the shadow copy storage on volume C:.
    7/2/2012 5:22:04 PM, Error: Service Control Manager [7030] - The COMODO Internet Security Helper Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    7/2/2012 10:52:14 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    7/2/2012 10:52:14 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    6/29/2012 4:11:47 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    6/29/2012 4:10:01 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    6/29/2012 4:09:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    6/29/2012 4:09:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    6/29/2012 4:09:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
    6/29/2012 4:09:47 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx Wanarpv6 WfpLwf
    6/29/2012 4:09:46 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/29/2012 4:09:46 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    6/29/2012 4:09:46 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    6/29/2012 4:09:46 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    6/29/2012 4:09:46 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    6/29/2012 4:09:46 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    6/29/2012 4:09:46 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/29/2012 4:09:46 AM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    6/29/2012 4:09:46 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    6/29/2012 4:09:46 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    6/29/2012 12:34:37 PM, Error: Service Control Manager [7023] - The Software Protection service terminated with the following error: Access is denied.
    6/29/2012 1:24:01 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    6/29/2012 1:24:01 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    6/29/2012 1:24:01 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    6/29/2012 1:09:22 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy9.
    6/29/2012 1:08:59 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy8.
    .
    ==== End Of File ===========================
     
  5. Maddogg

    Maddogg TS Rookie Topic Starter Posts: 23

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-07-04 12:31:59
    Windows 6.1.7601 Service Pack 1
    Running: tb4e8lo7.exe


    ---- Services - GMER 1.0.15 ----

    Service C:\SystemRoot\System32\Drivers\b899466d12fa1d37.sys (*** hidden *** ) [BOOT] b899466d12fa1d37 <-- ROOTKIT !!!

    ---- EOF - GMER 1.0.15 ----
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  7. Maddogg

    Maddogg TS Rookie Topic Starter Posts: 23

    Scan result of Farbar Recovery Scan Tool Version: 04-07-2012 01
    Ran by SYSTEM at 04-07-2012 21:40:46
    Running from F:\
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
    HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\LU5.exe /reminder [1261568 2011-03-22] ()
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-12] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [776064 2011-02-14] (Splashtop Inc.)
    HKLM-x32\...\Run: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [841544 2010-11-15] (Splashtop Inc.)
    HKLM-x32\...\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide [2793304 2009-10-14] ()
    HKLM-x32\...\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [502288 2012-01-03] (MSI)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
    HKU\Maddogg\...\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe" -bootmode [5458704 2009-07-16] (Logitech Inc.)
    HKU\Maddogg\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet [6591800 2012-02-22] (Yahoo! Inc.)
    HKU\Maddogg\...\Run: [PlayNC Launcher] [x]
    HKU\Maddogg\...\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [288128 2012-05-28] (IObit)
    HKU\Maddogg\...\Run: [GNU] Rundll32.exe C:\Users\Maddogg\AppData\Local\GNU\vueuiaof.dll,UnPack_CRC [339968 2012-02-13] (Creative Technology Ltd.)
    Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
    AppInit_DLLs:
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\SetPointII.lnk
    ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)

    ==================== Services (Whitelisted) ======

    2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [913792 2012-05-26] (IObit)
    3 Creative Media Toolbox 6 Licensing Service; "C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe" [79360 2012-03-06] (Creative Labs)
    3 FirebirdServerMAGIXInstance; "C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe" [3276800 2008-08-07] (MAGIX®)
    2 LVPrcS64; "C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe" [191000 2009-10-07] (Logitech Inc.)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
    2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [138768 2012-01-03] (MSI)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    2 SCBackService; C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [477000 2010-11-15] (Splashtop Inc.)
    2 WCUService_STC_FF; C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [493384 2011-03-23] (Splashtop Inc.)

