TechSpot

Redirect virus and IE running in background, please help

Inactive
By Solrock
Nov 13, 2011
  1. I recently had an odd and seemingly random closure of my Firefox browser, after restarting it and continuing my surfing it happened again but this time I got a flood of system popups and a system restore box that popped up.
    Instead of trusting anything on my screen I shutdown and restarted my computer in safemode and preformed a restore.

    Now there have been many various popups and problems I've noticed:
    (Usually I just click the X instead of choosing an option)

    * When i start my computer I get a "catalyst control center has stopped working" popup, options are search for a fix or close program. This happens every time.
    * One time booting up my computer took an unusually long time and the sounds coming from my computer were not normal.
    * Internet explorer warning to install adobe flash player. I don't use IE.
    * IE popup "are you sure you want to navigate away from this page?"
    * Windows explorer has stopped working, restart program/check for solution
    * IE has stopped working (not even open, I used firefox)
    * Once when i opened firefox I got a popup asking if i wanted to make that my default browser. I've never changed it.
    * Browsing using google is extremely slow.
    * My default firefox search providers (the search box thats in the firefox window, not its own toolbar) are all missing. Restore defaults button is grayed out.
    * And occasionally while i'm typing this or in word its as if the screen was minimized but not. my text cursor will be gone and i will have to click the text box to continue typing.
    * I'm constantly ctrl+alt+deleting to end the iexplorer.exe process which ranges from 50k memory all the way to 250k usage
    * My firefox default search providers (for the search box on my browser) have gone missing and the restore defaults button is grayed out

    These are all things I encountered a few nights ago while i was writing a term paper for school. I needed my computer so i just dealt with it all and wrote everything down instead of coming here right away.

    Here are my logs, I wasn't able to complete a GMER run, it would start and then just stop and sit there doing nothing.

    Thanks for your time and help

    ----------------Malware Bytes--------------------------------
    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8154

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    11/13/2011 2:26:19 PM
    mbam-log-2011-11-13 (14-26-19).txt

    Scan type: Quick scan
    Objects scanned: 175090
    Time elapsed: 2 minute(s), 17 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\Logan\downloads\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\Users\Logan\AppData\Local\Temp\0.0017158765803758635.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

    --------------------------------------DDS----------------------------------
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
    Run by Logan at 14:50:54 on 2011-11-13
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8183.6542 [GMT -6:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\REGSVR32.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{DA45D596-F0B5-4D91-A250-057ACE743592} : DhcpNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\lh6f0s91.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nptgeqplugin.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-11-9 44768]
    R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-6-24 91456]
    R2 UsbService;ASUS Virtual MFP Service;C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [2010-9-6 327680]
    R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y62x64.sys --> C:\Windows\system32\DRIVERS\e1y62x64.sys [?]
    R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
    R3 vuhub;Virtual Usb Hub;C:\Windows\system32\DRIVERS\vuhub.sys --> C:\Windows\system32\DRIVERS\vuhub.sys [?]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-13 366152]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112]
    S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 pnetmdm;PdaNet Modem;C:\Windows\system32\DRIVERS\pnetmdm64.sys --> C:\Windows\system32\DRIVERS\pnetmdm64.sys [?]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-11-13 20:22:43 -------- d-----w- C:\Users\Logan\AppData\Roaming\Malwarebytes
    2011-11-13 20:22:28 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-11-13 20:22:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-11-11 22:48:33 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{33213933-F691-494D-B891-EF11D754DFB9}\offreg.dll
    2011-11-11 22:48:31 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{33213933-F691-494D-B891-EF11D754DFB9}\mpengine.dll
    2011-11-09 21:04:02 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2011-11-09 21:04:02 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
    2011-11-09 21:03:53 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-11-09 21:03:39 3141120 ----a-w- C:\Windows\System32\win32k.sys
    2011-11-06 22:03:36 -------- d-----w- C:\ProgramData\Age of Empires 3
    2011-11-06 21:44:07 34304 ----a-r- C:\Program Files (x86)\Microsoft Games\Age of Empires III\SetupENU2.dll
    2011-11-06 21:37:48 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft Games
    2011-11-06 20:11:53 -------- d--h--w- C:\Users\Logan\AppData\Local\WB Games
    2011-10-15 19:34:26 -------- d--h--w- C:\Users\Logan\AppData\Roaming\mm
    .
    ==================== Find3M ====================
    .
    2011-10-22 02:24:07 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
    2011-10-15 16:08:47 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-03 17:53:20 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
    2011-10-03 17:53:16 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2011-10-03 17:53:00 51200 ----a-w- C:\Windows\System32\OpenCL.dll
    2011-10-03 17:52:56 43520 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2011-10-03 17:52:46 16652288 ----a-w- C:\Windows\System32\amdocl64.dll
    2011-10-03 17:52:34 13625856 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2011-10-03 17:43:00 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll
    2011-10-03 17:42:58 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll
    2011-10-03 16:56:42 10203648 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2011-10-03 16:24:38 24996864 ----a-w- C:\Windows\System32\atio6axx.dll
    2011-10-03 16:03:46 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
    2011-10-03 16:03:36 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2011-10-03 16:03:04 18836480 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2011-10-03 16:02:24 862720 ----a-w- C:\Windows\System32\aticfx64.dll
    2011-10-03 16:00:04 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2011-10-03 15:59:54 486912 ----a-w- C:\Windows\System32\atieclxx.exe
    2011-10-03 15:59:22 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
    2011-10-03 15:58:22 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2011-10-03 15:58:04 423424 ----a-w- C:\Windows\System32\atipdl64.dll
    2011-10-03 15:57:58 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
    2011-10-03 15:57:48 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
    2011-10-03 15:57:44 21504 ----a-w- C:\Windows\System32\atimuixx.dll
    2011-10-03 15:57:42 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2011-10-03 15:57:36 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2011-10-03 15:54:56 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2011-10-03 15:49:44 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
    2011-10-03 15:49:10 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
    2011-10-03 15:48:58 3888640 ----a-w- C:\Windows\System32\atiumd6a.dll
    2011-10-03 15:46:12 4944896 ----a-w- C:\Windows\System32\atidxx64.dll
    2011-10-03 15:39:54 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2011-10-03 15:39:50 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2011-10-03 15:39:42 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2011-10-03 15:39:40 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2011-10-03 15:39:28 8723456 ----a-w- C:\Windows\System32\aticaldd64.dll
    2011-10-03 15:39:12 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2011-10-03 15:36:02 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2011-10-03 15:35:48 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2011-10-03 15:30:02 5428736 ----a-w- C:\Windows\System32\atiumd64.dll
    2011-10-03 15:29:30 58880 ----a-w- C:\Windows\System32\coinst.dll
    2011-10-03 15:23:18 381952 ----a-w- C:\Windows\System32\atiadlxx.dll
    2011-10-03 15:23:10 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2011-10-03 15:22:58 15360 ----a-w- C:\Windows\System32\atig6pxx.dll
    2011-10-03 15:22:54 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2011-10-03 15:22:54 13312 ----a-w- C:\Windows\System32\atiglpxx.dll
    2011-10-03 15:22:52 39936 ----a-w- C:\Windows\System32\atig6txx.dll
    2011-10-03 15:22:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2011-10-03 15:22:40 310784 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2011-10-03 15:22:00 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
    2011-10-03 15:21:54 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2011-10-03 15:21:48 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
    2011-10-03 15:21:42 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2011-10-03 15:21:28 54784 ----a-w- C:\Windows\System32\atimpc64.dll
    2011-10-03 15:21:28 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
    2011-10-03 15:21:22 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2011-10-03 15:21:22 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2011-10-03 15:21:10 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-09-06 21:45:29 41184 ----a-w- C:\Windows\avastSS.scr
    2011-09-06 21:38:18 601944 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2011-09-06 21:36:30 65368 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2011-09-04 00:10:22 499712 ----a-w- C:\Windows\System32\MSVCP71.DLL
    2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
    2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
    2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
    2011-08-20 05:45:20 1197568 ----a-w- C:\Windows\System32\wininet.dll
    2011-08-20 05:41:16 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2011-08-20 04:38:10 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-08-20 04:35:20 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2011-08-20 04:20:23 482816 ----a-w- C:\Windows\System32\html.iec
    2011-08-20 03:26:38 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2011-08-17 05:32:24 613888 ----a-w- C:\Windows\System32\psisdecd.dll
    2011-08-17 05:27:46 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
    2011-08-17 05:27:46 288256 ----a-w- C:\Windows\System32\MSNP.ax
    2011-08-17 05:27:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax
    2011-08-17 05:27:46 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
    2011-08-17 04:26:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
    2011-08-17 04:22:23 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
    2011-08-17 04:22:23 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
    2011-08-17 04:22:23 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
    2011-08-17 04:22:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
    .
    ============= FINISH: 14:58:48.80 ===============

    :::::ATTACH:::::::::
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/29/2010 12:11:59 AM
    System Uptime: 11/13/2011 2:37:07 PM (0 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | Rampage III GENE
    Processor: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz | LGA1366 | 2801/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 596 GiB total, 209.508 GiB free.
    D: is CDROM (CDFS)
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    PNP Device ID: ROOT\NET\0000
    Service: vpnva
    .
    ==== System Restore Points ===================
    .
    RP263: 11/10/2011 3:59:56 PM - Removed Need for Speed™ SHIFT
    RP264: 11/10/2011 4:02:54 PM - Removed System Requirements Lab
    RP265: 11/10/2011 4:03:05 PM - RESIDENT EVIL 5 ‚ð휂µ‚Ü‚µ‚½B
    RP266: 11/10/2011 4:08:09 PM - Removed Rockstar Games Social Club
    RP267: 11/10/2011 4:11:48 PM - Removed Crysis® 2
    RP268: 11/11/2011 4:47:32 PM - Windows Update
    RP269: 11/12/2011 2:13:03 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 11 Plugin
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Reader 9.3.3
    Age of Empires III
    Age of Empires III - The WarChiefs
    Apple Application Support
    Apple Software Update
    ASUS Wireless Router WL-520GU Utilities
    avast! Free Antivirus
    Brad Smith Easy SFV Creator
    Canon My Printer
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Cisco AnyConnect VPN Client
    Counter-Strike: Condition Zero
    Counter-Strike: Source
    Curse Client
    Day of Defeat: Source
    Diablo II
    Driver Sweeper version 2.7.5
    eReg
    Heroes of Newerth
    Hitman 2: Silent Assassin
    Hitman: Codename 47
    HydraVision
    Java Auto Updater
    Java(TM) 6 Update 26
    Left 4 Dead 2
    Magic: The Gathering - Duels of the Planeswalkers
    Malwarebytes' Anti-Malware version 1.51.2.1300
    marvell 91xx driver
    Mass Effect
    Memoir '44 Online
    MergeModules
    Microsoft .NET Framework 1.1
    Microsoft Default Manager
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft XNA Framework Redistributable 3.1
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    mIRC
    MotoConnect 1.1.31
    Mozilla Firefox (3.6.24)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nation Red
    NEC Electronics USB 3.0 Host Controller Driver
    Network Addon Mod Version 30 with Essentials r132
    Nexon Game Manager
    NVIDIA PhysX
    Pando Media Booster
    PDF Settings CS5
    Platform
    Portal
    QuickTime
    SC4Mapper
    Shattered Galaxy
    SimCity 4 Deluxe
    Skype Toolbars
    Skype™ 5.3
    StarCraft II
    Steam
    Team Fortress 2
    Ubisoft Game Launcher
    VIA Platform Device Manager
    Windows Media Player Firefox Plugin
    World of Logs Client
    World of Logs Client (4.2)
    World of Warcraft
    Worms Reloaded
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/9/2011 2:57:05 PM, Error: Service Control Manager [7022] - The avast! Antivirus service hung on starting.
    11/9/2011 2:34:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    11/9/2011 2:33:59 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    11/9/2011 2:33:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    11/9/2011 2:33:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    11/9/2011 2:33:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    11/9/2011 2:33:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    11/9/2011 2:33:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/9/2011 2:33:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    11/9/2011 2:33:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf
    11/9/2011 2:33:41 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/9/2011 2:33:41 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    11/9/2011 2:33:41 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    11/9/2011 2:33:41 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    11/9/2011 2:33:41 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    11/9/2011 2:33:41 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    11/9/2011 2:33:41 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/9/2011 2:33:41 PM, Error: Service Control Manager [7001] - The MotoConnect Service service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
    11/9/2011 2:33:41 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/9/2011 2:33:41 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/9/2011 2:33:41 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    11/9/2011 2:32:37 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    11/9/2011 11:49:31 AM, Error: NetBT [4300] - The driver could not be created.
    11/9/2011 10:19:17 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 7 time(s).
    11/9/2011 10:16:03 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 6 time(s).
    11/9/2011 10:14:17 PM, Error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 3 time(s).
    11/9/2011 10:14:17 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 5 time(s).
    11/9/2011 10:12:09 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 4 time(s).
    11/9/2011 10:11:48 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.
    11/9/2011 10:11:05 PM, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 3 time(s).
    11/9/2011 10:11:05 PM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 3 time(s).
    11/9/2011 10:11:05 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 2 time(s).
    11/9/2011 10:11:05 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/9/2011 10:10:27 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    11/9/2011 10:10:27 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    11/9/2011 10:09:48 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/9/2011 10:09:48 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    11/9/2011 10:09:48 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/9/2011 10:09:48 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/6/2011 7:47:21 PM, Error: Disk [15] - The device, \Device\Harddisk1\DR1, is not ready for access yet.
    11/13/2011 2:39:44 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
    11/13/2011 2:39:44 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
    11/13/2011 2:27:59 PM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    11/10/2011 3:31:38 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    11/10/2011 1:58:15 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 47,078   +257

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================================================

    I still need GMER log.
     
  3. Solrock

    Solrock TS Rookie Topic Starter Posts: 55

    Sorry about that.

    Here you go:


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-13 18:19:33
    Windows 6.1.7600
    Running: b82hs1zq.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x59 0x65 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCE 0x1C 0xB4 0xBF ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x94 0x49 0xEA 0xBA ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC0 0x7F 0x30 0x10 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x59 0x65 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCE 0x1C 0xB4 0xBF ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x94 0x49 0xEA 0xBA ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC0 0x7F 0x30 0x10 ...

    ---- EOF - GMER 1.0.15 ----
     
  4. Broni

    Broni Malware Annihilator Posts: 47,078   +257

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. Solrock

    Solrock TS Rookie Topic Starter Posts: 55

    OK i ran the first one fine, when trying to run the combofix it took quite a long time and when it rebooted my computer the cmd box that was making the report took so long that i eventually just closed it, went into the c:\combofix\ folder and found the combofix.txt file. When my computer was rebooted i got an error popup from malwarebytes and I wasn't sure if that made it stall or anything.

    Well, here are the reports.

    Thanks.

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-13 19:22:38
    -----------------------------
    19:22:38.080 OS Version: Windows x64 6.1.7600
    19:22:38.080 Number of processors: 8 586 0x1A05
    19:22:38.080 ComputerName: X UserName:
    19:22:39.203 Initialize success
    19:22:39.281 AVAST engine defs: 11111302
    19:23:02.088 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\mv91xx1Port4Path0Target0Lun0
    19:23:02.088 Disk 0 Vendor: WDC_WD64 05.0 Size: 610480MB BusType: 11
    19:23:02.088 Device \Driver\mv91xx -> DriverStartIo SCSIPORT.SYS fffff88001004bc0
    19:23:02.104 Device \Driver\mv91xx -> MajorFunction fffffa8007a6a2c0
    19:23:04.116 Disk 0 MBR read successfully
    19:23:04.116 Disk 0 MBR scan
    19:23:04.116 Disk 0 Windows 7 default MBR code
    19:23:04.116 Service scanning
    19:23:04.818 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
    19:23:05.411 Modules scanning
    19:23:05.411 Disk 0 trace - called modules:
    19:23:05.427 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80085e1334]<<
    19:23:05.427 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80085cf060]
    19:23:05.442 3 CLASSPNP.SYS[fffff88001abe43f] -> nt!IofCallDriver -> \Device\Scsi\mv91xx1Port4Path0Target0Lun0[0xfffffa8007bbf050]
    19:23:05.442 \Driver\mv91xx[0xfffffa8007b8fc70] -> IRP_MJ_CREATE -> 0xfffffa8007a6a2c0
    19:23:06.347 AVAST engine scan C:\Windows
    19:23:08.484 AVAST engine scan C:\Windows\system32
    19:23:47.047 AVAST engine scan C:\Windows\system32\drivers
    19:23:51.883 AVAST engine scan C:\Users\Logan
    19:27:21.220 AVAST engine scan C:\ProgramData
    19:30:32.913 Scan finished successfully
    19:30:54.963 Disk 0 MBR has been saved successfully to "C:\Users\Logan\Desktop\MBR.dat"
    19:30:54.963 The log file has been saved successfully to "C:\Users\Logan\Desktop\aswMBR.txt"


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ComboFix 11-11-13.03 - Logan 11/13/2011 19:48:44.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8183.5857 [GMT -6:00]
    Running from: C:\Users\Logan\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\ProgramData\ntuser.dat
    C:\Users\Logan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
    C:\Users\Logan\AppData\Roaming\mm
    C:\Users\Logan\AppData\Roaming\mm\cache\.cache
    C:\Users\Logan\AppData\Roaming\mm\cache\ImageLoader\0D51E9900D2C17AA30F9D5B537BA8FCE
    C:\Users\Logan\AppData\Roaming\mm\cache\ImageLoader\89D82F1F26CBF40996D256DEABE8101F
    C:\Users\Logan\AppData\Roaming\mm\cache\ImageLoader\F722CF962F4FCDC6D9D98B6BDE3E35D8


    ((((((((((((((((((((((((( Files Created from 2011-10-14 to 2011-11-14 )))))))))))))))))))))))))))))))


    2011-11-14 02:17:43 . 2011-11-14 02:17:43 -------- d-----w- C:\Users\Default\AppData\Local\temp
    2011-11-14 00:23:05 . 2011-11-14 02:22:45 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{33213933-F691-494D-B891-EF11D754DFB9}\offreg.dll
    2011-11-13 20:22:43 . 2011-11-13 20:22:43 -------- d-----w- C:\Users\Logan\AppData\Roaming\Malwarebytes
    2011-11-13 20:22:28 . 2011-11-13 20:22:28 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-11-13 20:22:24 . 2011-11-13 20:22:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-11-11 22:48:31 . 2011-10-18 07:27:56 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{33213933-F691-494D-B891-EF11D754DFB9}\mpengine.dll
    2011-11-09 21:04:02 . 2011-10-01 05:28:19 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2011-11-09 21:04:02 . 2011-10-01 04:43:24 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
    2011-11-09 21:03:53 . 2011-09-29 16:24:44 1897328 ----a-w- C:\Windows\system32\drivers\tcpip.sys
    2011-11-09 21:03:39 . 2011-09-29 04:09:30 3141120 ----a-w- C:\Windows\system32\win32k.sys
    2011-11-06 22:03:36 . 2011-11-06 22:03:36 -------- d-----w- C:\ProgramData\Age of Empires 3
    2011-11-06 21:44:07 . 2006-08-30 22:03:24 34304 ----a-r- C:\Program Files (x86)\Microsoft Games\Age of Empires III\SetupENU2.dll
    2011-11-06 21:37:48 . 2011-11-09 20:40:09 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft Games
    2011-11-06 20:11:53 . 2011-11-06 20:11:53 -------- d--h--w- C:\Users\Logan\AppData\Local\WB Games
    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2011-10-22 02:24:07 . 2010-11-15 07:51:28 18960 ----a-w- C:\Windows\system32\drivers\LNonPnP.sys
    2011-10-15 16:08:47 . 2011-05-18 19:14:13 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-03 17:53:20 . 2011-10-03 17:53:20 60416 ----a-w- C:\Windows\system32\OVDecode64.dll
    2011-10-03 17:53:16 . 2011-10-03 17:53:16 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2011-10-03 17:53:00 . 2011-10-03 17:53:00 51200 ----a-w- C:\Windows\system32\OpenCL.dll
    2011-10-03 17:52:56 . 2011-10-03 17:52:56 43520 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2011-10-03 17:52:46 . 2011-10-03 17:52:46 16652288 ----a-w- C:\Windows\system32\amdocl64.dll
    2011-10-03 17:52:34 . 2011-10-03 17:52:34 13625856 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2011-10-03 17:43:00 . 2011-10-03 17:43:00 44032 ----a-w- C:\Windows\system32\amdoclcl64.dll
    2011-10-03 17:42:58 . 2011-10-03 17:42:58 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll
    2011-10-03 16:56:42 . 2011-10-03 16:56:42 10203648 ----a-w- C:\Windows\system32\drivers\atikmdag.sys
    2011-10-03 16:24:38 . 2011-10-03 16:24:38 24996864 ----a-w- C:\Windows\system32\atio6axx.dll
    2011-10-03 16:03:46 . 2011-10-03 16:03:46 151552 ----a-w- C:\Windows\system32\atiapfxx.exe
    2011-10-03 16:03:36 . 2011-10-03 16:03:36 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2011-10-03 16:03:04 . 2011-10-03 16:03:04 18836480 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2011-10-03 16:02:24 . 2011-10-03 16:02:24 862720 ----a-w- C:\Windows\system32\aticfx64.dll
    2011-10-03 16:00:04 . 2011-10-03 16:00:04 466944 ----a-w- C:\Windows\system32\ATIDEMGX.dll
    2011-10-03 15:59:54 . 2011-10-03 15:59:54 486912 ----a-w- C:\Windows\system32\atieclxx.exe
    2011-10-03 15:59:22 . 2011-10-03 15:59:22 204288 ----a-w- C:\Windows\system32\atiesrxx.exe
    2011-10-03 15:58:22 . 2011-10-03 15:58:22 120320 ----a-w- C:\Windows\system32\atitmm64.dll
    2011-10-03 15:58:04 . 2011-10-03 15:58:04 423424 ----a-w- C:\Windows\system32\atipdl64.dll
    2011-10-03 15:57:58 . 2011-10-03 15:57:58 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
    2011-10-03 15:57:48 . 2011-10-03 15:57:48 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
    2011-10-03 15:57:44 . 2011-10-03 15:57:44 21504 ----a-w- C:\Windows\system32\atimuixx.dll
    2011-10-03 15:57:42 . 2011-10-03 15:57:42 59392 ----a-w- C:\Windows\system32\atiedu64.dll
    2011-10-03 15:57:36 . 2011-10-03 15:57:36 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2011-10-03 15:54:56 . 2011-10-03 15:54:56 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2011-10-03 15:49:44 . 2011-10-03 15:49:44 1113088 ----a-w- C:\Windows\system32\atiumd6v.dll
    2011-10-03 15:49:10 . 2011-10-03 15:49:10 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
    2011-10-03 15:48:58 . 2011-10-03 15:48:58 3888640 ----a-w- C:\Windows\system32\atiumd6a.dll
    2011-10-03 15:46:12 . 2011-10-03 15:46:12 4944896 ----a-w- C:\Windows\system32\atidxx64.dll
    2011-10-03 15:39:54 . 2011-10-03 15:39:54 51200 ----a-w- C:\Windows\system32\aticalrt64.dll
    2011-10-03 15:39:50 . 2011-10-03 15:39:50 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2011-10-03 15:39:42 . 2011-10-03 15:39:42 44544 ----a-w- C:\Windows\system32\aticalcl64.dll
    2011-10-03 15:39:40 . 2011-10-03 15:39:40 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2011-10-03 15:39:28 . 2011-10-03 15:39:28 8723456 ----a-w- C:\Windows\system32\aticaldd64.dll
    2011-10-03 15:39:12 . 2011-10-03 15:39:12 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2011-10-03 15:36:02 . 2011-10-03 15:36:02 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2011-10-03 15:35:48 . 2011-10-03 15:35:48 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2011-10-03 15:30:02 . 2011-10-03 15:30:02 5428736 ----a-w- C:\Windows\system32\atiumd64.dll
    2011-10-03 15:29:30 . 2011-10-03 15:29:30 58880 ----a-w- C:\Windows\system32\coinst.dll
    2011-10-03 15:23:18 . 2011-10-03 15:23:18 381952 ----a-w- C:\Windows\system32\atiadlxx.dll
    2011-10-03 15:23:10 . 2011-10-03 15:23:10 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2011-10-03 15:22:58 . 2011-10-03 15:22:58 15360 ----a-w- C:\Windows\system32\atig6pxx.dll
    2011-10-03 15:22:54 . 2011-10-03 15:22:54 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2011-10-03 15:22:54 . 2011-10-03 15:22:54 13312 ----a-w- C:\Windows\system32\atiglpxx.dll
    2011-10-03 15:22:52 . 2011-10-03 15:22:52 39936 ----a-w- C:\Windows\system32\atig6txx.dll
    2011-10-03 15:22:46 . 2011-10-03 15:22:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2011-10-03 15:22:40 . 2011-10-03 15:22:40 310784 ----a-w- C:\Windows\system32\drivers\atikmpag.sys
    2011-10-03 15:22:00 . 2011-10-03 15:22:00 40960 ----a-w- C:\Windows\system32\atiuxp64.dll
    2011-10-03 15:21:54 . 2011-10-03 15:21:54 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2011-10-03 15:21:48 . 2011-10-03 15:21:48 38912 ----a-w- C:\Windows\system32\atiu9p64.dll
    2011-10-03 15:21:42 . 2011-10-03 15:21:42 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2011-10-03 15:21:28 . 2011-10-03 15:21:28 54784 ----a-w- C:\Windows\system32\atimpc64.dll
    2011-10-03 15:21:28 . 2011-10-03 15:21:28 54784 ----a-w- C:\Windows\system32\amdpcom64.dll
    2011-10-03 15:21:22 . 2011-10-03 15:21:22 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2011-10-03 15:21:22 . 2011-10-03 15:21:22 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2011-10-03 15:21:10 . 2011-10-03 15:21:10 53248 ----a-w- C:\Windows\system32\drivers\ati2erec.dll
    2011-10-01 03:21:20 . 2011-10-13 19:49:05 1638912 ----a-w- C:\Windows\system32\mshtml.tlb
    2011-10-01 02:59:14 . 2011-10-13 19:49:05 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-09-06 21:45:29 . 2010-07-29 06:09:32 41184 ----a-w- C:\Windows\avastSS.scr
    2011-09-06 21:45:29 . 2010-07-29 06:09:32 199304 ----a-w- C:\Windows\SysWow64\aswBoot.exe
    2011-09-06 21:45:17 . 2011-04-11 21:35:47 254400 ----a-w- C:\Windows\system32\aswBoot.exe
    2011-09-06 21:38:18 . 2011-04-11 21:35:47 601944 ----a-w- C:\Windows\system32\drivers\aswSnx.sys
    2011-09-06 21:38:16 . 2010-07-29 06:10:03 301912 ----a-w- C:\Windows\system32\drivers\aswSP.sys
    2011-09-06 21:36:41 . 2010-07-29 06:10:03 42328 ----a-w- C:\Windows\system32\drivers\aswRdr.sys
    2011-09-06 21:36:41 . 2010-07-29 06:10:02 58200 ----a-w- C:\Windows\system32\drivers\aswTdi.sys
    2011-09-06 21:36:30 . 2010-07-29 06:10:00 65368 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys
    2011-09-06 21:36:14 . 2010-07-29 06:10:04 24408 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys
    2011-09-04 00:10:22 . 2003-03-19 08:14:52 499712 ----a-w- C:\Windows\system32\MSVCP71.DLL
    2011-08-27 05:40:28 . 2011-10-13 19:48:59 331776 ----a-w- C:\Windows\system32\oleacc.dll
    2011-08-27 05:40:28 . 2011-10-13 19:48:58 861184 ----a-w- C:\Windows\system32\oleaut32.dll
    2011-08-27 04:43:07 . 2011-10-13 19:48:59 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2011-08-27 04:43:06 . 2011-10-13 19:48:58 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
    2011-08-20 05:45:20 . 2011-10-13 19:49:18 1197568 ----a-w- C:\Windows\system32\wininet.dll
    2011-08-20 05:41:16 . 2011-10-13 19:49:06 57856 ----a-w- C:\Windows\system32\licmgr10.dll
    2011-08-20 04:38:10 . 2011-10-13 19:49:07 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-08-20 04:35:20 . 2011-10-13 19:49:06 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2011-08-20 04:20:23 . 2011-10-13 19:49:05 482816 ----a-w- C:\Windows\system32\html.iec
    2011-08-20 03:26:38 . 2011-10-13 19:49:05 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2011-08-17 05:32:24 . 2011-10-13 19:49:01 613888 ----a-w- C:\Windows\system32\psisdecd.dll
    2011-08-17 05:27:46 . 2011-10-13 19:49:01 288256 ----a-w- C:\Windows\system32\MSNP.ax
    2011-08-17 05:27:46 . 2011-10-13 19:49:01 108032 ----a-w- C:\Windows\system32\psisrndr.ax
    2011-08-17 05:27:46 . 2011-10-13 19:49:00 75776 ----a-w- C:\Windows\system32\MSDvbNP.ax
    2011-08-17 05:27:46 . 2011-10-13 19:49:00 104960 ----a-w- C:\Windows\system32\Mpeg2Data.ax
    2011-08-17 04:26:02 . 2011-10-13 19:49:01 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
    2011-08-17 04:22:23 . 2011-10-13 19:49:01 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
    2011-08-17 04:22:23 . 2011-10-13 19:49:00 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
    2011-08-17 04:22:23 . 2011-10-13 19:49:00 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
    2011-08-17 04:22:23 . 2011-10-13 19:49:00 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HDAudDeck"="C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-05-14 03:39:30 2426368]
    "NUSB3MON"="C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 17:29:40 106496]
    "Microsoft Default Manager"="C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 16:12:14 288080]
    "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 02:04:47 35760]
    "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 08:06:38 976832]
    "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2010-11-29 23:38:18 421888]
    "SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 19:37:14 517096]
    "AdobeCS5ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 10:57:06 406992]
    "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 17:59:52 254696]
    "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-03 17:57:18 343168]
    "avast"="C:\Program Files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 21:45:30 3722416]
    "Malwarebytes' Anti-Malware"="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 23:00:48 449608]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 23:00:48 366152]
    R3 EagleX64;EagleX64;C:\Windows\system32\drivers\EagleX64.sys [x]
    R3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 23:13:58 51445112]
    R3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys [x]
    R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 01:20:56 174440]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 01:34:24 4925184]
    R3 pnetmdm;PdaNet Modem;C:\Windows\system32\DRIVERS\pnetmdm64.sys [x]
    R3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [x]
    R3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 19:37:14 517096]
    R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
    S0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys [x]
    S0 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [x]
    S2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 19:34:52 91456]
    S2 UsbService;ASUS Virtual MFP Service;C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [2008-07-21 07:00:58 327680]
    S2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 22:32:30 497856]
    S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys [x]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y62x64.sys [x]
    S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys [x]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys [x]
    S3 vuhub;Virtual Usb Hub;C:\Windows\system32\DRIVERS\vuhub.sys [x]