    ========================== Drivers (Whitelisted) =============

    0 b899466d12fa1d37; C:\Windows\System32\Drivers\b899466d12fa1d37.sys [74176 2012-06-20] ()
    3 ha20x22k; C:\Windows\System32\Drivers\ha20x22k.sys [1612888 2010-07-07] (Creative Technology Ltd)
    3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30232 2009-10-07] ()
    3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
    3 MSILiveVirtualCamera; C:\Windows\System32\Drivers\MSILiveVirtualCamera.sys [456192 2007-01-29] (MSI Corporation)
    3 MSI_MSIBIOS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [33592 2010-05-10] (Your Corporation)
    3 NTIOLib_1_0_1; \??\C:\Program Files (x86)\MSI\ControlCenter\NTIOLib_X64.sys [14136 2009-10-06] (MSI)
    3 NTIOLib_1_0_3; \??\C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
    3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
    2 RtNdPt60; C:\Windows\System32\Drivers\RtNdPt60.sys [27136 2009-07-20] (Realtek )
    3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [50720 2010-04-10] (Realtek Corporation)
    2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [16120 2010-11-29] (Intel(R) Corporation)
    3 MSICDSetup; \??\D:\CDriver64.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-04 21:21 - 2012-07-04 21:21 - 00000000 ____D C:\FRST
    2012-07-04 20:06 - 2012-07-04 20:06 - 00001908 ____A C:\Windows\diagwrn.xml
    2012-07-04 20:06 - 2012-07-04 20:06 - 00001908 ____A C:\Windows\diagerr.xml
    2012-07-04 19:59 - 2012-07-04 19:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D2F77AC380FF074E
    2012-07-04 19:54 - 2012-07-04 19:54 - 01431033 ____A C:\Users\Maddogg\Downloads\FRST64.exe
    2012-07-04 11:34 - 2012-07-04 11:36 - 00029291 ____A C:\Users\Maddogg\Desktop\DDS.Attach.txt
    2012-07-04 11:34 - 2012-07-04 11:34 - 00022887 ____A C:\Users\Maddogg\Desktop\DDS.txt
    2012-07-04 11:31 - 2012-07-04 11:31 - 00000332 ____A C:\Users\Maddogg\Desktop\GMER.log
    2012-07-04 11:22 - 2012-07-04 11:22 - 00002578 ____A C:\Users\Maddogg\Documents\gmer.txt
    2012-07-04 11:21 - 2012-07-04 11:21 - 00607260 ____R (Swearware) C:\Users\Maddogg\Desktop\dds.scr
    2012-07-04 11:05 - 2012-07-04 11:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F4712C8F15D6535F
    2012-07-04 10:30 - 2012-07-04 10:30 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-04 10:30 - 2012-04-04 14:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-04 10:23 - 2012-07-04 10:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E4EB0CC719A32B16
    2012-07-04 10:07 - 2012-07-04 10:07 - 00743230 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-04 10:07 - 2012-07-04 10:07 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-07-04 10:07 - 2012-07-04 10:07 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-07-04 10:07 - 2012-07-04 10:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-07-04 09:42 - 2012-07-04 09:42 - 00302592 ____A C:\Users\Maddogg\Desktop\tb4e8lo7.exe
    2012-07-04 08:41 - 2012-07-04 08:42 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Maddogg\Downloads\mbam-setup-1.61.0.1400.exe
    2012-07-04 08:39 - 2012-07-04 08:40 - 12621696 ____A (Microsoft Corporation) C:\Users\Maddogg\Downloads\mseinstall.exe
    2012-07-04 00:57 - 2012-07-04 00:57 - 01012656 ____A C:\Users\Maddogg\Downloads\rkill.scr
    2012-07-04 00:57 - 2012-07-04 00:57 - 01012656 ____A C:\Users\Maddogg\Downloads\rkill.exe
    2012-07-04 00:56 - 2012-07-04 00:57 - 01012656 ____A C:\Users\Maddogg\Downloads\rkill.com
    2012-07-03 22:12 - 2012-07-04 10:08 - 00003220 ____A C:\Windows\WindowsUpdate.log
    2012-07-03 20:02 - 2012-07-03 20:05 - 00000000 ____D C:\Windows\System32\MpEngineStore
    2012-07-03 18:35 - 2012-07-03 19:04 - 00000361 ____A C:\rkill.log
    2012-07-03 17:21 - 2012-07-03 17:21 - 00024462 ____A C:\Users\Maddogg\Documents\moo.txt
    2012-07-03 16:07 - 2012-07-03 16:07 - 01374624 ____A (ESET) C:\Users\Maddogg\Downloads\eset_smart_security_live_installer(1).exe
    2012-07-03 15:21 - 2012-07-03 15:32 - 3992417126 ____A C:\Program Files (x86)\Diablo III.zip
    2012-07-02 22:55 - 2012-07-02 23:03 - 62664192 ____A C:\Users\Maddogg\Downloads\ess_nt64_enu.msi
    2012-07-02 22:42 - 2012-07-02 22:42 - 00000000 ____D C:\Users\All Users\ESET
    2012-07-02 22:42 - 2012-07-02 22:42 - 00000000 ____D C:\Program Files\ESET
    2012-07-02 22:05 - 2012-07-02 22:05 - 00000000 ____D C:\Users\Maddogg\AppData\Local\Macromedia
    2012-07-02 21:53 - 2012-07-02 21:53 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-02 21:52 - 2012-07-04 20:23 - 00007764 ____A C:\Windows\PFRO.log
    2012-07-02 21:52 - 2012-07-04 20:23 - 00000779 ____A C:\Windows\setupact.log
    2012-07-02 21:52 - 2012-07-04 20:06 - 00000000 ____A C:\Windows\setuperr.log
    2012-07-02 21:21 - 2012-07-02 21:21 - 51138560 ____A C:\Windows\System32\config\SOFTWARE.iobit
    2012-07-02 21:21 - 2012-07-02 21:21 - 20426752 ____A C:\Windows\System32\config\SYSTEM.iobit
    2012-07-02 21:21 - 2012-07-02 21:21 - 00212992 ____A C:\Windows\System32\config\DEFAULT.iobit
    2012-07-02 21:21 - 2012-07-02 21:21 - 00028672 ____A C:\Windows\System32\config\SECURITY.iobit
    2012-07-02 21:21 - 2012-07-02 21:21 - 00028672 ____A C:\Windows\System32\config\SAM.iobit
    2012-07-02 19:54 - 2012-07-02 19:54 - 00000000 ____D C:\Users\Maddogg\AppData\Local\GNU
    2012-07-02 16:37 - 2012-07-02 16:37 - 00000000 ____D C:\Users\All Users\Comodo
    2012-07-02 16:25 - 2012-07-02 16:25 - 00000000 ____D C:\Users\All Users\CPA_VA
    2012-07-02 16:21 - 2012-07-02 16:21 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
    2012-07-02 16:21 - 2012-07-02 16:21 - 01060864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
    2012-07-02 16:21 - 2012-07-02 16:21 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
    2012-06-29 12:22 - 2012-07-04 20:23 - 00000000 ____D C:\Users\All Users\NVIDIA
    2012-06-29 12:22 - 2012-07-03 20:11 - 00000000 ____D C:\users\UpdatusUser.Maddogg-PC
    2012-06-29 12:22 - 2012-06-29 12:22 - 00000020 ___SH C:\Users\UpdatusUser.Maddogg-PC\ntuser.ini
    2012-06-29 12:21 - 2012-06-29 12:21 - 00000000 ____D C:\Users\All Users\NVIDIA Corporation
    2012-06-29 12:21 - 2012-02-29 13:00 - 06074176 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
    2012-06-29 12:21 - 2012-02-29 13:00 - 03089728 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
    2012-06-29 12:21 - 2012-02-29 12:59 - 02515790 ____A C:\Windows\System32\nvcoproc.bin
    2012-06-29 12:21 - 2012-02-29 12:59 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    2012-06-29 12:21 - 2012-02-29 12:59 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
    2012-06-29 12:21 - 2012-02-29 12:59 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
    2012-06-29 12:08 - 2012-06-29 12:08 - 00000020 __ASH C:\Users\UpdatusUser\ntuser.ini
    2012-06-29 11:07 - 2012-05-24 09:47 - 00024448 ____A (IObit) C:\Windows\System32\RegistryDefragBootTime.exe
    2012-06-29 04:15 - 2012-06-29 04:33 - 176526512 ____A (NVIDIA Corporation) C:\Users\Maddogg\Downloads\304.48-desktop-win7-winvista-64bit-english-beta.exe
    2012-06-29 03:10 - 2012-07-04 10:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-27 08:25 - 2012-06-27 08:25 - 00000000 ____D C:\Splashtop
    2012-06-26 16:31 - 2012-06-26 16:31 - 00001221 ____A C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
    2012-06-26 16:31 - 2012-06-26 16:31 - 00000000 ____D C:\Users\Maddogg\AppData\Roaming\IObit
    2012-06-26 16:31 - 2012-06-26 16:31 - 00000000 ____D C:\Users\All Users\IObit
    2012-06-26 16:31 - 2012-06-26 16:31 - 00000000 ____D C:\Program Files (x86)\IObit
    2012-06-26 16:12 - 2012-06-26 16:17 - 00000000 ____D C:\Program Files (x86)\FixCleaner
    2012-06-26 16:12 - 2012-06-26 16:14 - 00000000 ____D C:\Users\Maddogg\AppData\Roaming\FixCleaner
    2012-06-26 16:12 - 2012-06-26 16:12 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
    2012-06-26 16:11 - 2012-07-02 19:21 - 00007647 ____A C:\Users\Maddogg\AppData\Local\Resmon.ResmonCfg
    2012-06-26 15:51 - 2012-06-26 15:51 - 00000000 ____D C:\Users\Maddogg\AppData\Roaming\LockHunter
    2012-06-26 15:50 - 2012-07-02 21:49 - 00000000 ____D C:\Program Files\LockHunter
    2012-06-21 08:59 - 2012-06-21 08:59 - 00018617 ____A C:\Users\Maddogg\Downloads\Men_In_Black_3_2012_HD_TS_Rip_XVID_mp3_...AmirFarooqi.torrent
    2012-06-20 13:02 - 2012-06-20 13:02 - 00081591 ____A C:\Users\Maddogg\Downloads\Men in Black 3.torrent
    2012-06-20 01:48 - 2012-06-20 01:48 - 00074176 ____A C:\Windows\System32\Drivers\b899466d12fa1d37.sys
    2012-06-19 00:44 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-19 00:44 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-19 00:44 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-19 00:44 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-19 00:44 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-19 00:44 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-19 00:44 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-19 00:44 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-19 00:44 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-18 19:15 - 2012-06-18 19:15 - 00016433 ____A C:\Users\Maddogg\Downloads\21_Jump_Street_(2012)_1080p_BrRip_x264_-_1.5GB_-_YIFY.torrent
    2012-06-14 11:05 - 2011-02-19 04:05 - 01139200 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
    2012-06-14 11:05 - 2011-02-19 04:04 - 00902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
    2012-06-14 11:05 - 2011-02-18 22:30 - 00739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
    2012-06-13 02:00 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-13 02:00 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-13 02:00 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-13 02:00 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-13 02:00 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-13 02:00 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-13 02:00 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-13 02:00 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-13 02:00 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-13 02:00 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-13 02:00 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-13 02:00 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-13 02:00 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-13 02:00 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-13 02:00 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-13 02:00 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-13 02:00 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-13 02:00 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-13 02:00 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-13 02:00 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-13 02:00 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-13 02:00 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-13 02:00 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-13 02:00 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-13 02:00 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-13 02:00 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-13 02:00 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-13 02:00 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-12 11:44 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-12 11:44 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-12 11:44 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-12 11:44 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-12 11:44 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-06-12 11:44 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-12 11:44 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-12 11:44 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-12 11:44 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-12 11:44 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-06-12 11:44 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-06-12 11:44 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-06-12 11:44 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-06-12 11:44 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-06-12 11:44 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-06-12 11:44 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-06-12 11:44 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-06-07 20:26 - 2012-06-07 20:26 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-06-07 12:07 - 2012-06-07 12:07 - 00015306 ____A C:\Users\Maddogg\Downloads\Machine_Gun_Preacher[2011]DVDRip_XviD-ETRG.torrent