    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-09-06 21:45:17 134384 ----a-w- C:\Program Files\Alwil Software\Avast5\ashShA64.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 22:17:52 112512]
    "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 15:50:00 2726728]
    "EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 00:10:54 1609296]
    "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 09:44:40 500208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
     
  6. Broni

    Broni Malware Annihilator Posts: 47,078   +257

    Yeah, that Combofix log is incomplete.
    Please re-run it.
    It should run fine this time.
     
  7. Solrock

    Solrock TS Rookie Topic Starter Posts: 55

    Ok, yeah it ran alright. Still took a really long time, about 45 minutes total.
    and when my computer rebooted i got the same maleware bytes error:
    Maleware Bytes Anti-malware
    "[OpenEvent] Failed to preform desired action. Error code:2"

    Here's the log:

    ComboFix 11-11-13.03 - Logan 11/13/2011 22:30:46.2.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8183.6255 [GMT -6:00]
    Running from: c:\users\Logan\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\programdata\ntuser.dat
    c:\users\Logan\AppData\Roaming\mm\cache\.cache
    c:\users\Logan\AppData\Roaming\mm\cache\ImageLoader\0D51E9900D2C17AA30F9D5B537BA8FCE
    c:\users\Logan\AppData\Roaming\mm\cache\ImageLoader\89D82F1F26CBF40996D256DEABE8101F
    c:\users\Logan\AppData\Roaming\mm\cache\ImageLoader\F722CF962F4FCDC6D9D98B6BDE3E35D8
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-14 to 2011-11-14 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-14 04:58 . 2011-11-14 04:58 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-11-14 00:23 . 2011-11-14 05:03 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{33213933-F691-494D-B891-EF11D754DFB9}\offreg.dll
    2011-11-13 20:22 . 2011-11-13 20:22 -------- d-----w- c:\users\Logan\AppData\Roaming\Malwarebytes
    2011-11-13 20:22 . 2011-11-13 20:22 -------- d-----w- c:\programdata\Malwarebytes
    2011-11-13 20:22 . 2011-11-13 20:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-11-11 22:48 . 2011-10-18 07:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{33213933-F691-494D-B891-EF11D754DFB9}\mpengine.dll
    2011-11-09 21:04 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
    2011-11-09 21:04 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
    2011-11-09 21:03 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 21:03 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
    2011-11-06 22:03 . 2011-11-06 22:03 -------- d-----w- c:\programdata\Age of Empires 3
    2011-11-06 21:44 . 2006-08-30 22:03 34304 ----a-r- c:\program files (x86)\Microsoft Games\Age of Empires III\SetupENU2.dll
    2011-11-06 21:37 . 2011-11-09 20:40 -------- d-----w- c:\program files (x86)\Common Files\Microsoft Games
    2011-11-06 20:11 . 2011-11-06 20:11 -------- d--h--w- c:\users\Logan\AppData\Local\WB Games
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-22 02:24 . 2010-11-15 07:51 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2011-10-15 16:08 . 2011-05-18 19:14 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-03 17:53 . 2011-10-03 17:53 60416 ----a-w- c:\windows\system32\OVDecode64.dll
    2011-10-03 17:53 . 2011-10-03 17:53 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2011-10-03 17:53 . 2011-10-03 17:53 51200 ----a-w- c:\windows\system32\OpenCL.dll
    2011-10-03 17:52 . 2011-10-03 17:52 43520 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2011-10-03 17:52 . 2011-10-03 17:52 16652288 ----a-w- c:\windows\system32\amdocl64.dll
    2011-10-03 17:52 . 2011-10-03 17:52 13625856 ----a-w- c:\windows\SysWow64\amdocl.dll
    2011-10-03 17:43 . 2011-10-03 17:43 44032 ----a-w- c:\windows\system32\amdoclcl64.dll
    2011-10-03 17:42 . 2011-10-03 17:42 37376 ----a-w- c:\windows\SysWow64\amdoclcl.dll
    2011-10-03 16:56 . 2011-10-03 16:56 10203648 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2011-10-03 16:24 . 2011-10-03 16:24 24996864 ----a-w- c:\windows\system32\atio6axx.dll
    2011-10-03 16:03 . 2011-10-03 16:03 151552 ----a-w- c:\windows\system32\atiapfxx.exe
    2011-10-03 16:03 . 2011-10-03 16:03 732672 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2011-10-03 16:03 . 2011-10-03 16:03 18836480 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2011-10-03 16:02 . 2011-10-03 16:02 862720 ----a-w- c:\windows\system32\aticfx64.dll
    2011-10-03 16:00 . 2011-10-03 16:00 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2011-10-03 15:59 . 2011-10-03 15:59 486912 ----a-w- c:\windows\system32\atieclxx.exe
    2011-10-03 15:59 . 2011-10-03 15:59 204288 ----a-w- c:\windows\system32\atiesrxx.exe
    2011-10-03 15:58 . 2011-10-03 15:58 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2011-10-03 15:58 . 2011-10-03 15:58 423424 ----a-w- c:\windows\system32\atipdl64.dll
    2011-10-03 15:57 . 2011-10-03 15:57 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
    2011-10-03 15:57 . 2011-10-03 15:57 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
    2011-10-03 15:57 . 2011-10-03 15:57 21504 ----a-w- c:\windows\system32\atimuixx.dll
    2011-10-03 15:57 . 2011-10-03 15:57 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2011-10-03 15:57 . 2011-10-03 15:57 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2011-10-03 15:54 . 2011-10-03 15:54 4204032 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2011-10-03 15:49 . 2011-10-03 15:49 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
    2011-10-03 15:49 . 2011-10-03 15:49 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
    2011-10-03 15:48 . 2011-10-03 15:48 3888640 ----a-w- c:\windows\system32\atiumd6a.dll
    2011-10-03 15:46 . 2011-10-03 15:46 4944896 ----a-w- c:\windows\system32\atidxx64.dll
    2011-10-03 15:39 . 2011-10-03 15:39 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2011-10-03 15:39 . 2011-10-03 15:39 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2011-10-03 15:39 . 2011-10-03 15:39 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2011-10-03 15:39 . 2011-10-03 15:39 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2011-10-03 15:39 . 2011-10-03 15:39 8723456 ----a-w- c:\windows\system32\aticaldd64.dll
    2011-10-03 15:39 . 2011-10-03 15:39 4064768 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2011-10-03 15:36 . 2011-10-03 15:36 7331840 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2011-10-03 15:35 . 2011-10-03 15:35 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2011-10-03 15:30 . 2011-10-03 15:30 5428736 ----a-w- c:\windows\system32\atiumd64.dll
    2011-10-03 15:29 . 2011-10-03 15:29 58880 ----a-w- c:\windows\system32\coinst.dll
    2011-10-03 15:23 . 2011-10-03 15:23 381952 ----a-w- c:\windows\system32\atiadlxx.dll
    2011-10-03 15:23 . 2011-10-03 15:23 270336 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2011-10-03 15:22 . 2011-10-03 15:22 15360 ----a-w- c:\windows\system32\atig6pxx.dll
    2011-10-03 15:22 . 2011-10-03 15:22 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2011-10-03 15:22 . 2011-10-03 15:22 13312 ----a-w- c:\windows\system32\atiglpxx.dll
    2011-10-03 15:22 . 2011-10-03 15:22 39936 ----a-w- c:\windows\system32\atig6txx.dll
    2011-10-03 15:22 . 2011-10-03 15:22 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2011-10-03 15:22 . 2011-10-03 15:22 310784 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2011-10-03 15:22 . 2011-10-03 15:22 40960 ----a-w- c:\windows\system32\atiuxp64.dll
    2011-10-03 15:21 . 2011-10-03 15:21 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2011-10-03 15:21 . 2011-10-03 15:21 38912 ----a-w- c:\windows\system32\atiu9p64.dll
    2011-10-03 15:21 . 2011-10-03 15:21 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2011-10-03 15:21 . 2011-10-03 15:21 54784 ----a-w- c:\windows\system32\atimpc64.dll
    2011-10-03 15:21 . 2011-10-03 15:21 54784 ----a-w- c:\windows\system32\amdpcom64.dll
    2011-10-03 15:21 . 2011-10-03 15:21 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2011-10-03 15:21 . 2011-10-03 15:21 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2011-10-03 15:21 . 2011-10-03 15:21 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2011-10-01 03:21 . 2011-10-13 19:49 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-10-01 02:59 . 2011-10-13 19:49 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-09-06 21:45 . 2010-07-29 06:09 41184 ----a-w- c:\windows\avastSS.scr
    2011-09-06 21:45 . 2010-07-29 06:09 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2011-09-06 21:45 . 2011-04-11 21:35 254400 ----a-w- c:\windows\system32\aswBoot.exe
    2011-09-06 21:38 . 2011-04-11 21:35 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-09-06 21:38 . 2010-07-29 06:10 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-09-06 21:36 . 2010-07-29 06:10 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-09-06 21:36 . 2010-07-29 06:10 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-09-06 21:36 . 2010-07-29 06:10 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-09-06 21:36 . 2010-07-29 06:10 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-09-04 00:10 . 2003-03-19 08:14 499712 ----a-w- c:\windows\system32\MSVCP71.DLL
    2011-08-27 05:40 . 2011-10-13 19:48 331776 ----a-w- c:\windows\system32\oleacc.dll
    2011-08-27 05:40 . 2011-10-13 19:48 861184 ----a-w- c:\windows\system32\oleaut32.dll
    2011-08-27 04:43 . 2011-10-13 19:48 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2011-08-27 04:43 . 2011-10-13 19:48 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
    2011-08-20 05:45 . 2011-10-13 19:49 1197568 ----a-w- c:\windows\system32\wininet.dll
    2011-08-20 05:41 . 2011-10-13 19:49 57856 ----a-w- c:\windows\system32\licmgr10.dll
    2011-08-20 04:38 . 2011-10-13 19:49 981504 ----a-w- c:\windows\SysWow64\wininet.dll
    2011-08-20 04:35 . 2011-10-13 19:49 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2011-08-20 04:20 . 2011-10-13 19:49 482816 ----a-w- c:\windows\system32\html.iec
    2011-08-20 03:26 . 2011-10-13 19:49 386048 ----a-w- c:\windows\SysWow64\html.iec
    2011-08-17 05:32 . 2011-10-13 19:49 613888 ----a-w- c:\windows\system32\psisdecd.dll
    2011-08-17 05:27 . 2011-10-13 19:49 288256 ----a-w- c:\windows\system32\MSNP.ax
    2011-08-17 05:27 . 2011-10-13 19:49 108032 ----a-w- c:\windows\system32\psisrndr.ax
    2011-08-17 05:27 . 2011-10-13 19:49 75776 ----a-w- c:\windows\system32\MSDvbNP.ax
    2011-08-17 05:27 . 2011-10-13 19:49 104960 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2011-08-17 04:26 . 2011-10-13 19:49 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
    2011-08-17 04:22 . 2011-10-13 19:49 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
    2011-08-17 04:22 . 2011-10-13 19:49 72704 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
    2011-08-17 04:22 . 2011-10-13 19:49 59904 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
    2011-08-17 04:22 . 2011-10-13 19:49 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-11-14_02.22.02 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 04:54 . 2011-11-14 02:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2011-11-14 05:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2011-11-14 05:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-11-14 02:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-11-14 02:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-11-14 05:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-07-29 05:43 . 2011-11-14 05:02 38936 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-11-14 05:02 30480 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    - 2009-07-14 05:10 . 2011-11-14 02:22 30480 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    - 2010-07-29 05:15 . 2011-11-14 02:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-07-29 05:15 . 2011-11-14 05:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-07-29 05:15 . 2011-11-14 05:00 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2010-07-29 05:15 . 2011-11-14 02:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-07-29 05:15 . 2011-11-14 05:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-07-29 05:15 . 2011-11-14 02:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-11-14 02:20 . 2011-11-14 02:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-11-14 05:00 . 2011-11-14 05:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-11-14 02:20 . 2011-11-14 02:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-11-14 05:00 . 2011-11-14 05:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-07-14 02:36 . 2011-11-14 00:27 623890 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2011-11-14 02:27 623890 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2011-11-14 00:27 107522 c:\windows\system32\perfc009.dat
    + 2009-07-14 02:36 . 2011-11-14 02:27 107522 c:\windows\system32\perfc009.dat
    + 2009-07-14 02:34 . 2011-11-14 02:33 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
    - 2009-07-14 02:34 . 2011-11-13 18:16 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-05-14 2426368]
    "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-03 343168]
    "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112]
    R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [x]
    R3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456]
    S2 UsbService;ASUS Virtual MFP Service;c:\program files (x86)\ASUS\Printer Utilities\UsbService64.exe [2008-07-21 327680]
    S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]
    S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
    S3 vuhub;Virtual Usb Hub;c:\windows\system32\DRIVERS\vuhub.sys [x]
    .
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-09-06 21:45 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 112512]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1609296]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\lh6f0s91.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-World of Logs Client - c:\windows\system32\javaws.exe
    AddRemove-World of Logs Client (4.2) - c:\windows\system32\javaws.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3619874440-108817763-147304035-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    "??"=hex:a5,75,5b,5a,a5,56,35,a3,dc,c6,bf,73,f8,36,2d,ba,41,51,ab,39,83,6c,0c,
    86,d6,fe,b1,f8,85,1c,27,07,28,d2,98,10,ca,1f,e0,40,26,b5,8b,f5,1a,fc,d4,4e,\
    "??"=hex:67,15,c8,29,8a,0a,10,1a,98,7a,31,a6,67,f4,4d,f8
    .
    [HKEY_USERS\S-1-5-21-3619874440-108817763-147304035-1001\Software\SecuROM\License information*]
    "datasecu"=hex:0e,b7,66,38,00,b8,ed,86,cb,66,a2,d6,2f,a2,78,ad,46,40,c9,5a,99,
    30,e0,c3,64,26,57,60,16,ec,86,3c,b7,61,7a,b3,96,fe,1f,c9,eb,49,65,d2,98,a4,\
    "rkeysecu"=hex:69,f6,b3,00,7a,1a,83,1d,c3,a1,02,9f,7b,fb,b4,8d
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\program files (x86)\Motorola\MotoConnectService\MotoConnect.exe
    .
    **************************************************************************
    .
    Completion time: 2011-11-13 23:25:33 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-14 05:25
    .
    Pre-Run: 224,646,189,056 bytes free
    Post-Run: 225,346,621,440 bytes free
    .
    - - End Of File - - A6BDBF34A3CA381C8146C0524A4932BC
     
  8. Broni

    Broni Malware Annihilator Posts: 47,078   +257

    Very well.

    How are the issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  9. Solrock

    Solrock TS Rookie Topic Starter Posts: 55

    I still have redirect and popups. My catalyst control center error when i boot up, the maleware bytes error. I keep getting 'explorer.exe has crashed' or something along those lines and on closure my screen blinks and a 'ba-dum' sound plays. and iexplorer.exe process is still taking up memory and causing the error popups associated with that.

    Here are the logs:

    OTL logfile created on: 11/14/2011 1:06:03 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Logan\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.99 Gb Total Physical Memory | 6.27 Gb Available Physical Memory | 78.46% Memory free
    15.98 Gb Paging File | 14.14 Gb Available in Paging File | 88.50% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 596.07 Gb Total Space | 209.60 Gb Free Space | 35.16% Space Free | Partition Type: NTFS
    Drive D: | 577.14 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: X | User Name: Logan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/11/14 13:03:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Logan\Desktop\OTL.exe
    PRC - [2011/09/06 15:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/06/24 13:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
    PRC - [2010/06/24 13:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
    PRC - [2010/01/22 11:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    PRC - [2009/12/17 16:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe


    ========== Modules (No Company Name) ==========

    MOD - [2010/01/21 00:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2010/01/09 19:18:18 | 004,254,560 | -H-- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2009/02/27 11:52:56 | 000,258,048 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\sqlite.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/10/03 09:59:22 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2010/05/06 03:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/04/18 17:57:09 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2010/06/24 13:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/12/17 16:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
    SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/07/21 01:00:58 | 000,327,680 | R--- | M] (ASUSTek COMPUTER INC.) [Auto | Running] -- C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe -- (UsbService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/10/03 10:56:42 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/10/03 09:22:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/09/06 15:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2011/09/06 15:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2011/09/06 15:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2011/09/06 15:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
    DRV:64bit: - [2011/09/06 15:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2011/09/06 15:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2011/06/06 16:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2010/07/29 17:56:57 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2010/05/13 21:52:32 | 001,322,496 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV:64bit: - [2010/04/07 02:04:00 | 000,290,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress) Intel(R)
    DRV:64bit: - [2010/03/18 03:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2010/03/18 03:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2010/01/22 11:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2010/01/22 11:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2009/12/25 01:05:40 | 000,297,512 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
    DRV:64bit: - [2009/12/17 16:18:51 | 000,024,248 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
    DRV:64bit: - [2009/11/18 04:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2009/07/16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 18:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
    DRV:64bit: - [2009/07/10 12:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (motandroidusb)
    DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2007/12/16 20:25:14 | 000,047,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vuhub.sys -- (vuhub)
    DRV:64bit: - [2007/03/07 12:13:20 | 000,017,920 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pnetmdm64.sys -- (pnetmdm)
    DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3619874440-108817763-147304035-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-3619874440-108817763-147304035-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 43 4A EC 94 C3 A1 CC 01 [binary data]
    IE - HKU\S-1-5-21-3619874440-108817763-147304035-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Bing"
    FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q="
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
    FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q="

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/10 02:10:21 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/10 02:10:21 | 000,000,000 | ---D | M]

    [2010/07/29 00:01:41 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Logan\AppData\Roaming\Mozilla\Extensions
    [2011/11/13 23:36:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\lh6f0s91.default\extensions
    [2011/11/09 14:50:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\lh6f0s91.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/12/05 22:58:52 | 000,001,832 | -H-- | M] () -- C:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\lh6f0s91.default\searchplugins\bing.xml
    [2011/11/10 16:15:11 | 000,001,635 | ---- | M] () -- C:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\lh6f0s91.default\searchplugins\firefox-add-ons.xml
    [2011/11/13 23:36:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/11/09 14:50:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2007/07/18 12:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nptgeqplugin.dll

    O1 HOSTS File: ([2011/11/13 23:01:28 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-3619874440-108817763-147304035-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3619874440-108817763-147304035-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-3619874440-108817763-147304035-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3619874440-108817763-147304035-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA45D596-F0B5-4D91-A250-057ACE743592}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/08/17 14:29:12 | 001,070,488 | R--- | M] (Microsoft Corporation) - D:\autorun.exe -- [ CDFS ]
    O32 - AutoRun File - [2007/06/04 11:38:36 | 000,000,167 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/14 13:03:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Logan\Desktop\OTL.exe
    [2011/11/14 01:17:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/11/13 22:58:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/11/13 22:25:17 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2011/11/13 19:41:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/11/13 19:41:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/11/13 19:41:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/11/13 19:37:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/11/13 19:36:47 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/11/13 19:33:58 | 004,292,963 | R--- | C] (Swearware) -- C:\Users\Logan\Desktop\ComboFix.exe
    [2011/11/13 19:19:44 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Logan\Desktop\aswMBR.exe
    [2011/11/13 14:50:42 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Logan\Desktop\dds.scr
    [2011/11/13 14:22:43 | 000,000,000 | ---D | C] -- C:\Users\Logan\AppData\Roaming\Malwarebytes
    [2011/11/13 14:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/11/13 14:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/11/13 14:22:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/11/13 14:20:13 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Logan\Desktop\mbam-setup-1.51.2.1300.exe
    [2011/11/06 16:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Age of Empires 3
    [2011/11/06 15:37:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Games
    [2011/11/06 14:11:53 | 000,000,000 | -H-D | C] -- C:\Users\Logan\AppData\Local\WB Games
    [2011/11/06 14:04:46 | 000,000,000 | -H-D | C] -- C:\Users\Logan\Documents\ALI213
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/11/14 13:03:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Logan\Desktop\OTL.exe
    [2011/11/14 12:45:48 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/11/14 12:45:48 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/11/14 12:45:37 | 000,727,490 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/11/14 12:45:37 | 000,623,890 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/11/14 12:45:37 | 000,107,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/11/14 12:38:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/11/14 12:37:59 | 2140,491,775 | -HS- | M] () -- C:\hiberfil.sys
    [2011/11/13 23:01:28 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/11/13 19:34:01 | 004,292,963 | R--- | M] (Swearware) -- C:\Users\Logan\Desktop\ComboFix.exe
    [2011/11/13 19:30:54 | 000,000,512 | ---- | M] () -- C:\Users\Logan\Desktop\MBR.dat
    [2011/11/13 19:19:55 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Logan\Desktop\aswMBR.exe
    [2011/11/13 14:50:43 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Logan\Desktop\dds.scr
    [2011/11/13 14:32:07 | 000,302,592 | ---- | M] () -- C:\Users\Logan\Desktop\b82hs1zq.exe
    [2011/11/13 14:22:28 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/11/13 14:20:51 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Logan\Desktop\mbam-setup-1.51.2.1300.exe
    [2011/11/09 21:58:09 | 000,007,602 | ---- | M] () -- C:\Users\Logan\AppData\Local\Resmon.ResmonCfg
    [2011/11/09 16:08:55 | 004,968,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/11/09 14:57:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2011/11/09 14:31:10 | 000,000,440 | ---- | M] () -- C:\ProgramData\spOeiY6d0dx97b
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/11/13 19:41:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/11/13 19:41:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/11/13 19:41:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/11/13 19:41:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/11/13 19:41:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/11/13 19:30:54 | 000,000,512 | ---- | C] () -- C:\Users\Logan\Desktop\MBR.dat
    [2011/11/13 14:32:05 | 000,302,592 | ---- | C] () -- C:\Users\Logan\Desktop\b82hs1zq.exe
    [2011/11/13 14:22:28 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/11/09 21:58:09 | 000,007,602 | ---- | C] () -- C:\Users\Logan\AppData\Local\Resmon.ResmonCfg
    [2011/11/09 14:27:57 | 000,000,440 | ---- | C] () -- C:\ProgramData\spOeiY6d0dx97b
    [2011/10/03 11:53:16 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
    [2011/09/02 23:03:35 | 000,000,535 | ---- | C] () -- C:\Windows\eReg.dat
    [2011/09/01 19:44:32 | 000,000,268 | ---- | C] () -- C:\Windows\_delis32.ini
    [2011/05/25 20:04:20 | 000,743,126 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/05/25 20:01:48 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2011/04/29 18:53:33 | 000,004,993 | ---- | C] () -- C:\ProgramData\vbazjamv.itb
    [2011/03/20 02:22:52 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
    [2011/03/17 11:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/01/24 02:20:23 | 000,065,536 | ---- | C] () -- C:\Windows\TADSUINS.EXE
    [2010/11/26 02:55:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010/08/13 21:55:41 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2010/07/28 23:26:49 | 000,034,508 | ---- | C] () -- C:\Windows\Ascd_log.ini
    [2010/07/28 23:25:06 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2010/07/28 23:25:02 | 000,025,613 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
    [2009/11/06 09:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2009/04/02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