    ============ 3 Months Modified Files ========================

    2012-07-04 20:30 - 2009-07-13 20:45 - 00022080 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-04 20:30 - 2009-07-13 20:45 - 00022080 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-04 20:29 - 2009-07-13 21:13 - 00729756 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-04 20:23 - 2012-07-02 21:52 - 00007764 ____A C:\Windows\PFRO.log
    2012-07-04 20:23 - 2012-07-02 21:52 - 00000779 ____A C:\Windows\setupact.log
    2012-07-04 20:23 - 2012-03-03 15:18 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
    2012-07-04 20:23 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-04 20:06 - 2012-07-04 20:06 - 00001908 ____A C:\Windows\diagwrn.xml
    2012-07-04 20:06 - 2012-07-04 20:06 - 00001908 ____A C:\Windows\diagerr.xml
    2012-07-04 20:06 - 2012-07-02 21:52 - 00000000 ____A C:\Windows\setuperr.log
    2012-07-04 19:59 - 2012-07-04 19:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D2F77AC380FF074E
    2012-07-04 19:54 - 2012-07-04 19:54 - 01431033 ____A C:\Users\Maddogg\Downloads\FRST64.exe
    2012-07-04 11:36 - 2012-07-04 11:34 - 00029291 ____A C:\Users\Maddogg\Desktop\DDS.Attach.txt
    2012-07-04 11:34 - 2012-07-04 11:34 - 00022887 ____A C:\Users\Maddogg\Desktop\DDS.txt
    2012-07-04 11:31 - 2012-07-04 11:31 - 00000332 ____A C:\Users\Maddogg\Desktop\GMER.log
    2012-07-04 11:22 - 2012-07-04 11:22 - 00002578 ____A C:\Users\Maddogg\Documents\gmer.txt
    2012-07-04 11:21 - 2012-07-04 11:21 - 00607260 ____R (Swearware) C:\Users\Maddogg\Desktop\dds.scr
    2012-07-04 11:05 - 2012-07-04 11:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F4712C8F15D6535F
    2012-07-04 10:30 - 2012-07-04 10:30 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-04 10:23 - 2012-07-04 10:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E4EB0CC719A32B16
    2012-07-04 10:08 - 2012-07-03 22:12 - 00003220 ____A C:\Windows\WindowsUpdate.log
    2012-07-04 10:07 - 2012-07-04 10:07 - 00743230 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-04 10:07 - 2012-07-04 10:07 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-07-04 09:42 - 2012-07-04 09:42 - 00302592 ____A C:\Users\Maddogg\Desktop\tb4e8lo7.exe
    2012-07-04 08:42 - 2012-07-04 08:41 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Maddogg\Downloads\mbam-setup-1.61.0.1400.exe
    2012-07-04 08:40 - 2012-07-04 08:39 - 12621696 ____A (Microsoft Corporation) C:\Users\Maddogg\Downloads\mseinstall.exe
    2012-07-04 00:57 - 2012-07-04 00:57 - 01012656 ____A C:\Users\Maddogg\Downloads\rkill.scr
    2012-07-04 00:57 - 2012-07-04 00:57 - 01012656 ____A C:\Users\Maddogg\Downloads\rkill.exe
    2012-07-04 00:57 - 2012-07-04 00:56 - 01012656 ____A C:\Users\Maddogg\Downloads\rkill.com
    2012-07-03 19:04 - 2012-07-03 18:35 - 00000361 ____A C:\rkill.log
    2012-07-03 17:21 - 2012-07-03 17:21 - 00024462 ____A C:\Users\Maddogg\Documents\moo.txt
    2012-07-03 16:07 - 2012-07-03 16:07 - 01374624 ____A (ESET) C:\Users\Maddogg\Downloads\eset_smart_security_live_installer(1).exe
    2012-07-03 15:32 - 2012-07-03 15:21 - 3992417126 ____A C:\Program Files (x86)\Diablo III.zip
    2012-07-03 15:15 - 2012-04-10 15:26 - 00000258 _RASH C:\Users\All Users\ntuser.pol
    2012-07-02 23:03 - 2012-07-02 22:55 - 62664192 ____A C:\Users\Maddogg\Downloads\ess_nt64_enu.msi
    2012-07-02 21:53 - 2012-07-02 21:53 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-02 21:53 - 2012-03-06 22:50 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-02 21:21 - 2012-07-02 21:21 - 51138560 ____A C:\Windows\System32\config\SOFTWARE.iobit
    2012-07-02 21:21 - 2012-07-02 21:21 - 20426752 ____A C:\Windows\System32\config\SYSTEM.iobit
    2012-07-02 21:21 - 2012-07-02 21:21 - 00212992 ____A C:\Windows\System32\config\DEFAULT.iobit
    2012-07-02 21:21 - 2012-07-02 21:21 - 00028672 ____A C:\Windows\System32\config\SECURITY.iobit
    2012-07-02 21:21 - 2012-07-02 21:21 - 00028672 ____A C:\Windows\System32\config\SAM.iobit
    2012-07-02 19:21 - 2012-06-26 16:11 - 00007647 ____A C:\Users\Maddogg\AppData\Local\Resmon.ResmonCfg
    2012-07-02 16:21 - 2012-07-02 16:21 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
    2012-07-02 16:21 - 2012-07-02 16:21 - 01060864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
    2012-07-02 16:21 - 2012-07-02 16:21 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
    2012-06-29 12:22 - 2012-06-29 12:22 - 00000020 ___SH C:\Users\UpdatusUser.Maddogg-PC\ntuser.ini
    2012-06-29 12:08 - 2012-06-29 12:08 - 00000020 __ASH C:\Users\UpdatusUser\ntuser.ini
    2012-06-29 04:33 - 2012-06-29 04:15 - 176526512 ____A (NVIDIA Corporation) C:\Users\Maddogg\Downloads\304.48-desktop-win7-winvista-64bit-english-beta.exe
    2012-06-26 16:31 - 2012-06-26 16:31 - 00001221 ____A C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
    2012-06-21 08:59 - 2012-06-21 08:59 - 00018617 ____A C:\Users\Maddogg\Downloads\Men_In_Black_3_2012_HD_TS_Rip_XVID_mp3_...AmirFarooqi.torrent
    2012-06-20 13:02 - 2012-06-20 13:02 - 00081591 ____A C:\Users\Maddogg\Downloads\Men in Black 3.torrent
    2012-06-20 01:48 - 2012-06-20 01:48 - 00074176 ____A C:\Windows\System32\Drivers\b899466d12fa1d37.sys
    2012-06-18 19:15 - 2012-06-18 19:15 - 00016433 ____A C:\Users\Maddogg\Downloads\21_Jump_Street_(2012)_1080p_BrRip_x264_-_1.5GB_-_YIFY.torrent
    2012-06-13 02:52 - 2009-07-13 20:45 - 00274320 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-13 02:03 - 2012-03-03 15:37 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-07 12:07 - 2012-06-07 12:07 - 00015306 ____A C:\Users\Maddogg\Downloads\Machine_Gun_Preacher[2011]DVDRip_XviD-ETRG.torrent
    2012-06-02 14:19 - 2012-06-19 00:44 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-19 00:44 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-19 00:44 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 14:19 - 2012-06-19 00:44 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-19 00:44 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-19 00:44 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-19 00:44 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-19 00:44 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 14:15 - 2012-06-19 00:44 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-05-24 09:47 - 2012-06-29 11:07 - 00024448 ____A (IObit) C:\Windows\System32\RegistryDefragBootTime.exe
    2012-05-17 18:47 - 2012-06-13 02:00 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 18:16 - 2012-06-13 02:00 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 18:06 - 2012-06-13 02:00 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 17:59 - 2012-06-13 02:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 17:59 - 2012-06-13 02:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 17:58 - 2012-06-13 02:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 17:58 - 2012-06-13 02:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 17:56 - 2012-06-13 02:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 17:55 - 2012-06-13 02:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 17:55 - 2012-06-13 02:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 17:54 - 2012-06-13 02:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 17:51 - 2012-06-13 02:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 17:51 - 2012-06-13 02:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 17:47 - 2012-06-13 02:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 15:11 - 2012-06-13 02:00 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 14:48 - 2012-06-13 02:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 14:45 - 2012-06-13 02:00 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 14:36 - 2012-06-13 02:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 14:35 - 2012-06-13 02:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 14:35 - 2012-06-13 02:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 14:33 - 2012-06-13 02:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 14:31 - 2012-06-13 02:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 14:29 - 2012-06-13 02:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 14:29 - 2012-06-13 02:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 14:27 - 2012-06-13 02:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 14:25 - 2012-06-13 02:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 14:24 - 2012-06-13 02:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 14:20 - 2012-06-13 02:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-14 20:06 - 2012-05-14 19:51 - 00001207 ____A C:\Users\Maddogg\Desktop\Diablo III.lnk
    2012-05-14 17:32 - 2012-06-12 11:44 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-12 17:39 - 2012-05-12 17:39 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2012-05-12 17:26 - 2012-05-12 17:26 - 00109016 ___AH C:\Windows\SysWOW64\mlfcache.dat
    2012-05-12 16:45 - 2012-05-12 16:45 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-05-06 15:51 - 2012-05-06 15:51 - 00000974 ____A C:\Users\Maddogg\Documents\Lemon Bars.txt
    2012-05-06 15:40 - 2012-05-06 15:40 - 00000917 ____A C:\Users\Maddogg\Documents\Silky Nutella Pudding.txt
    2012-05-06 15:37 - 2012-05-06 15:37 - 00001296 ____A C:\Users\Maddogg\Documents\Chocolate Nutella Cookies.txt
    2012-05-04 03:06 - 2012-06-12 11:44 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 02:03 - 2012-06-12 11:44 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-12 11:44 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-04-30 21:40 - 2012-06-12 11:44 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-29 12:48 - 2012-04-25 19:12 - 00000170 ____A C:\Users\Maddogg\Documents\aionmemo_ 535e1a8.dat
    2012-04-27 19:55 - 2012-06-12 11:44 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-26 00:31 - 2012-04-26 00:31 - 00004096 ____A C:\Windows\d3dx.dat
    2012-04-25 21:41 - 2012-06-12 11:44 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 21:41 - 2012-06-12 11:44 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 21:34 - 2012-06-12 11:44 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-25 02:46 - 2012-04-25 02:46 - 00014855 ____A C:\Users\Maddogg\Downloads\Lilo & Stitch.torrent
    2012-04-25 02:35 - 2012-04-25 02:35 - 00015219 ____A C:\Users\Maddogg\Downloads\Bruce Almighty.torrent
    2012-04-25 02:28 - 2012-04-25 02:28 - 00012061 ____A C:\Users\Maddogg\Downloads\Big Daddy.torrent
    2012-04-25 02:21 - 2012-04-25 02:21 - 00029805 ____A C:\Users\Maddogg\Downloads\the dukes.torrent
    2012-04-24 02:58 - 2012-04-24 02:58 - 00057175 ____A C:\Users\Maddogg\Downloads\crank.torrent
    2012-04-24 02:58 - 2012-04-24 02:58 - 00018902 ____A C:\Users\Maddogg\Downloads\crank 2 high voltage.torrent
    2012-04-23 21:37 - 2012-06-12 11:44 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-23 21:37 - 2012-06-12 11:44 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-23 21:37 - 2012-06-12 11:44 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-23 20:36 - 2012-06-12 11:44 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-23 20:36 - 2012-06-12 11:44 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-23 20:36 - 2012-06-12 11:44 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-04-13 00:21 - 2012-04-13 00:20 - 00015075 ____A C:\Users\Maddogg\Downloads\Faster.torrent
    2012-04-13 00:13 - 2012-04-13 00:13 - 00062028 ____A C:\Users\Maddogg\Downloads\unleashed.torrent
    2012-04-13 00:08 - 2012-04-13 00:08 - 00014525 ____A C:\Users\Maddogg\Downloads\the incredible hulk.torrent
    2012-04-07 04:31 - 2012-06-12 11:44 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-04-07 03:26 - 2012-06-12 11:44 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll


    ZeroAccess:
    C:\Windows\Installer\{ab474432-8c08-3d67-4496-6617cc4c8684}
    C:\Windows\Installer\{ab474432-8c08-3d67-4496-6617cc4c8684}\@
    C:\Windows\Installer\{ab474432-8c08-3d67-4496-6617cc4c8684}\L
    C:\Windows\Installer\{ab474432-8c08-3d67-4496-6617cc4c8684}\U
    C:\Windows\Installer\{ab474432-8c08-3d67-4496-6617cc4c8684}\U\00000001.@
    C:\Windows\Installer\{ab474432-8c08-3d67-4496-6617cc4c8684}\U\80000000.@
    C:\Windows\Installer\{ab474432-8c08-3d67-4496-6617cc4c8684}\U\800000cb.@

    ZeroAccess:
    C:\Users\Maddogg\AppData\Local\{ab474432-8c08-3d67-4496-6617cc4c8684}
    C:\Users\Maddogg\AppData\Local\{ab474432-8c08-3d67-4496-6617cc4c8684}\@
    C:\Users\Maddogg\AppData\Local\{ab474432-8c08-3d67-4496-6617cc4c8684}\L
    C:\Users\Maddogg\AppData\Local\{ab474432-8c08-3d67-4496-6617cc4c8684}\n
    C:\Users\Maddogg\AppData\Local\{ab474432-8c08-3d67-4496-6617cc4c8684}\U
    C:\Users\Maddogg\AppData\Local\{ab474432-8c08-3d67-4496-6617cc4c8684}\U\00000001.@
    C:\Users\Maddogg\AppData\Local\{ab474432-8c08-3d67-4496-6617cc4c8684}\U\80000000.@
    C:\Users\Maddogg\AppData\Local\{ab474432-8c08-3d67-4496-6617cc4c8684}\U\800000cb.@

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 7%
    Total physical RAM: 16354.27 MB
    Available physical RAM: 15180.64 MB
    Total Pagefile: 16352.47 MB
    Available Pagefile: 15168.25 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:931.41 GB) (Free:705.21 GB) NTFS
    2 Drive e: (GSP1RMCHPXFREO_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
    3 Drive f: () (Removable) (Total:3.74 GB) (Free:3.66 GB) FAT32
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 Online 3835 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 931 GB 101 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 931 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    * Partition 1 Primary 3835 MB 0 B

    ==================================================================================

    Disk: 1
    There is no partition selected.

    There is no partition selected.
    Please select a partition and try again.

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-03 18:55

    ======================= End Of Log ==========================
     
  8. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    In Vista or Windows 7: Boot to System Recovery Options and run FRST.
    In Windows XP: Please boot to UBCD and run FRST.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.
     
  9. Maddogg

    Maddogg TS Rookie Topic Starter Posts: 23

    Farbar Recovery Scan Tool Version: 04-07-2012 01
    Ran by SYSTEM at 2012-07-04 23:07:50
    Running from F:\

    ================== Search: "Services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
     
  10. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

  11. Maddogg

    Maddogg TS Rookie Topic Starter Posts: 23

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 04-07-2012 01
    Ran by SYSTEM at 2012-07-05 10:40:25 Run:1
    Running from F:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
    C:\Windows\System32\consrv.dll not found.
    b899466d12fa1d37 service deleted successfully.
    C:\Windows\System32\Drivers\b899466d12fa1d37.sys moved successfully.
    C:\Windows\System32\services.exe.D2F77AC380FF074E moved successfully.
    C:\Windows\System32\services.exe.F4712C8F15D6535F moved successfully.
    C:\Windows\System32\services.exe.E4EB0CC719A32B16 moved successfully.
    C:\Windows\Installer\{ab474432-8c08-3d67-4496-6617cc4c8684} moved successfully.
    C:\Users\Maddogg\AppData\Local\{ab474432-8c08-3d67-4496-6617cc4c8684} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
     
  12. Maddogg

    Maddogg TS Rookie Topic Starter Posts: 23

    ComboFix 12-07-05.03 - Maddogg 07/05/2012 10:53:52.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16354.14425 [GMT -7:00]
    Running from: c:\users\Maddogg\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\ntuser.dat
    c:\users\Maddogg\AppData\Local\assembly\tmp
    c:\users\Maddogg\AppData\Roaming\.#
    c:\users\Maddogg\AppData\Roaming\result.db
    c:\windows\system32\drivers\etc\hosts.ics
    c:\windows\SysWow64\AutoRun.exe
    c:\windows\SysWow64\AutoRun.inf
    c:\windows\SysWow64\setup.ini
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-05 to 2012-07-05 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-05 18:01 . 2012-07-05 18:01--------d-----w-c:\users\Default\AppData\Local\temp
    2012-07-05 05:21 . 2012-07-05 05:21--------d-----w-C:\FRST
    2012-07-04 19:06 . 2012-07-04 19:06--------d-----w-c:\windows\system32\config\systemprofile\AppData\Roaming\IObit
    2012-07-04 18:30 . 2012-04-04 22:5624904----a-w-c:\windows\system32\drivers\mbam.sys
    2012-07-04 18:20 . 2012-02-09 21:17927800----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4998D024-F7D5-46F7-9288-EDE69ABD7B1C}\gapaengine.dll
    2012-07-04 18:20 . 2012-06-18 10:129013136------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04D2F8FB-05ED-4F21-8289-692A990FD431}\mpengine.dll
    2012-07-04 18:07 . 2012-07-04 18:07--------d-----w-c:\program files (x86)\Microsoft Security Client
    2012-07-04 18:07 . 2012-07-04 18:07--------d-----w-c:\program files\Microsoft Security Client
    2012-07-04 04:02 . 2012-07-04 04:05--------d-----w-c:\windows\system32\MpEngineStore
    2012-07-03 23:03 . 2012-07-03 23:03--------d-----w-c:\programdata\Tarma Installer
    2012-07-03 06:42 . 2012-07-03 06:42--------d-----w-c:\program files\ESET
    2012-07-03 06:05 . 2012-07-03 06:05--------d-----w-c:\users\Maddogg\AppData\Local\Macromedia
    2012-07-03 05:53 . 2012-07-03 05:53426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-03 03:54 . 2012-07-03 03:54--------d-----w-c:\users\Maddogg\AppData\Local\GNU
    2012-07-03 00:37 . 2012-07-03 00:37--------d-----w-c:\programdata\Comodo
    2012-07-03 00:25 . 2012-07-03 00:25--------d-----w-c:\programdata\CPA_VA
    2012-07-03 00:21 . 2012-07-03 00:21348160----a-w-c:\windows\SysWow64\msvcr71.dll
    2012-07-03 00:21 . 2012-07-03 00:211700352----a-w-c:\windows\SysWow64\gdiplus.dll
    2012-07-03 00:21 . 2012-07-03 00:211060864----a-w-c:\windows\SysWow64\mfc71.dll
    2012-06-29 20:22 . 2012-07-05 18:02--------d-----w-c:\programdata\NVIDIA
    2012-06-29 20:21 . 2012-02-29 21:003089728----a-w-c:\windows\system32\nvsvc64.dll
    2012-06-29 20:21 . 2012-02-29 21:006074176----a-w-c:\windows\system32\nvcpl.dll
    2012-06-29 20:21 . 2012-02-29 20:59889664----a-w-c:\windows\system32\nvvsvc.exe
    2012-06-29 20:21 . 2012-02-29 20:5963296----a-w-c:\windows\system32\nvshext.dll
    2012-06-29 20:21 . 2012-02-29 20:59118080----a-w-c:\windows\system32\nvmctray.dll
    2012-06-29 20:21 . 2012-02-29 20:592515790----a-w-c:\windows\system32\nvcoproc.bin
    2012-06-29 20:21 . 2012-06-29 20:21--------d-----w-c:\programdata\NVIDIA Corporation
    2012-06-29 20:08 . 2012-07-04 05:07--------d-----w-c:\users\UpdatusUser
    2012-06-29 19:07 . 2012-05-24 17:4724448----a-w-c:\windows\system32\RegistryDefragBootTime.exe
    2012-06-29 11:10 . 2012-07-04 18:30--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-06-27 16:25 . 2012-06-27 16:25--------d-----w-C:\Splashtop
    2012-06-27 00:31 . 2012-06-27 00:31--------d-----w-c:\programdata\IObit
    2012-06-27 00:31 . 2012-06-27 00:31--------d-----w-c:\users\Maddogg\AppData\Roaming\IObit
    2012-06-27 00:31 . 2012-06-27 00:31--------d-----w-c:\program files (x86)\IObit
    2012-06-27 00:12 . 2012-06-27 00:17--------d-----w-c:\program files (x86)\FixCleaner
    2012-06-27 00:12 . 2012-06-27 00:14--------d-----w-c:\users\Maddogg\AppData\Roaming\FixCleaner
    2012-06-26 23:51 . 2012-06-26 23:51--------d-----w-c:\users\Maddogg\AppData\Roaming\LockHunter
    2012-06-26 23:50 . 2012-07-03 05:49--------d-----w-c:\program files\LockHunter
    2012-06-21 05:02 . 2012-06-21 05:02--------d--h--w-c:\programdata\Common Files
    2012-06-19 08:44 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
    2012-06-19 08:44 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
    2012-06-19 08:44 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
    2012-06-19 08:44 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
    2012-06-19 08:44 . 2012-06-02 22:1938424----a-w-c:\windows\system32\wups.dll
    2012-06-19 08:44 . 2012-06-02 22:19701976----a-w-c:\windows\system32\wuapi.dll
    2012-06-19 08:44 . 2012-06-02 22:1599840----a-w-c:\windows\system32\wudriver.dll
    2012-06-19 08:44 . 2012-06-02 22:19186752----a-w-c:\windows\system32\wuwebv.dll
    2012-06-19 08:44 . 2012-06-02 22:1536864----a-w-c:\windows\system32\wuapp.exe
    2012-06-14 19:05 . 2011-02-19 12:051139200----a-w-c:\windows\system32\FntCache.dll
    2012-06-14 19:05 . 2011-02-19 12:04902656----a-w-c:\windows\system32\d2d1.dll
    2012-06-14 19:05 . 2011-02-19 06:30739840----a-w-c:\windows\SysWow64\d2d1.dll
    2012-06-12 19:44 . 2012-04-26 05:4177312----a-w-c:\windows\system32\rdpwsx.dll
    2012-06-08 04:26 . 2012-06-08 04:26--------d-sh--w-c:\windows\system32\%APPDATA%
    2012-06-07 05:49 . 2012-06-07 05:49770384----a-w-c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-07 05:49 . 2012-06-07 05:49421200----a-w-c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-03 05:53 . 2012-03-07 06:5070344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll" [2011-02-14 165776]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-06-11 1524056]
    .
    [HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]
    [HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]
    [HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Logitech Vid"="c:\program files (x86)\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
    "Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
    "GNU"="c:\users\Maddogg\AppData\Local\GNU\vueuiaof.dll" [2012-02-14 339968]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Live Update 5"="c:\program files (x86)\MSI\Live Update 5\LU5.exe" [2011-03-23 1261568]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "STCAgent"="c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-02-14 776064]
    "ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
    "Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2012-01-03 502288]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 0 (0x0)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-03-03 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-03-03 79360]
    R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2012-03-07 79360]
    R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-08 230488]
    R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-08 1445976]
    R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-08 95320]
    R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-19 113120]
    R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]
    R3 MSILiveVirtualCamera;MSI Live Virtual Camera;c:\windows\system32\DRIVERS\MSILiveVirtualCamera.sys [2007-01-29 456192]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
    R3 NTIOLib_1_0_1;NTIOLib_1_0_1;c:\program files (x86)\MSI\ControlCenter\NTIOLib_X64.sys [2009-10-06 14136]
    R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-04-10 50720]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-03 1255736]
    S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
    S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-01-14 1839616]
    S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-01-18 164520]
    S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [2012-01-03 138768]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
    S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2009-07-20 27136]
    S2 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
    S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
    S2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-03-24 493384]
    S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]
    S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-08 230488]
    S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-08 1445976]
    S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-08 95320]
    S3 e1qexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver Q;c:\windows\system32\DRIVERS\e1q62x64.sys [2010-07-08 303280]
    S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-08 1612888]
    S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
    S3 LVUVC64;Logitech Webcam 120(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
    S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [2010-05-10 33592]
    S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2010-01-18 14136]
    S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-22 14136]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - NTIOLIB_1_0_3
    *NewlyCreated* - WS2IFSL
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://yahoo.com/?ilc=10&fr=ydwnld-home
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 10.0.1.1
    DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    FF - ProfilePath - c:\users\Maddogg\AppData\Roaming\Mozilla\Firefox\Profiles\pltqbs6r.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.wowhead.com/
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
    eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
    d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
    "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
    06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
    "{0E5680D1-BF44-4929-94AF-FD30D784AD1D}"=hex:51,66,7a,6c,4c,1d,38,12,bf,83,45,
    0a,76,f1,47,0c,eb,b9,be,70,d2,da,e9,09
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:fd,f9,19,cc,a6,47,cd,01
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files (x86)\Splashtop\Splashtop Connect IE\STCHelper.exe
    c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
    c:\program files (x86)\Internet Explorer\iexplore.exe
    c:\program files (x86)\Internet Explorer\iexplore.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-05 11:07:12 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-05 18:07
    .
    Pre-Run: 756,310,413,312 bytes free
    Post-Run: 756,699,054,080 bytes free
    .
    - - End Of File - - BD5EAB2F7504F3D7501BABEAF6D9C967
     