    ========== LOP Check ==========

    [2011/11/09 14:45:32 | 000,000,000 | ---D | M] -- C:\Users\Logan\AppData\Roaming\.minecraft
    [2011/11/09 14:50:38 | 000,000,000 | ---D | M] -- C:\Users\Logan\AppData\Roaming\Bioshock
    [2011/11/09 14:50:38 | 000,000,000 | ---D | M] -- C:\Users\Logan\AppData\Roaming\Bioshock2
    [2010/11/03 17:50:03 | 000,000,000 | -H-D | M] -- C:\Users\Logan\AppData\Roaming\DAEMON Tools Lite
    [2011/11/09 14:50:38 | 000,000,000 | ---D | M] -- C:\Users\Logan\AppData\Roaming\DAEMON Tools Pro
    [2011/05/25 03:04:41 | 000,000,000 | -H-D | M] -- C:\Users\Logan\AppData\Roaming\Dwarfs
    [2011/11/09 14:50:38 | 000,000,000 | ---D | M] -- C:\Users\Logan\AppData\Roaming\Kalypso Media
    [2010/11/15 01:51:36 | 000,000,000 | -H-D | M] -- C:\Users\Logan\AppData\Roaming\Leadertech
    [2011/10/09 13:48:22 | 000,000,000 | -H-D | M] -- C:\Users\Logan\AppData\Roaming\Lionhead Studios
    [2011/11/09 14:50:39 | 000,000,000 | ---D | M] -- C:\Users\Logan\AppData\Roaming\NationRed
    [2011/07/09 21:33:08 | 000,000,000 | -H-D | M] -- C:\Users\Logan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2011/11/10 16:18:39 | 000,000,000 | ---D | M] -- C:\Users\Logan\AppData\Roaming\uTorrent
    [2011/11/13 14:37:33 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/10/19 23:01:03 | 000,000,000 | ---- | M] () -- C:\BnetLog.txt
    [2011/11/13 23:25:54 | 000,022,120 | ---- | M] () -- C:\ComboFix.txt
    [2010/03/10 19:20:52 | 000,799,352 | ---- | M] () -- C:\D2XP_IX86_112a_113c.mpq
    [2011/11/14 12:37:59 | 2140,491,775 | -HS- | M] () -- C:\hiberfil.sys
    [2006/12/01 22:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2011/11/14 12:38:04 | 4285,648,895 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2009/07/13 23:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 23:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 23:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 23:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 14:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/09/06 15:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 22:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/07/28 23:42:01 | 000,000,221 | -HS- | M] () -- C:\Users\Logan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/11/13 19:19:55 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Logan\Desktop\aswMBR.exe
    [2011/11/13 14:32:07 | 000,302,592 | ---- | M] () -- C:\Users\Logan\Desktop\b82hs1zq.exe
    [2011/11/13 19:34:01 | 004,292,963 | R--- | M] (Swearware) -- C:\Users\Logan\Desktop\ComboFix.exe
    [2011/11/13 14:20:51 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Logan\Desktop\mbam-setup-1.51.2.1300.exe
    [2011/11/14 13:03:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Logan\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 15:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/08/02 14:44:03 | 000,000,402 | -HS- | M] () -- C:\Users\Logan\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/11/09 14:31:10 | 000,000,440 | ---- | M] () -- C:\ProgramData\spOeiY6d0dx97b
    [2011/04/29 18:53:33 | 000,004,993 | ---- | M] () -- C:\ProgramData\vbazjamv.itb

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    .........................................
     
  10. Solrock

    Solrock TS Rookie Topic Starter Posts: 55

    Extras.txt

    OTL Extras logfile created on: 11/14/2011 1:06:03 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Logan\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.99 Gb Total Physical Memory | 6.27 Gb Available Physical Memory | 78.46% Memory free
    15.98 Gb Paging File | 14.14 Gb Available in Paging File | 88.50% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 596.07 Gb Total Space | 209.60 Gb Free Space | 35.16% Space Free | Partition Type: NTFS
    Drive D: | 577.14 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: X | User Name: Logan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3619874440-108817763-147304035-1001\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
    "{2364CFB2-935A-C838-AA5A-774FEC1E588D}" = ccc-utility64
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6F89043A-D077-E434-FCDF-9D7179BE737A}" = AMD Media Foundation Decoders
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{82ED9FB2-55AF-4A61-A6F3-506CEE112779}" = Motorola Mobile Drivers Installation 4.7.1
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
    "{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
    "{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{BDAF38DA-C834-6D42-B314-B97BB214E140}" = AMD Drag and Drop Transcoding
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{CA9A3609-3ECC-4574-8824-A8161A71A603}" = Canon MP150
    "{D5558268-0050-4B95-AD5E-426960E1EFE1}" = Intel(R) Network Connections 15.3.68.0
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{EDF6B241-8C7B-E74C-A387-5603C41AEEAA}" = AMD AVIVO64 Codecs
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F7303166-C685-DCF3-5DE4-3CDA117DCEFF}" = AMD Catalyst Install Manager
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "PROSetDX" = Intel(R) Network Connections 15.3.68.0
    "SP6" = Logitech SetPoint 6.15

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{05757DB5-6E9F-97E2-111F-DA2B6E75290F}" = CCC Help Chinese Traditional
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0983F01E-51B9-AB95-A359-4EA7E06A3B8E}" = CCC Help Korean
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{136E21EB-B3DC-A814-E7FC-EF9D1DC81689}" = CCC Help Hungarian
    "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
    "{17FAA4AF-EB06-0050-D3B1-9F1747B9E4AA}" = CCC Help Swedish
    "{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1A837B5C-AC31-2F10-DE76-E019DA223EDC}" = Catalyst Control Center Localization All
    "{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 26
    "{29D84B61-2248-564D-4255-573E3825ED97}" = Catalyst Control Center
    "{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
    "{450A2869-616A-48C6-ECCC-59636695F35D}" = CCC Help Danish
    "{4912B33D-2F49-5626-103B-6E1F01A82FD3}" = CCC Help Portuguese
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{52516A9C-C9DE-6745-DB13-D9628EB99D12}" = CCC Help Turkish
    "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{57E489DE-46DB-2546-EA42-FB0D704559BE}" = Catalyst Control Center InstallProxy
    "{59BB3D25-77C9-EDBC-FF56-5952567BD070}" = CCC Help Thai
    "{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper version 2.7.5
    "{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MergeModules
    "{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{73BFA936-50E9-0DF6-ADE1-2B22FEDF1C29}" = CCC Help Finnish
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
    "{8B2F67C8-C4AC-9093-A94C-CD89566740A7}" = CCC Help Chinese Standard
    "{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A1AE7AED-A090-0CD8-BE77-5EE59218F994}" = CCC Help Greek
    "{A1C29F65-FA94-88FA-7716-71C842050A19}" = CCC Help Spanish
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
    "{B835DEF8-26A7-4E9B-B9F8-8D56F385DEAA}" = ASUS Wireless Router WL-520GU Utilities
    "{C38F5ADE-EA15-147A-1539-FB9E48F544B5}" = CCC Help English
    "{C4B3B964-173A-2324-D28E-D222026486F7}" = CCC Help Norwegian
    "{C6369A55-984D-806C-5725-1A9F663DCCE8}" = CCC Help Czech
    "{CA9DAC4A-ADB2-B128-FD79-86DCE24FB8D3}" = CCC Help Italian
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DB3812C4-8ECB-4151-6256-CE86C52067C1}" = CCC Help German
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{E27E5F62-7AB0-3789-56EF-5774482E4DC8}" = CCC Help Russian
    "{E3CA67A5-53E8-602E-D17A-45EFDE3DDD53}" = HydraVision
    "{E78B0798-2AD2-25FC-F3F9-C8E4A1131630}" = CCC Help French
    "{E8A606FD-B650-34EE-164E-F6A9FAC38421}" = CCC Help Japanese
    "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{EF0407CF-760A-46CC-EE33-43CFDCE0FCE5}" = Catalyst Control Center Graphics Previews Common
    "{EF175304-DE47-65A8-3D7C-4C78EF05976C}" = CCC Help Polish
    "{F60DDBEA-DCF6-BC00-5B7B-A5253CEFBAC0}" = CCC Help Dutch
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "avast" = avast! Free Antivirus
    "CanonMyPrinter" = Canon My Printer
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "Diablo II" = Diablo II
    "hon" = Heroes of Newerth
    "InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
    "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
    "MagniDriver" = marvell 91xx driver
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "MotoConnect" = MotoConnect 1.1.31
    "Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
    "Shattered Galaxy" = Shattered Galaxy
    "ST6UNST #1" = Brad Smith Easy SFV Creator
    "StarCraft II" = StarCraft II
    "Steam App 108210" = Memoir '44 Online
    "Steam App 17460" = Mass Effect
    "Steam App 22600" = Worms Reloaded
    "Steam App 240" = Counter-Strike: Source
    "Steam App 300" = Day of Defeat: Source
    "Steam App 39800" = Nation Red
    "Steam App 400" = Portal
    "Steam App 440" = Team Fortress 2
    "Steam App 49400" = Magic: The Gathering - Duels of the Planeswalkers
    "Steam App 550" = Left 4 Dead 2
    "Steam App 6850" = Hitman 2: Silent Assassin
    "Steam App 6900" = Hitman: Codename 47
    "Steam App 80" = Counter-Strike: Condition Zero
    "World of Warcraft" = World of Warcraft

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3619874440-108817763-147304035-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "090215de958f1060" = Curse Client
    "Network Addon Mod" = Network Addon Mod Version 30 with Essentials r132
    "SC4Mapper" = SC4Mapper