  13. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Looks good :)

    How is computer doing?

    ========================================

    Uninstall Advanced SystemCare 5.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    ============================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ================================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  14. Maddogg

    Maddogg TS Rookie Topic Starter Posts: 23

    So far it seems to have fixed the problems, everything is on and working again appreciate all of your help.

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.07.06.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Maddogg :: MADDOGG-PC [administrator]

    Protection: Disabled

    7/5/2012 6:42:26 PM
    mbam-log-2012-07-05 (18-42-26).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 247440
    Time elapsed: 18 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  15. Maddogg

    Maddogg TS Rookie Topic Starter Posts: 23

    here is olt
    OTL logfile created on: 7/5/2012 6:48:27 PM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Maddogg\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    15.97 Gb Total Physical Memory | 14.33 Gb Available Physical Memory | 89.73% Memory free
    31.94 Gb Paging File | 30.23 Gb Available in Paging File | 94.64% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 714.33 Gb Free Space | 76.69% Space Free | Partition Type: NTFS
    Drive D: | 3.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: MADDOGG-PC | User Name: Maddogg | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/05 18:39:01 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Maddogg\Desktop\OTL.exe
    PRC - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
    PRC - [2012/01/03 14:34:20 | 000,138,768 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
    PRC - [2012/01/03 14:34:16 | 000,502,288 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
    PRC - [2011/03/23 21:37:18 | 000,493,384 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
    PRC - [2011/03/22 01:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
    PRC - [2011/02/14 13:41:26 | 001,148,800 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCHelper.exe
    PRC - [2010/11/20 20:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    PRC - [2010/11/15 04:21:56 | 000,841,544 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
    PRC - [2010/11/15 04:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
    PRC - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    PRC - [2009/10/07 02:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/12/21 19:33:32 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE\sqlite3.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/01/17 17:00:50 | 000,164,520 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R) PROSet Monitoring Service) Intel(R)
    SRV:64bit: - [2010/11/29 16:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R)
    SRV:64bit: - [2009/10/07 02:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/06/19 11:24:21 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/03/07 00:35:09 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
    SRV - [2012/03/03 04:04:04 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
    SRV - [2012/03/03 04:03:47 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
    SRV - [2012/02/29 17:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Start_Pending] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
    SRV - [2012/01/03 14:34:20 | 000,138,768 | ---- | M] (MSI) [Auto | Running] -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe -- (MSI_SuperCharger)
    SRV - [2011/03/23 21:37:18 | 000,493,384 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe -- (WCUService_STC_FF)
    SRV - [2011/03/22 01:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE)
    SRV - [2011/01/14 16:41:58 | 001,839,616 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
    SRV - [2010/11/15 04:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe -- (SCBackService)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/01/17 05:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/29 16:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
    DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/07/07 23:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
    DRV:64bit: - [2010/07/07 23:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
    DRV:64bit: - [2010/07/07 23:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
    DRV:64bit: - [2010/07/07 23:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV:64bit: - [2010/07/07 23:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
    DRV:64bit: - [2010/07/07 23:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
    DRV:64bit: - [2010/07/07 23:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
    DRV:64bit: - [2010/07/07 23:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
    DRV:64bit: - [2010/07/07 23:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
    DRV:64bit: - [2010/07/07 23:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
    DRV:64bit: - [2010/07/07 23:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
    DRV:64bit: - [2010/07/07 23:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
    DRV:64bit: - [2010/07/07 23:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
    DRV:64bit: - [2010/07/07 23:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
    DRV:64bit: - [2010/07/07 23:07:10 | 000,303,280 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1q62x64.sys -- (e1qexpress) Intel(R)
    DRV:64bit: - [2010/04/10 16:05:30 | 000,050,720 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.2)
    DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
    DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
    DRV:64bit: - [2009/10/07 01:49:27 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 120(UVC)
    DRV:64bit: - [2009/07/20 11:27:34 | 000,027,136 | ---- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/17 10:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2009/06/17 10:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2007/01/29 08:40:58 | 000,456,192 | ---- | M] (MSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MSILiveVirtualCamera.sys -- (MSILiveVirtualCamera)
    DRV - [2010/10/22 11:37:36 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys -- (NTIOLib_1_0_4)
    DRV - [2010/05/10 11:44:40 | 000,033,592 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys -- (MSI_MSIBIOS_010507)
    DRV - [2010/01/18 11:36:44 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys -- (NTIOLib_1_0_3)
    DRV - [2009/10/06 01:10:14 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\ControlCenter\NTIOLib_X64.sys -- (NTIOLib_1_0_1)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/?ilc=10&fr=ydwnld-home
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC 22 37 04 6C 01 CD 01 [binary data]
    IE - HKCU\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.)
    IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    IE - HKCU\..\SearchScopes,DefaultScope = {EA1D92E4-7179-4231-ABAB-DCB7F6000981}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH
    IE - HKCU\..\SearchScopes\{3A01DE34-EA54-4628-99AE-A5C59A6C52C2}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=MMBROWSV
    IE - HKCU\..\SearchScopes\{590BCD58-EEB1-43c8-A217-D388DFF9706E}: "URL" = http://www.google.com/cse?cx=partne...b-3794288947762788:7256076927&q={searchTerms}
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
    IE - HKCU\..\SearchScopes\{A53AE188-2905-4A02-A9F1-B8E97A0B4189}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=717501E6-AAED-488B-9851-7B2A29A43032
    IE - HKCU\..\SearchScopes\{EA1D92E4-7179-4231-ABAB-DCB7F6000981}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-ydwnld
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Google"
    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo Search"
    FF - prefs.js..browser.startup.homepage: "http://www.wowhead.com/"
    FF - prefs.js..network.proxy.type: 0