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  11. Broni

    Broni Malware Annihilator Posts: 47,078   +257

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
     
  12. Solrock

    Solrock TS Rookie Topic Starter Posts: 55

    02:00:58.0834 4604 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
    02:00:59.0240 4604 ============================================================
    02:00:59.0240 4604 Current date / time: 2011/11/15 02:00:59.0240
    02:00:59.0240 4604 SystemInfo:
    02:00:59.0240 4604
    02:00:59.0240 4604 OS Version: 6.1.7600 ServicePack: 0.0
    02:00:59.0240 4604 Product type: Workstation
    02:00:59.0240 4604 ComputerName: X
    02:00:59.0240 4604 UserName: Logan
    02:00:59.0241 4604 Windows directory: C:\Windows
    02:00:59.0241 4604 System windows directory: C:\Windows
    02:00:59.0241 4604 Running under WOW64
    02:00:59.0241 4604 Processor architecture: Intel x64
    02:00:59.0241 4604 Number of processors: 8
    02:00:59.0241 4604 Page size: 0x1000
    02:00:59.0241 4604 Boot type: Normal boot
    02:00:59.0241 4604 ============================================================
    02:00:59.0897 4604 Initialize success
    02:01:17.0868 4648 ============================================================
    02:01:17.0868 4648 Scan started
    02:01:17.0868 4648 Mode: Manual;
    02:01:17.0868 4648 ============================================================
    02:01:20.0139 4648 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    02:01:20.0141 4648 1394ohci - ok
    02:01:20.0177 4648 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    02:01:20.0180 4648 ACPI - ok
    02:01:20.0191 4648 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    02:01:20.0191 4648 AcpiPmi - ok
    02:01:20.0224 4648 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    02:01:20.0230 4648 adp94xx - ok
    02:01:20.0254 4648 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    02:01:20.0258 4648 adpahci - ok
    02:01:20.0296 4648 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    02:01:20.0299 4648 adpu320 - ok
    02:01:20.0353 4648 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
    02:01:20.0360 4648 AFD - ok
    02:01:20.0372 4648 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    02:01:20.0373 4648 agp440 - ok
    02:01:20.0390 4648 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    02:01:20.0391 4648 aliide - ok
    02:01:20.0435 4648 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    02:01:20.0436 4648 amdide - ok
    02:01:20.0455 4648 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    02:01:20.0457 4648 AmdK8 - ok
    02:01:20.0660 4648 amdkmdag (78546921d348e9f917e00b9ed8279c3c) C:\Windows\system32\DRIVERS\atikmdag.sys
    02:01:20.0816 4648 amdkmdag - ok
    02:01:20.0851 4648 amdkmdap (619c03c378be737b779e2cd9ecb9c778) C:\Windows\system32\DRIVERS\atikmpag.sys
    02:01:20.0852 4648 amdkmdap - ok
    02:01:20.0867 4648 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    02:01:20.0868 4648 AmdPPM - ok
    02:01:20.0903 4648 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
    02:01:20.0905 4648 amdsata - ok
    02:01:20.0937 4648 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    02:01:20.0940 4648 amdsbs - ok
    02:01:20.0959 4648 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
    02:01:20.0959 4648 amdxata - ok
    02:01:20.0989 4648 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    02:01:20.0990 4648 AppID - ok
    02:01:21.0030 4648 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    02:01:21.0032 4648 arc - ok
    02:01:21.0050 4648 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    02:01:21.0051 4648 arcsas - ok
    02:01:21.0093 4648 aswFsBlk (5a68b880c16ad5a6aa20b49a47ffff24) C:\Windows\system32\drivers\aswFsBlk.sys
    02:01:21.0094 4648 aswFsBlk - ok
    02:01:21.0122 4648 aswMonFlt (230613be2d3da8053879be5ed2848f2d) C:\Windows\system32\drivers\aswMonFlt.sys
    02:01:21.0123 4648 aswMonFlt - ok
    02:01:21.0135 4648 aswRdr (0dc1996ae4178d7d14744ef6b3082313) C:\Windows\system32\drivers\aswRdr.sys
    02:01:21.0136 4648 aswRdr - ok
    02:01:21.0178 4648 aswSnx (b6ff911c23775cdfdd49612d92637af4) C:\Windows\system32\drivers\aswSnx.sys
    02:01:21.0182 4648 aswSnx - ok
    02:01:21.0197 4648 aswSP (5a590d8516376aed1829fc07d3bdaa4b) C:\Windows\system32\drivers\aswSP.sys
    02:01:21.0199 4648 aswSP - ok
    02:01:21.0210 4648 aswTdi (3239c0082fb0c1c4ee323730b85690a5) C:\Windows\system32\drivers\aswTdi.sys
    02:01:21.0211 4648 aswTdi - ok
    02:01:21.0228 4648 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    02:01:21.0228 4648 AsyncMac - ok
    02:01:21.0247 4648 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    02:01:21.0247 4648 atapi - ok
    02:01:21.0303 4648 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
    02:01:21.0305 4648 AtiHDAudioService - ok
    02:01:21.0332 4648 AtiHdmiService (d481083348138b4933acfe95812db71c) C:\Windows\system32\drivers\AtiHdmi.sys
    02:01:21.0334 4648 AtiHdmiService - ok
    02:01:21.0398 4648 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    02:01:21.0404 4648 b06bdrv - ok
    02:01:21.0429 4648 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    02:01:21.0433 4648 b57nd60a - ok
    02:01:21.0456 4648 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    02:01:21.0457 4648 Beep - ok
    02:01:21.0504 4648 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    02:01:21.0506 4648 blbdrive - ok
    02:01:21.0534 4648 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
    02:01:21.0535 4648 bowser - ok
    02:01:21.0557 4648 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    02:01:21.0558 4648 BrFiltLo - ok
    02:01:21.0574 4648 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    02:01:21.0575 4648 BrFiltUp - ok
    02:01:21.0601 4648 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    02:01:21.0605 4648 Brserid - ok
    02:01:21.0628 4648 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    02:01:21.0630 4648 BrSerWdm - ok
    02:01:21.0649 4648 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    02:01:21.0650 4648 BrUsbMdm - ok
    02:01:21.0656 4648 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    02:01:21.0657 4648 BrUsbSer - ok
    02:01:21.0674 4648 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    02:01:21.0675 4648 BTHMODEM - ok
    02:01:21.0783 4648 catchme - ok
    02:01:21.0798 4648 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    02:01:21.0799 4648 cdfs - ok
    02:01:21.0818 4648 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    02:01:21.0821 4648 cdrom - ok
    02:01:21.0839 4648 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    02:01:21.0840 4648 circlass - ok
    02:01:21.0869 4648 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    02:01:21.0873 4648 CLFS - ok
    02:01:21.0902 4648 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    02:01:21.0903 4648 CmBatt - ok
    02:01:21.0916 4648 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    02:01:21.0917 4648 cmdide - ok
    02:01:21.0944 4648 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
    02:01:21.0949 4648 CNG - ok
    02:01:21.0956 4648 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    02:01:21.0957 4648 Compbatt - ok
    02:01:21.0973 4648 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    02:01:21.0974 4648 CompositeBus - ok
    02:01:22.0037 4648 cpuz132 - ok
    02:01:22.0050 4648 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    02:01:22.0051 4648 crcdisk - ok
    02:01:22.0085 4648 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
    02:01:22.0086 4648 DfsC - ok
    02:01:22.0104 4648 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    02:01:22.0105 4648 discache - ok
    02:01:22.0126 4648 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    02:01:22.0127 4648 Disk - ok
    02:01:22.0159 4648 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    02:01:22.0160 4648 drmkaud - ok
    02:01:22.0201 4648 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
    02:01:22.0207 4648 DXGKrnl - ok
    02:01:22.0234 4648 e1yexpress (1f20aeaad1be0121647257235b788224) C:\Windows\system32\DRIVERS\e1y62x64.sys
    02:01:22.0236 4648 e1yexpress - ok
    02:01:22.0265 4648 EagleX64 - ok
    02:01:22.0338 4648 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    02:01:22.0398 4648 ebdrv - ok
    02:01:22.0427 4648 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    02:01:22.0434 4648 elxstor - ok
    02:01:22.0447 4648 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    02:01:22.0448 4648 ErrDev - ok
    02:01:22.0474 4648 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    02:01:22.0477 4648 exfat - ok
    02:01:22.0496 4648 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    02:01:22.0499 4648 fastfat - ok
    02:01:22.0515 4648 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    02:01:22.0516 4648 fdc - ok
    02:01:22.0528 4648 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    02:01:22.0529 4648 FileInfo - ok
    02:01:22.0542 4648 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    02:01:22.0543 4648 Filetrace - ok
    02:01:22.0556 4648 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    02:01:22.0557 4648 flpydisk - ok
    02:01:22.0587 4648 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    02:01:22.0590 4648 FltMgr - ok
    02:01:22.0614 4648 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    02:01:22.0615 4648 FsDepends - ok
    02:01:22.0630 4648 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    02:01:22.0632 4648 Fs_Rec - ok
    02:01:22.0649 4648 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
    02:01:22.0651 4648 fvevol - ok
    02:01:22.0671 4648 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    02:01:22.0672 4648 gagp30kx - ok
    02:01:22.0675 4648 GMSIPCI - ok
    02:01:22.0698 4648 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    02:01:22.0699 4648 hcw85cir - ok
    02:01:22.0745 4648 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    02:01:22.0749 4648 HdAudAddService - ok
    02:01:22.0769 4648 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    02:01:22.0771 4648 HDAudBus - ok
    02:01:22.0788 4648 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    02:01:22.0789 4648 HidBatt - ok
    02:01:22.0811 4648 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    02:01:22.0813 4648 HidBth - ok
    02:01:22.0832 4648 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    02:01:22.0834 4648 HidIr - ok
    02:01:22.0861 4648 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    02:01:22.0862 4648 HidUsb - ok
    02:01:22.0890 4648 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    02:01:22.0892 4648 HpSAMD - ok
    02:01:22.0928 4648 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    02:01:22.0937 4648 HTTP - ok
    02:01:22.0953 4648 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    02:01:22.0954 4648 hwpolicy - ok
    02:01:22.0968 4648 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    02:01:22.0970 4648 i8042prt - ok
    02:01:22.0992 4648 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
    02:01:22.0997 4648 iaStorV - ok
    02:01:23.0044 4648 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    02:01:23.0046 4648 iirsp - ok
    02:01:23.0061 4648 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    02:01:23.0062 4648 intelide - ok
    02:01:23.0082 4648 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    02:01:23.0083 4648 intelppm - ok
    02:01:23.0106 4648 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    02:01:23.0107 4648 IpFilterDriver - ok
    02:01:23.0128 4648 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    02:01:23.0130 4648 IPMIDRV - ok
    02:01:23.0145 4648 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    02:01:23.0147 4648 IPNAT - ok
    02:01:23.0166 4648 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    02:01:23.0167 4648 IRENUM - ok
    02:01:23.0180 4648 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    02:01:23.0182 4648 isapnp - ok
    02:01:23.0205 4648 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    02:01:23.0208 4648 iScsiPrt - ok
    02:01:23.0233 4648 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    02:01:23.0233 4648 kbdclass - ok
    02:01:23.0249 4648 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    02:01:23.0250 4648 kbdhid - ok
    02:01:23.0268 4648 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
    02:01:23.0270 4648 KSecDD - ok
    02:01:23.0300 4648 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
    02:01:23.0302 4648 KSecPkg - ok
    02:01:23.0314 4648 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    02:01:23.0315 4648 ksthunk - ok
    02:01:23.0382 4648 LHidFilt (0a7d6ed578d85f0c35353424ee3f5245) C:\Windows\system32\DRIVERS\LHidFilt.Sys
    02:01:23.0383 4648 LHidFilt - ok
    02:01:23.0399 4648 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    02:01:23.0400 4648 lltdio - ok
    02:01:23.0420 4648 LMouFilt (6542e2e6db58118fbb1b82a68ce3aff9) C:\Windows\system32\DRIVERS\LMouFilt.Sys
    02:01:23.0421 4648 LMouFilt - ok
    02:01:23.0456 4648 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    02:01:23.0458 4648 LSI_FC - ok
    02:01:23.0480 4648 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    02:01:23.0481 4648 LSI_SAS - ok
    02:01:23.0505 4648 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    02:01:23.0507 4648 LSI_SAS2 - ok
    02:01:23.0524 4648 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    02:01:23.0526 4648 LSI_SCSI - ok
    02:01:23.0542 4648 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    02:01:23.0544 4648 luafv - ok
    02:01:23.0558 4648 MBAMProtector - ok
    02:01:23.0580 4648 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    02:01:23.0582 4648 megasas - ok
    02:01:23.0610 4648 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    02:01:23.0614 4648 MegaSR - ok
    02:01:23.0641 4648 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    02:01:23.0643 4648 Modem - ok
    02:01:23.0673 4648 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    02:01:23.0674 4648 monitor - ok
    02:01:23.0699 4648 motandroidusb (d69f1e9a944a5f46a494af901ed41118) C:\Windows\system32\Drivers\motoandroid.sys
    02:01:23.0701 4648 motandroidusb - ok
    02:01:23.0724 4648 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    02:01:23.0725 4648 mouclass - ok
    02:01:23.0745 4648 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    02:01:23.0746 4648 mouhid - ok
    02:01:23.0758 4648 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    02:01:23.0760 4648 mountmgr - ok
    02:01:23.0784 4648 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    02:01:23.0787 4648 mpio - ok
    02:01:23.0808 4648 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    02:01:23.0810 4648 mpsdrv - ok
    02:01:23.0830 4648 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    02:01:23.0832 4648 MRxDAV - ok
    02:01:23.0864 4648 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    02:01:23.0866 4648 mrxsmb - ok
    02:01:23.0895 4648 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    02:01:23.0898 4648 mrxsmb10 - ok
    02:01:23.0916 4648 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    02:01:23.0917 4648 mrxsmb20 - ok
    02:01:23.0936 4648 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    02:01:23.0937 4648 msahci - ok
    02:01:23.0956 4648 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    02:01:23.0958 4648 msdsm - ok
    02:01:23.0979 4648 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    02:01:23.0980 4648 Msfs - ok