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} [2012/03/03 03:43:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} [2012/03/03 03:43:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{d9284e50-81fc-11da-a72b-0800200c9a66}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66} [2012/03/03 03:43:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/26 16:34:31 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/12 14:41:55 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{39136B02-9B64-11E1-826E-B8AC6F996F26}: C:\Users\Maddogg\AppData\Local\{39136B02-9B64-11E1-826E-B8AC6F996F26}\ [2012/05/11 05:24:20 | 000,000,000 | ---D | M]

    [2012/03/03 03:49:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maddogg\AppData\Roaming\Mozilla\Extensions
    [2012/06/27 02:16:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maddogg\AppData\Roaming\Mozilla\Firefox\Profiles\pltqbs6r.default\extensions
    [2012/07/03 17:13:59 | 000,000,000 | ---D | M] (Bucksbee Loyalty Plugin - Air Installer) -- C:\Users\Maddogg\AppData\Roaming\Mozilla\Firefox\Profiles\pltqbs6r.default\extensions\{003e1c8f-ebd6-f074-7551-4b31c0f547ec}
    [2012/05/18 01:55:26 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Maddogg\AppData\Roaming\Mozilla\Firefox\Profiles\pltqbs6r.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2012/07/03 17:13:59 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Maddogg\AppData\Roaming\Mozilla\Firefox\Profiles\pltqbs6r.default\extensions\plugin@yontoo.com
    [2012/01/03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Maddogg\AppData\Roaming\Mozilla\Firefox\Profiles\pltqbs6r.default\searchplugins\askcom.xml
    [2012/07/03 16:03:37 | 000,001,259 | ---- | M] () -- C:\Users\Maddogg\AppData\Roaming\Mozilla\Firefox\Profiles\pltqbs6r.default\searchplugins\search-the-web.xml
    [2012/03/17 22:36:16 | 000,000,942 | ---- | M] () -- C:\Users\Maddogg\AppData\Roaming\Mozilla\Firefox\Profiles\pltqbs6r.default\searchplugins\yahoo.xml
    [2012/03/17 17:05:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/05/11 05:24:20 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\MADDOGG\APPDATA\LOCAL\{39136B02-9B64-11E1-826E-B8AC6F996F26}
    [2012/06/19 12:35:32 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\MADDOGG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PLTQBS6R.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
    [2012/06/19 11:24:21 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/06/20 22:04:55 | 000,003,659 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/02/16 03:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/02/16 03:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/07/05 11:02:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Splashtop Connect VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (Splashtop Inc.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
    O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\LU5.exe ()
    O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
    O4 - HKLM..\Run: [STCAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe (Splashtop Inc.)
    O4 - HKLM..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe (MSI)
    O4 - HKLM..\Run: [ZyngaGamesAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.)
    O4 - HKCU..\Run: [GNU] C:\Users\Maddogg\AppData\Local\GNU\vueuiaof.dll (Creative Technology Ltd.)
    O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
    O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{608EF4BA-4FF9-4B89-B743-3A635C503453}: DhcpNameServer = 10.0.1.1
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/04/12 02:38:58 | 000,000,122 | R--- | M] () - D:\autorun.inf -- [ UDF ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/05 18:38:54 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Maddogg\Desktop\OTL.exe
    [2012/07/05 11:13:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/07/05 10:53:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/05 10:53:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/05 10:53:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/05 10:53:11 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/07/05 10:53:10 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/05 10:53:03 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/05 10:28:10 | 004,571,944 | R--- | C] (Swearware) -- C:\Users\Maddogg\Desktop\ComboFix.exe
    [2012/07/04 22:21:39 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/04 12:21:34 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Maddogg\Desktop\dds.scr
    [2012/07/04 11:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/04 11:30:53 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/04 11:07:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/07/04 11:07:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/07/03 21:02:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
    [2012/07/03 16:03:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
    [2012/07/02 23:42:33 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
    [2012/07/02 23:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012/07/02 23:05:15 | 000,000,000 | ---D | C] -- C:\Users\Maddogg\AppData\Local\Macromedia
    [2012/07/02 20:54:57 | 000,000,000 | ---D | C] -- C:\Users\Maddogg\AppData\Local\GNU
    [2012/07/02 17:37:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
    [2012/07/02 17:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
    [2012/06/29 13:24:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    [2012/06/29 13:22:07 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
    [2012/06/29 13:21:43 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
    [2012/06/29 12:07:33 | 000,024,448 | ---- | C] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe
    [2012/06/29 04:10:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/06/27 09:25:56 | 000,000,000 | ---D | C] -- C:\Splashtop
    [2012/06/26 17:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
    [2012/06/26 17:31:11 | 000,000,000 | ---D | C] -- C:\Users\Maddogg\AppData\Roaming\IObit
    [2012/06/26 17:31:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
    [2012/06/26 17:12:34 | 000,000,000 | ---D | C] -- C:\Users\Maddogg\AppData\Roaming\FixCleaner
    [2012/06/26 17:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FixCleaner
    [2012/06/26 17:12:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
    [2012/06/26 16:51:23 | 000,000,000 | ---D | C] -- C:\Users\Maddogg\AppData\Roaming\LockHunter
    [2012/06/26 16:50:42 | 000,000,000 | ---D | C] -- C:\Program Files\LockHunter
    [2012/06/20 22:02:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
    [2012/06/07 21:26:24 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%

    ========== Files - Modified Within 30 Days ==========

    [2012/07/05 18:46:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
    [2012/07/05 18:46:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/05 18:46:27 | 4271,591,422 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/05 18:45:53 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000002-00000000-00000000-00001102-0000000B-00411102}.rfx
    [2012/07/05 18:45:53 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000002-00000000-00000000-00001102-0000000B-00411102}.rfx
    [2012/07/05 18:45:53 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000000-00001102-0000000B-00411102}.rfx
    [2012/07/05 18:39:01 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Maddogg\Desktop\OTL.exe
    [2012/07/05 11:20:36 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/05 11:20:36 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/05 11:19:19 | 000,729,756 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/07/05 11:19:19 | 000,626,236 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/05 11:19:19 | 000,107,512 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/05 11:03:35 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2012/07/05 11:02:53 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/07/05 10:28:36 | 004,571,944 | R--- | M] (Swearware) -- C:\Users\Maddogg\Desktop\ComboFix.exe
    [2012/07/04 21:06:20 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
    [2012/07/04 21:06:20 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
    [2012/07/04 12:21:36 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Maddogg\Desktop\dds.scr
    [2012/07/04 11:30:54 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/04 11:07:46 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/07/04 11:07:38 | 000,743,230 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/07/04 10:42:37 | 000,302,592 | ---- | M] () -- C:\Users\Maddogg\Desktop\tb4e8lo7.exe
    [2012/07/03 16:32:29 | 3992,417,125 | ---- | M] () -- C:\Program Files (x86)\Diablo III.zip
    [2012/07/02 20:21:00 | 000,007,647 | ---- | M] () -- C:\Users\Maddogg\AppData\Local\Resmon.ResmonCfg
    [2012/06/26 10:34:05 | 000,001,188 | ---- | M] () -- C:\Users\Maddogg\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk
    [2012/06/13 03:52:48 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

    ========== Files Created - No Company Name ==========

    [2012/07/05 10:53:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/05 10:53:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/05 10:53:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/05 10:53:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/05 10:53:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/04 21:06:01 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
    [2012/07/04 21:06:01 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
    [2012/07/04 11:30:54 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/04 11:07:46 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2012/07/04 11:07:41 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/07/04 11:07:38 | 000,743,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/07/04 10:42:37 | 000,302,592 | ---- | C] () -- C:\Users\Maddogg\Desktop\tb4e8lo7.exe
    [2012/07/03 16:21:26 | 3992,417,125 | ---- | C] () -- C:\Program Files (x86)\Diablo III.zip
    [2012/06/29 13:21:57 | 002,515,790 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
    [2012/06/26 17:11:52 | 000,007,647 | ---- | C] () -- C:\Users\Maddogg\AppData\Local\Resmon.ResmonCfg
    [2012/06/26 10:34:05 | 000,001,188 | ---- | C] () -- C:\Users\Maddogg\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk
    [2012/05/12 18:26:10 | 000,109,016 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2012/04/26 01:31:09 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
    [2012/04/10 16:26:09 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2012/03/11 12:24:02 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2012/03/06 00:26:48 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\SetupSupport.dll
    [2012/03/04 12:18:50 | 000,230,400 | ---- | C] () -- C:\ProgramData\tempraw
    [2012/03/03 04:06:15 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2012/03/03 04:06:15 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2012/03/03 04:06:00 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
    [2012/03/03 04:06:00 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
    [2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2012/01/18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
    [2012/01/18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
    [2012/01/18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
    [2010/07/07 22:23:10 | 000,017,868 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
    [2010/07/07 21:36:44 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
    [2010/07/07 21:33:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
    [2010/07/07 21:21:00 | 000,384,647 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
    [2010/07/07 21:21:00 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
    [2010/07/07 21:10:30 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
    [2010/07/07 21:10:22 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe

    ========== LOP Check ==========

    [2012/06/08 13:31:53 | 000,000,000 | ---D | M] -- C:\Users\Maddogg\AppData\Roaming\Adusa
    [2012/06/26 17:14:20 | 000,000,000 | ---D | M] -- C:\Users\Maddogg\AppData\Roaming\FixCleaner
    [2012/06/26 17:31:11 | 000,000,000 | ---D | M] -- C:\Users\Maddogg\AppData\Roaming\IObit
    [2012/03/03 16:10:52 | 000,000,000 | ---D | M] -- C:\Users\Maddogg\AppData\Roaming\Leadertech
    [2012/06/26 16:51:23 | 000,000,000 | ---D | M] -- C:\Users\Maddogg\AppData\Roaming\LockHunter
    [2012/03/03 03:42:48 | 000,000,000 | ---D | M] -- C:\Users\Maddogg\AppData\Roaming\Splashtop
    [2012/07/05 10:20:13 | 000,000,000 | ---D | M] -- C:\Users\Maddogg\AppData\Roaming\uTorrent
    [2009/07/13 22:08:49 | 000,024,822 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >
     
  16. Maddogg

    Maddogg TS Rookie Topic Starter Posts: 23

    OTL Extras logfile created on: 7/5/2012 6:48:27 PM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Maddogg\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    15.97 Gb Total Physical Memory | 14.33 Gb Available Physical Memory | 89.73% Memory free
    31.94 Gb Paging File | 30.23 Gb Available in Paging File | 94.64% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 714.33 Gb Free Space | 76.69% Space Free | Partition Type: NTFS
    Drive D: | 3.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: MADDOGG-PC | User Name: Maddogg | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
    .reg[@ = regfile] -- C:\Windows\regedit.exe ()

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .reg [@ = regfile] -- C:\Windows\regedit.exe ()

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- Reg Error: Key error.
    regfile [open] -- regedit.exe "%1" ()
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [edit] -- Reg Error: Key error.
    regfile [open] -- regedit.exe "%1" ()
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{24F576AC-114B-4AA8-BB97-462DB3AF7827}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{31570B84-E8A7-4B20-B73A-12961BE11350}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{35119ABF-B01D-4013-8A9D-BAA1280BA09E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{52703139-F53A-4B81-8B66-DFCC4A2A4CE9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{672B9B72-11CE-4374-930A-47C77B1FC36E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{6F3FA164-1708-40ED-A771-82A566AB640B}" = lport=443 | protocol=6 | dir=in | app=system |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C6AAF8A7-D419-4F90-9F4C-F80A1B653622}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{FA2056E0-D0ED-4518-9311-32C76CC0CAA4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{FC307556-FAC8-479F-9A54-963946218004}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{0771921C-FCFD-4B54-82FD-8A66AACCC240}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{31472293-20A1-4CCA-B80C-6878C4D45A28}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{489D22B1-C300-4041-8DA0-B3FB50DEACA7}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{6457A38E-B40E-451C-AFC2-810D0B2C5B3F}" = protocol=6 | dir=out | svc=msiscsi | app=%systemroot%\system32\svchost.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{6DB4BD70-8C07-4764-A8FC-019103B17915}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{895B1E20-AA66-4054-9367-75A6555AB5DD}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
    "{8A5664BB-8287-40CD-AEBD-7AA3C12DF789}" = protocol=6 | dir=in | svc=msiscsi | app=%systemroot%\system32\svchost.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{645AE9CF-AF1B-4FBB-9B9D-17A23D03AF10}" = Intel(R) Network Connections 16.1.53.0
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B48E1FFD-A85D-45DB-9070-C06CDF6BD427}" = User's Guides
    "{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
    "{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.20
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "lvdrivers_12.10" = Logitech Webcam Software Driver Package
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "PROSetDX" = Intel(R) Network Connections 16.1.53.0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0E1FE502-7536-4155-BBC6-7BE8E465DE08}" = Firebird SQL Server - MAGIX Edition
    "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "{20094AB6-5EA9-4D94-A687-948DC7F653CF}" = mufin player 2.0
    "{20288888-A7AF-4B24-8AEB-398D20CD563C}" = Sound Blaster X-Fi
    "{2181E115-081A-4A96-97AB-7E8413639288}" = MSI VideoGenie Application
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{2FC3159C-7AD6-46FF-83C5-BF9B372E6721}" = Aion
    "{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
    "{3B983EFD-6E37-4AD9-9A7D-8C83E61674F7}" = Splashtop Connect IE
    "{45D49CA7-D7D8-4659-B35A-EBD98C30AF28}" = Splashtop Connect for Firefox
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
    "{558C02DD-1EC8-4835-889C-B13EE02FBE36}" = Chicken Shake Game
    "{698B7D8B-0F43-4A19-8B9B-47F1EFEB858F}_is1" = ControlCenter
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{75B2E11A-BAB8-4AC3-8CE3-56C0C2027DCA}" = Star Mission Game
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1" = Super-Charger
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
    "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
    "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
    "{C0EAE1CA-EBF0-4A55-BEA9-EA79FAF40889}" = MAGIX Video easy SE
    "{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EECD7B96-1416-4D3A-B12D-0D2512120C36}" = EasyViewer
    "{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
    "{F2C4E6E0-EB78-4824-A212-6DF6AF0E8E82}" = FINAL FANTASY XIV
    "3DMIDI" = Creative 3DMIDI Player
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Afterburner" = MSI Afterburner 2.1.0
    "AudioCS" = Creative Audio Control Panel
    "AudioGenie_is1" = AudioGenie
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "ControlCenter_is1" = ControlCenter
    "Creative Software AutoUpdate" = Creative Software AutoUpdate
    "Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
    "Diablo III" = Diablo III
    "Diagnostics 4_5" = Creative Diagnostics
    "Dolby Digital Live Pack" = Dolby Digital Live Pack
    "DTS Connect Pack" = DTS Connect Pack
    "FormatFactory" = FormatFactory 2.90
    "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "InstallShield_{EECD7B96-1416-4D3A-B12D-0D2512120C36}" = EasyViewer
    "Liveupdate5_is1" = Liveupdate5
    "MAGIX_MSI_mufin_player_2" = mufin player 2.0
    "MAGIX_MSI_Video_easy_SE" = MAGIX Video easy SE
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "OpenAL" = OpenAL
    "StarCraft II" = StarCraft II
    "SysInfo" = Creative System Information
    "TeamingGenie_is1" = TeamingGenie
    "Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 2.0.1
    "WaveStudio 7" = Creative WaveStudio 7
    "World of Warcraft" = World of Warcraft
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/5/2012 2:13:39 PM | Computer Name = Maddogg-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
    time stamp: 0x4fb57c8f Faulting module name: IEFRAME.dll, version: 9.0.8112.16446,
    time stamp: 0x4fb57fbb Exception code: 0xc0000005 Fault offset: 0x000fd1e1 Faulting
    process id: 0xf34 Faulting application start time: 0x01cd5ad9e4dbceaf Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\system32\IEFRAME.dll Report Id: 2503abb5-c6cd-11e1-a60b-8c89a5154b4d

    Error - 7/5/2012 2:24:50 PM | Computer Name = Maddogg-PC | Source = RasClient | ID = 20227
    Description =

    Error - 7/5/2012 2:25:43 PM | Computer Name = Maddogg-PC | Source = RasClient | ID = 20227
    Description =

    Error - 7/5/2012 2:31:11 PM | Computer Name = Maddogg-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
    time stamp: 0x4fb57c8f Faulting module name: IEFRAME.dll, version: 9.0.8112.16446,
    time stamp: 0x4fb57fbb Exception code: 0xc0000005 Fault offset: 0x000fd1e1 Faulting
    process id: 0xae8 Faulting application start time: 0x01cd5adc5958a579 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\system32\IEFRAME.dll Report Id: 97f9dcc7-c6cf-11e1-a60b-8c89a5154b4d

    Error - 7/5/2012 2:48:43 PM | Computer Name = Maddogg-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
    time stamp: 0x4fb57c8f Faulting module name: IEFRAME.dll, version: 9.0.8112.16446,
    time stamp: 0x4fb57fbb Exception code: 0xc0000005 Fault offset: 0x000fd1e1 Faulting
    process id: 0xf38 Faulting application start time: 0x01cd5adecc4b071b Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\system32\IEFRAME.dll Report Id: 0b171b75-c6d2-11e1-a60b-8c89a5154b4d

    Error - 7/5/2012 3:08:39 PM | Computer Name = Maddogg-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
    time stamp: 0x4fb57c8f Faulting module name: IEFRAME.dll, version: 9.0.8112.16446,
    time stamp: 0x4fb57fbb Exception code: 0xc0000005 Fault offset: 0x000fd1e1 Faulting
    process id: 0x964 Faulting application start time: 0x01cd5ae194f61023 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\system32\IEFRAME.dll Report Id: d3e22fa0-c6d4-11e1-a60b-8c89a5154b4d

    Error - 7/5/2012 3:26:11 PM | Computer Name = Maddogg-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
    time stamp: 0x4fb57c8f Faulting module name: IEFRAME.dll, version: 9.0.8112.16446,
    time stamp: 0x4fb57fbb Exception code: 0xc0000005 Fault offset: 0x000fd1e1 Faulting
    process id: 0xfb0 Faulting application start time: 0x01cd5ae40834a100 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\system32\IEFRAME.dll Report Id: 46ecdf39-c6d7-11e1-a60b-8c89a5154b4d

    Error - 7/5/2012 3:43:43 PM | Computer Name = Maddogg-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
    time stamp: 0x4fb57c8f Faulting module name: IEFRAME.dll, version: 9.0.8112.16446,
    time stamp: 0x4fb57fbb Exception code: 0xc0000005 Fault offset: 0x000fd1e1 Faulting
    process id: 0x960 Faulting application start time: 0x01cd5ae67b54d498 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\system32\IEFRAME.dll Report Id: ba03eb10-c6d9-11e1-a60b-8c89a5154b4d

    Error - 7/5/2012 9:46:46 PM | Computer Name = Maddogg-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 7/5/2012 9:46:55 PM | Computer Name = Maddogg-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
    time stamp: 0x4fb57c8f Faulting module name: IEFRAME.dll, version: 9.0.8112.16446,
    time stamp: 0x4fb57fbb Exception code: 0xc0000005 Fault offset: 0x000fd1e1 Faulting
    process id: 0xea4 Faulting application start time: 0x01cd5b1934dae78e Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\system32\IEFRAME.dll Report Id: 76a04e03-c70c-11e1-a20b-8c89a5154b4d

    [ Media Center Events ]
    Error - 5/19/2012 9:01:48 PM | Computer Name = Maddogg-PC | Source = MCUpdate | ID = 0
    Description = 6:01:47 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
    404: The requested URL does not exist on the server. )

    Error - 5/20/2012 9:11:25 AM | Computer Name = Maddogg-PC | Source = MCUpdate | ID = 0
    Description = 6:11:25 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
    404: The requested URL does not exist on the server. )

    Error - 5/20/2012 9:55:27 PM | Computer Name = Maddogg-PC | Source = MCUpdate | ID = 0
    Description = 6:55:23 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
    404: The requested URL does not exist on the server. )

    Error - 5/21/2012 6:16:36 AM | Computer Name = Maddogg-PC | Source = MCUpdate | ID = 0
    Description = 3:16:36 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
    404: The requested URL does not exist on the server. )

    Error - 5/21/2012 9:37:06 AM | Computer Name = Maddogg-PC | Source = MCUpdate | ID = 0
    Description = 6:37:06 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
    404: The requested URL does not exist on the server. )

    Error - 5/21/2012 9:11:23 PM | Computer Name = Maddogg-PC | Source = MCUpdate | ID = 0
    Description = 6:11:22 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
    404: The requested URL does not exist on the server. )

    Error - 5/22/2012 9:58:41 AM | Computer Name = Maddogg-PC | Source = MCUpdate | ID = 0
    Description = 6:58:41 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
    404: The requested URL does not exist on the server. )

    Error - 5/22/2012 9:19:44 PM | Computer Name = Maddogg-PC | Source = MCUpdate | ID = 0
    Description = 6:19:43 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
    404: The requested URL does not exist on the server. )

    Error - 5/23/2012 9:14:49 AM | Computer Name = Maddogg-PC | Source = MCUpdate | ID = 0
    Description = 6:14:49 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
    404: The requested URL does not exist on the server. )

    Error - 7/3/2012 12:18:45 AM | Computer Name = Maddogg-PC | Source = Microsoft-Windows-Media Center Extender | ID = 538
    Description =

    [ System Events ]
    Error - 7/5/2012 2:01:49 PM | Computer Name = Maddogg-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 7/5/2012 2:02:41 PM | Computer Name = Maddogg-PC | Source = BridgeMP | ID = 14605
    Description = Bridge: The bridge failed to create its virtual miniport.

    Error - 7/5/2012 2:04:10 PM | Computer Name = Maddogg-PC | Source = DCOM | ID = 10010
    Description =

    Error - 7/5/2012 2:07:11 PM | Computer Name = Maddogg-PC | Source = Service Control Manager | ID = 7034
    Description = The Process Monitor service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 7/5/2012 2:16:42 PM | Computer Name = Maddogg-PC | Source = BridgeMP | ID = 14605
    Description = Bridge: The bridge failed to create its virtual miniport.

    Error - 7/5/2012 2:23:25 PM | Computer Name = Maddogg-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.129.991.0 Update Source: %%859 Update Stage:
    %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error
    code: 0x8024402c Error description: An unexpected problem occurred while checking
    for updates. For information on installing or troubleshooting updates, see Help
    and Support.

    Error - 7/5/2012 2:29:37 PM | Computer Name = Maddogg-PC | Source = BridgeMP | ID = 14605
    Description = Bridge: The bridge failed to create its virtual miniport.

    Error - 7/5/2012 2:43:12 PM | Computer Name = Maddogg-PC | Source = BridgeMP | ID = 14605
    Description = Bridge: The bridge failed to create its virtual miniport.

    Error - 7/5/2012 2:52:11 PM | Computer Name = Maddogg-PC | Source = BridgeMP | ID = 14605
    Description = Bridge: The bridge failed to create its virtual miniport.

    Error - 7/5/2012 8:09:24 PM | Computer Name = Maddogg-PC | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.


    < End of report >
     
  17. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    OTL logs are clean :)

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  18. Maddogg

    Maddogg TS Rookie Topic Starter Posts: 23

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 31
    Adobe Flash Player 11.3.300.262
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Malwarebytes' Anti-Malware mbamservice.exe
    Microsoft Security Essentials msseces.exe
    ``````````End of Log````````````
     
  19. Maddogg

    Maddogg TS Rookie Topic Starter Posts: 23

    Farbar Service Scanner Version: 02-07-2012
    Ran by Maddogg (administrator) on 05-07-2012 at 22:56:31
    Running from "C:\Users\Maddogg\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  20. Maddogg

    Maddogg TS Rookie Topic Starter Posts: 23

    C:\FRST\Quarantine\services.exe Win64/Patched.B.Gen trojan deleted - quarantined
    C:\FRST\Quarantine\{ab474432-8c08-3d67-4496-6617cc4c8684}\U\80000000.@ Win64/Sirefef.AL trojan cleaned by deleting - quarantined
    C:\FRST\Quarantine\{ab474432-8c08-3d67-4496-6617cc4c8684}\{ab474432-8c08-3d67-4496-6617cc4c8684}\n Win64/Sirefef.W trojan cleaned by deleting - quarantined
    C:\FRST\Quarantine\{ab474432-8c08-3d67-4496-6617cc4c8684}\{ab474432-8c08-3d67-4496-6617cc4c8684}\U\80000000.@ Win64/Sirefef.AL trojan cleaned by deleting - quarantined
    C:\Users\Maddogg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk Win32/Adware.ADON application cleaned by deleting - quarantined
    C:\Users\Maddogg\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.lnk Win32/Adware.ADON application cleaned by deleting - quarantined
     
  21. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ===========================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  22. Maddogg

    Maddogg TS Rookie Topic Starter Posts: 23

    Result Log

    Files\Folders moved on Reboot...
    C:\Users\Maddogg\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Maddogg\AppData\Local\Temp\~DF19837BB0E9336231.TMP moved successfully.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

    PendingFileRenameOperations files...
    File C:\Users\Maddogg\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    File C:\Users\Maddogg\AppData\Local\Temp\~DF19837BB0E9336231.TMP not found!
    [2009/10/07 02:47:22 | 000,109,080 | ---- | M] (Logitech Inc.) C:\Windows\temp\logishrd\LVPrcInj01.dll : Unable to obtain MD5
    [2009/10/07 02:46:36 | 000,131,608 | ---- | M] (Logitech Inc.) C:\Windows\temp\logishrd\LVPrcInj02.dll : Unable to obtain MD5

    Registry entries deleted on Reboot...
     
  23. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    This is not a full log.
    Redo.
     
  24. Maddogg

    Maddogg TS Rookie Topic Starter Posts: 23

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Maddogg
    ->Temp folder emptied: 373915 bytes
    ->Temporary Internet Files folder emptied: 680057 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 11011972 bytes
    ->Flash cache emptied: 643 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: UpdatusUser.Maddogg-PC
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 244680 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 12.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Maddogg
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    User: UpdatusUser.Maddogg-PC

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Maddogg
    ->Java cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    User: UpdatusUser.Maddogg-PC

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.53.1 log created on 07062012_194821

    Files\Folders moved on Reboot...
    C:\Users\Maddogg\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Maddogg\AppData\Local\Temp\~DF628505120E8B572D.TMP moved successfully.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

    PendingFileRenameOperations files...
    File C:\Users\Maddogg\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    File C:\Users\Maddogg\AppData\Local\Temp\~DF628505120E8B572D.TMP not found!
    [2009/10/07 02:47:22 | 000,109,080 | ---- | M] (Logitech Inc.) C:\Windows\temp\logishrd\LVPrcInj01.dll : Unable to obtain MD5
    [2009/10/07 02:46:36 | 000,131,608 | ---- | M] (Logitech Inc.) C:\Windows\temp\logishrd\LVPrcInj02.dll : Unable to obtain MD5

    Registry entries deleted on Reboot...
     
  25. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Very well. Go on with other steps.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...