    02:01:23.0991 4648 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    02:01:23.0992 4648 mshidkmdf - ok
    02:01:24.0005 4648 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    02:01:24.0006 4648 msisadrv - ok
    02:01:24.0036 4648 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    02:01:24.0037 4648 MSKSSRV - ok
    02:01:24.0051 4648 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    02:01:24.0052 4648 MSPCLOCK - ok
    02:01:24.0069 4648 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    02:01:24.0070 4648 MSPQM - ok
    02:01:24.0092 4648 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    02:01:24.0096 4648 MsRPC - ok
    02:01:24.0114 4648 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    02:01:24.0114 4648 mssmbios - ok
    02:01:24.0122 4648 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    02:01:24.0123 4648 MSTEE - ok
    02:01:24.0135 4648 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    02:01:24.0136 4648 MTConfig - ok
    02:01:24.0171 4648 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
    02:01:24.0171 4648 MTsensor - ok
    02:01:24.0202 4648 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    02:01:24.0203 4648 Mup - ok
    02:01:24.0228 4648 mv91xx (8db5861a8db19abaf430fcd001ef5e93) C:\Windows\system32\DRIVERS\mv91xx.sys
    02:01:24.0230 4648 mv91xx - ok
    02:01:24.0264 4648 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    02:01:24.0268 4648 NativeWifiP - ok
    02:01:24.0321 4648 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    02:01:24.0331 4648 NDIS - ok
    02:01:24.0348 4648 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    02:01:24.0349 4648 NdisCap - ok
    02:01:24.0371 4648 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    02:01:24.0372 4648 NdisTapi - ok
    02:01:24.0409 4648 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    02:01:24.0411 4648 Ndisuio - ok
    02:01:24.0430 4648 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    02:01:24.0432 4648 NdisWan - ok
    02:01:24.0440 4648 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    02:01:24.0442 4648 NDProxy - ok
    02:01:24.0453 4648 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    02:01:24.0454 4648 NetBIOS - ok
    02:01:24.0475 4648 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    02:01:24.0478 4648 NetBT - ok
    02:01:24.0511 4648 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    02:01:24.0513 4648 nfrd960 - ok
    02:01:24.0530 4648 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    02:01:24.0531 4648 Npfs - ok
    02:01:24.0541 4648 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    02:01:24.0542 4648 nsiproxy - ok
    02:01:24.0545 4648 NTACCESS - ok
    02:01:24.0587 4648 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
    02:01:24.0618 4648 Ntfs - ok
    02:01:24.0631 4648 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    02:01:24.0632 4648 Null - ok
    02:01:24.0650 4648 nusb3hub (8ebcb9165ee7f1571842f4d9d624a74c) C:\Windows\system32\DRIVERS\nusb3hub.sys
    02:01:24.0651 4648 nusb3hub - ok
    02:01:24.0672 4648 nusb3xhc (5d54dbb12bbfe07cc283fd39f2cd6d63) C:\Windows\system32\DRIVERS\nusb3xhc.sys
    02:01:24.0675 4648 nusb3xhc - ok
    02:01:24.0709 4648 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
    02:01:24.0711 4648 nvraid - ok
    02:01:24.0729 4648 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
    02:01:24.0731 4648 nvstor - ok
    02:01:24.0744 4648 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    02:01:24.0746 4648 nv_agp - ok
    02:01:24.0761 4648 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    02:01:24.0762 4648 ohci1394 - ok
    02:01:24.0804 4648 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    02:01:24.0806 4648 Parport - ok
    02:01:24.0820 4648 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    02:01:24.0822 4648 partmgr - ok
    02:01:24.0842 4648 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    02:01:24.0845 4648 pci - ok
    02:01:24.0854 4648 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    02:01:24.0855 4648 pciide - ok
    02:01:24.0872 4648 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    02:01:24.0875 4648 pcmcia - ok
    02:01:24.0890 4648 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    02:01:24.0892 4648 pcw - ok
    02:01:24.0911 4648 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    02:01:24.0919 4648 PEAUTH - ok
    02:01:24.0963 4648 pnetmdm (06841f5cd8410b6bdc0b5a631b8f8787) C:\Windows\system32\DRIVERS\pnetmdm64.sys
    02:01:24.0964 4648 pnetmdm - ok
    02:01:24.0993 4648 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    02:01:24.0994 4648 PptpMiniport - ok
    02:01:25.0010 4648 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    02:01:25.0012 4648 Processor - ok
    02:01:25.0036 4648 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    02:01:25.0038 4648 Psched - ok
    02:01:25.0126 4648 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    02:01:25.0141 4648 ql2300 - ok
    02:01:25.0169 4648 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    02:01:25.0171 4648 ql40xx - ok
    02:01:25.0180 4648 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    02:01:25.0182 4648 QWAVEdrv - ok
    02:01:25.0202 4648 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    02:01:25.0203 4648 RasAcd - ok
    02:01:25.0226 4648 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    02:01:25.0227 4648 RasAgileVpn - ok
    02:01:25.0243 4648 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    02:01:25.0245 4648 Rasl2tp - ok
    02:01:25.0266 4648 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    02:01:25.0268 4648 RasPppoe - ok
    02:01:25.0290 4648 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    02:01:25.0292 4648 RasSstp - ok
    02:01:25.0307 4648 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    02:01:25.0311 4648 rdbss - ok
    02:01:25.0324 4648 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    02:01:25.0325 4648 rdpbus - ok
    02:01:25.0341 4648 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    02:01:25.0342 4648 RDPCDD - ok
    02:01:25.0355 4648 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    02:01:25.0356 4648 RDPENCDD - ok
    02:01:25.0367 4648 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    02:01:25.0368 4648 RDPREFMP - ok
    02:01:25.0394 4648 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    02:01:25.0398 4648 RDPWD - ok
    02:01:25.0422 4648 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    02:01:25.0425 4648 rdyboost - ok
    02:01:25.0456 4648 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
    02:01:25.0457 4648 ROOTMODEM - ok
    02:01:25.0487 4648 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    02:01:25.0489 4648 rspndr - ok
    02:01:25.0512 4648 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    02:01:25.0514 4648 sbp2port - ok
    02:01:25.0534 4648 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    02:01:25.0536 4648 scfilter - ok
    02:01:25.0557 4648 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    02:01:25.0558 4648 secdrv - ok
    02:01:25.0590 4648 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    02:01:25.0592 4648 Serenum - ok
    02:01:25.0615 4648 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    02:01:25.0617 4648 Serial - ok
    02:01:25.0635 4648 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    02:01:25.0636 4648 sermouse - ok
    02:01:25.0646 4648 SetupNTGLM7X - ok
    02:01:25.0659 4648 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    02:01:25.0660 4648 sffdisk - ok
    02:01:25.0675 4648 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    02:01:25.0676 4648 sffp_mmc - ok
    02:01:25.0693 4648 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
    02:01:25.0694 4648 sffp_sd - ok
    02:01:25.0707 4648 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    02:01:25.0708 4648 sfloppy - ok
    02:01:25.0730 4648 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    02:01:25.0731 4648 SiSRaid2 - ok
    02:01:25.0752 4648 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    02:01:25.0754 4648 SiSRaid4 - ok
    02:01:25.0771 4648 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    02:01:25.0773 4648 Smb - ok
    02:01:25.0798 4648 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    02:01:25.0799 4648 spldr - ok
    02:01:25.0863 4648 sptd (51de15ca5c05bca46d8b110cd00a02fb) C:\Windows\system32\Drivers\sptd.sys
    02:01:25.0863 4648 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 51de15ca5c05bca46d8b110cd00a02fb
    02:01:25.0865 4648 sptd ( LockedFile.Multi.Generic ) - warning
    02:01:25.0865 4648 sptd - detected LockedFile.Multi.Generic (1)
    02:01:25.0894 4648 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
    02:01:25.0900 4648 srv - ok
    02:01:25.0924 4648 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
    02:01:25.0929 4648 srv2 - ok
    02:01:25.0957 4648 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
    02:01:25.0959 4648 srvnet - ok
    02:01:26.0000 4648 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    02:01:26.0002 4648 stexstor - ok
    02:01:26.0029 4648 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    02:01:26.0030 4648 swenum - ok
    02:01:26.0109 4648 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
    02:01:26.0141 4648 Tcpip - ok
    02:01:26.0176 4648 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
    02:01:26.0189 4648 TCPIP6 - ok
    02:01:26.0206 4648 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    02:01:26.0207 4648 tcpipreg - ok
    02:01:26.0220 4648 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    02:01:26.0221 4648 TDPIPE - ok
    02:01:26.0234 4648 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    02:01:26.0235 4648 TDTCP - ok
    02:01:26.0259 4648 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    02:01:26.0260 4648 tdx - ok
    02:01:26.0276 4648 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    02:01:26.0277 4648 TermDD - ok
    02:01:26.0306 4648 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    02:01:26.0307 4648 tssecsrv - ok
    02:01:26.0324 4648 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    02:01:26.0326 4648 tunnel - ok
    02:01:26.0348 4648 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    02:01:26.0349 4648 uagp35 - ok
    02:01:26.0375 4648 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    02:01:26.0380 4648 udfs - ok
    02:01:26.0404 4648 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    02:01:26.0406 4648 uliagpkx - ok
    02:01:26.0425 4648 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    02:01:26.0426 4648 umbus - ok
    02:01:26.0444 4648 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    02:01:26.0445 4648 UmPass - ok
    02:01:26.0461 4648 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
    02:01:26.0464 4648 usbccgp - ok
    02:01:26.0482 4648 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    02:01:26.0484 4648 usbcir - ok
    02:01:26.0504 4648 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
    02:01:26.0505 4648 usbehci - ok
    02:01:26.0525 4648 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
    02:01:26.0529 4648 usbhub - ok
    02:01:26.0545 4648 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    02:01:26.0546 4648 usbohci - ok
    02:01:26.0572 4648 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    02:01:26.0574 4648 usbprint - ok
    02:01:26.0600 4648 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    02:01:26.0601 4648 usbscan - ok
    02:01:26.0635 4648 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    02:01:26.0637 4648 USBSTOR - ok
    02:01:26.0655 4648 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    02:01:26.0656 4648 usbuhci - ok
    02:01:26.0676 4648 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    02:01:26.0677 4648 vdrvroot - ok
    02:01:26.0697 4648 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    02:01:26.0699 4648 vga - ok
    02:01:26.0712 4648 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    02:01:26.0714 4648 VgaSave - ok
    02:01:26.0737 4648 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    02:01:26.0740 4648 vhdmp - ok
    02:01:26.0786 4648 VIAHdAudAddService (f098b77980c6ddfdcbe2590eac12354e) C:\Windows\system32\drivers\viahduaa.sys
    02:01:26.0800 4648 VIAHdAudAddService - ok
    02:01:26.0818 4648 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    02:01:26.0819 4648 viaide - ok
    02:01:26.0840 4648 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    02:01:26.0841 4648 volmgr - ok
    02:01:26.0861 4648 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    02:01:26.0865 4648 volmgrx - ok
    02:01:26.0896 4648 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    02:01:26.0899 4648 volsnap - ok
    02:01:26.0931 4648 vpnva (0e4df91e83da5739ffb18535d4db10aa) C:\Windows\system32\DRIVERS\vpnva64.sys
    02:01:26.0933 4648 vpnva - ok
    02:01:26.0947 4648 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    02:01:26.0950 4648 vsmraid - ok
    02:01:26.0985 4648 vuhub (e07d31ee76ee18bfca49ad9a89782d43) C:\Windows\system32\DRIVERS\vuhub.sys
    02:01:26.0986 4648 vuhub - ok
    02:01:26.0998 4648 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    02:01:26.0999 4648 vwifibus - ok
    02:01:27.0017 4648 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    02:01:27.0018 4648 WacomPen - ok
    02:01:27.0033 4648 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    02:01:27.0034 4648 WANARP - ok
    02:01:27.0038 4648 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    02:01:27.0039 4648 Wanarpv6 - ok
    02:01:27.0064 4648 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    02:01:27.0065 4648 Wd - ok
    02:01:27.0092 4648 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    02:01:27.0099 4648 Wdf01000 - ok
    02:01:27.0132 4648 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    02:01:27.0133 4648 WfpLwf - ok
    02:01:27.0141 4648 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    02:01:27.0143 4648 WIMMount - ok
    02:01:27.0196 4648 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
    02:01:27.0198 4648 WinUsb - ok
    02:01:27.0234 4648 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    02:01:27.0235 4648 WmiAcpi - ok
    02:01:27.0260 4648 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    02:01:27.0261 4648 ws2ifsl - ok
    02:01:27.0281 4648 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    02:01:27.0283 4648 WudfPf - ok
    02:01:27.0299 4648 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    02:01:27.0302 4648 WUDFRd - ok
    02:01:27.0324 4648 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    02:01:27.0334 4648 \Device\Harddisk0\DR0 - ok
    02:01:27.0337 4648 Boot (0x1200) (9bf6101e6ff63a57483073947766f0e9) \Device\Harddisk0\DR0\Partition0
    02:01:27.0338 4648 \Device\Harddisk0\DR0\Partition0 - ok
    02:01:27.0344 4648 Boot (0x1200) (8814baf2e6d31254ca12ee4d6e2a8e1c) \Device\Harddisk0\DR0\Partition1
    02:01:27.0345 4648 \Device\Harddisk0\DR0\Partition1 - ok
    02:01:27.0345 4648 ============================================================
    02:01:27.0345 4648 Scan finished
    02:01:27.0345 4648 ============================================================
    02:01:27.0354 5088 Detected object count: 1
    02:01:27.0354 5088 Actual detected object count: 1
    02:01:50.0370 5088 sptd ( LockedFile.Multi.Generic ) - skipped by user
    02:01:50.0370 5088 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
     
  13. Broni

    Broni Malware Annihilator Posts: 47,078   +257

    Which browser is getting redirected?
     
  14. Solrock

    Solrock TS Rookie Topic Starter Posts: 55

    Firefox. I never use IE but now its constantly running in the background using up to 350know memory. Firefox has no search providers in my quick search bar and I can't restore defaults because button is grayed out and last night I was googling for images for a school presentation and my search would only come up with a few pics and a long blank page.
     
  15. Broni

    Broni Malware Annihilator Posts: 47,078   +257

    Please download GooredFix from one of the locations below and save it to your Desktop
    Download Mirror #1
    Download Mirror #2
    • Ensure all Firefox windows are closed.
    • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
    • When prompted to run the scan, click Yes.
    • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

    ============================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  16. Solrock

    Solrock TS Rookie Topic Starter Posts: 55

    GooredFix log:

    GooredFix by jpshortstuff (03.07.10.1)
    Log created at 14:42 on 15/11/2011 (Logan)
    Firefox version 3.6.24 (en-US)

    ========== GooredScan ==========


    ========== GooredLog ==========

    C:\Program Files (x86)\Mozilla Firefox\extensions\
    {972ce4c6-7e08-4474-a285-3208198ce6fd} [06:00 29/07/2010]
    {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [19:18 06/07/2011]

    C:\Users\Logan\Application Data\Mozilla\Firefox\Profiles\lh6f0s91.default\extensions\
    {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [03:42 28/09/2011]

    [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
    (none)

    -=E.O.F=-

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Bootkit remover log

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000
    ATA_Read(): DeviceIoControl() ERROR 1
    Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

    Size Device Name MBR Status
    --------------------------------------------
    596 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
     
  17. Broni

    Broni Malware Annihilator Posts: 47,078   +257

    Make sure IE is NOT open.

    Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
    Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
    Click on View > Select Colunms.
    In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
    Go File>Save As, and save the report as Procexp.txt.
    Attach the file to your next reply.
     
  18. Solrock

    Solrock TS Rookie Topic Starter Posts: 55

    Alright, when IE is running it is never visible (only errors will pop up occasionally) so i have to go into my process tab and end the iexplorer.exe

    Process PID CPU Private Bytes Working Set Description Company Name Command Line
    System Idle Process 0 97.36 0 K 24 K
    System 4 0.08 128 K 724 K
    Interrupts n/a 0.58 0 K 0 K Hardware Interrupts and DPCs
    smss.exe 372 732 K 572 K Windows Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
    csrss.exe 468 < 0.01 3,228 K 2,012 K Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
    wininit.exe 540 2,964 K 356 K Windows Start-Up Application Microsoft Corporation wininit.exe
    services.exe 608 < 0.01 7,844 K 6,008 K Services and Controller app Microsoft Corporation C:\Windows\system32\services.exe
    svchost.exe 780 6,620 K 4,852 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k DcomLaunch
    dllhost.exe 4676 4,444 K 3,448 K COM Surrogate Microsoft Corporation C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{30D49246-D217-465F-B00B-AC9DDD652EB7}
    WmiPrvSE.exe 2232 4,284 K 8,212 K WMI Provider Host Microsoft Corporation C:\Windows\system32\wbem\wmiprvse.exe
    dllhost.exe 4264 3,964 K 8,232 K COM Surrogate Microsoft Corporation C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
    svchost.exe 872 6,444 K 5,560 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k RPCSS
    atiesrxx.exe 932 3,192 K 844 K AMD External Events Service Module AMD C:\Windows\system32\atiesrxx.exe
    atieclxx.exe 1108 4,224 K 2,348 K AMD External Events Client Module AMD atieclxx
    svchost.exe 1004 27,216 K 14,756 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    svchost.exe 144 < 0.01 161,828 K 151,280 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    dwm.exe 1388 0.18 36,680 K 23,956 K Desktop Window Manager Microsoft Corporation "C:\Windows\system32\Dwm.exe"
    svchost.exe 412 < 0.01 37,804 K 31,916 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k netsvcs
    wuauclt.exe 4068 3,768 K 1,776 K Windows Update Microsoft Corporation "C:\Windows\system32\wuauclt.exe"
    svchost.exe 1052 < 0.01 12,708 K 13,344 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalService
    vpnagent.exe 1216 4,064 K 1,800 K VPN Agent Service Cisco Systems, Inc. "C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe"
    svchost.exe 1252 < 0.01 38,568 K 9,928 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService
    AvastSvc.exe 1460 < 0.01 34,384 K 38,744 K avast! Service AVAST Software "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
    taskhost.exe 2836 9,528 K 2,548 K Host Process for Windows Tasks Microsoft Corporation "taskhost.exe"
    spoolsv.exe 2908 9,944 K 4,972 K Spooler SubSystem App Microsoft Corporation C:\Windows\System32\spoolsv.exe
    svchost.exe 2936 17,432 K 11,500 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    svchost.exe 3032 < 0.01 11,848 K 12,272 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    MotoConnectService.exe 1320 0.02 2,372 K 1,204 K "C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe"
    MotoConnect.exe 3220 6,536 K 3,864 K Motorola Phone Service Application Motorola "C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe"
    svchost.exe 1860 3,408 K 3,092 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k imgsvc
    UsbService64.exe 2364 0.10 3,900 K 1,320 K ASUS Wireless Router Utility ASUSTek COMPUTER INC. "C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe"
    WLIDSVC.EXE 3104 < 0.01 6,212 K 3,304 K Microsoft® Windows Live ID Service Microsoft Corporation "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
    WLIDSVCM.EXE 3580 2,956 K 668 K Microsoft® Windows Live ID Service Monitor Microsoft Corporation WLIDSvcM.exe 3104
    SearchIndexer.exe 3644 < 0.01 50,592 K 19,504 K Microsoft Windows Search Indexer Microsoft Corporation C:\Windows\system32\SearchIndexer.exe /Embedding
    SearchFilterHost.exe 3356 4,760 K 8,960 K Microsoft Windows Search Filter Host Microsoft Corporation "C:\Windows\system32\SearchFilterHost.exe" 0 552 556 564 65536 560
    SearchProtocolHost.exe 3660 < 0.01 4,344 K 9,656 K Microsoft Windows Search Protocol Host Microsoft Corporation "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-3619874440-108817763-147304035-100137_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-3619874440-108817763-147304035-100137 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
    wmpnetwk.exe 4040 < 0.01 14,484 K 15,916 K Windows Media Player Network Sharing Service Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnetwk.exe"
    svchost.exe 2060 < 0.01 11,296 K 11,412 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    svchost.exe 4604 < 0.01 81,912 K 26,904 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k secsvcs
    lsass.exe 616 7,232 K 7,020 K Local Security Authority Process Microsoft Corporation C:\Windows\system32\lsass.exe
    lsm.exe 628 3,984 K 1,920 K Local Session Manager Service Microsoft Corporation C:\Windows\system32\lsm.exe
    csrss.exe 564 0.13 3,552 K 12,092 K Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
    winlogon.exe 748 5,076 K 2,488 K Windows Logon Application Microsoft Corporation winlogon.exe
    taskmgr.exe 4212 0.19 5,392 K 14,272 K Windows Task Manager Microsoft Corporation taskmgr.exe /3
    explorer.exe 1492 0.07 60,140 K 45,928 K Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
    BJMYPRT.EXE 1900 4,072 K 1,212 K Canon My Printer CANON INC. "C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE" /logon
    SetPoint.exe 1940 9,808 K 1,816 K Logitech SetPoint Event Manager (UNICODE) Logitech, Inc. "C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming
    KHALMNPR.exe 1368 9,408 K 3,052 K Logitech KHAL Main Process Logitech, Inc. KHALMNPR.EXE /API
    firefox.exe 3264 0.04 96,664 K 122,136 K Firefox Mozilla Corporation "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
    procexp.exe 760 2,504 K 10,308 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\Logan\Desktop\ProcessExplorer\procexp.exe"
    procexp64.exe 4664 1.24 27,776 K 48,392 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\Logan\Desktop\ProcessExplorer\procexp.exe"
    VDeck.exe 2240 < 0.01 13,368 K 5,832 K VIA HD Audio CPL VIA "C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
    nusb3mon.exe 2272 2,356 K 1,468 K USB 3.0 Monitor NEC Electronics Corporation "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    jusched.exe 2376 2,440 K 684 K Java(TM) Update Scheduler Sun Microsystems, Inc. "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    jucheck.exe 1332 4,404 K 2,292 K Java(TM) Update Checker Sun Microsystems, Inc. "C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto -critical
    AvastUI.exe 2392 < 0.01 5,768 K 1,808 K avast! Antivirus AVAST Software "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
    MOM.exe 2404 < 0.01 45,444 K 8,724 K Catalyst Control Center: Monitoring program Advanced Micro Devices Inc. "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
    CCC.exe 4752 < 0.01 32,780 K 3,824 K Catalyst Control Center: Host application ATI Technologies Inc. "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
     
  19. Broni

    Broni Malware Annihilator Posts: 47,078   +257

    In that case I need exact error wording and BEFORE you close any error window, run PE and post new log so I can see some instance of iexplore.exe is running.
     
  20. Solrock

    Solrock TS Rookie Topic Starter Posts: 55

    Heres the log again with iexplorer.exe running in the background.
    error messages i've gotten are:
    "Are you sure you want to navigate away from this page?"
    "Internet explorer has stopped working..."

    but more often than the IE error I get 'explorer.exe' has stopped responding. Everything i've gotten i listed in my first post

    Oh and i forgot to put this in my last post, i wrote it down and forgot. While running bootkit extraction at the start up it would give me the error
    "ATA_PASS_THROUGH_DIRECT is not supported by your disk controller
    SCSE_PASS_THROUGH_DIRECT will be used for disk I/O"


    Anyways heres the log:
    Process PID CPU Private Bytes Working Set Description Company Name Command Line
    System Idle Process 0 97.26 0 K 24 K
    System 4 0.04 128 K 992 K
    Interrupts n/a 0.57 0 K 0 K Hardware Interrupts and DPCs
    smss.exe 372 732 K 572 K Windows Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
    csrss.exe 468 3,228 K 2,384 K Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
    wininit.exe 540 2,964 K 388 K Windows Start-Up Application Microsoft Corporation wininit.exe
    services.exe 608 7,760 K 6,148 K Services and Controller app Microsoft Corporation C:\Windows\system32\services.exe
    svchost.exe 780 0.01 6,548 K 4,884 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k DcomLaunch
    dllhost.exe 4676 4,388 K 3,436 K COM Surrogate Microsoft Corporation C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{30D49246-D217-465F-B00B-AC9DDD652EB7}
    iexplore.exe 864 0.03 95,348 K 102,312 K Internet Explorer Microsoft Corporation "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -Embedding
    svchost.exe 872 6,956 K 6,244 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k RPCSS
    atiesrxx.exe 932 3,192 K 848 K AMD External Events Service Module AMD C:\Windows\system32\atiesrxx.exe
    atieclxx.exe 1108 4,244 K 2,672 K AMD External Events Client Module AMD atieclxx
    svchost.exe 1004 27,272 K 16,436 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    audiodg.exe 3260 0.32 26,340 K 27,356 K Windows Audio Device Graph Isolation Microsoft Corporation C:\Windows\system32\AUDIODG.EXE 0x3d0
    svchost.exe 144 < 0.01 179,628 K 173,364 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    dwm.exe 1388 0.12 41,004 K 44,724 K Desktop Window Manager Microsoft Corporation "C:\Windows\system32\Dwm.exe"
    svchost.exe 412 0.01 36,284 K 31,588 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k netsvcs
    wuauclt.exe 4068 3,736 K 2,048 K Windows Update Microsoft Corporation "C:\Windows\system32\wuauclt.exe"
    svchost.exe 1052 < 0.01 15,352 K 16,160 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalService
    vpnagent.exe 1216 4,064 K 2,036 K VPN Agent Service Cisco Systems, Inc. "C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe"
    svchost.exe 1252 < 0.01 40,344 K 13,008 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService
    AvastSvc.exe 1460 < 0.01 36,816 K 38,644 K avast! Service AVAST Software "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
    taskhost.exe 2836 9,860 K 5,932 K Host Process for Windows Tasks Microsoft Corporation "taskhost.exe"
    spoolsv.exe 2908 10,012 K 7,232 K Spooler SubSystem App Microsoft Corporation C:\Windows\System32\spoolsv.exe
    svchost.exe 2936 < 0.01 16,624 K 12,632 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    svchost.exe 3032 0.01 12,952 K 21,824 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    MotoConnectService.exe 1320 2,372 K 1,364 K "C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe"
    MotoConnect.exe 3220 6,540 K 4,724 K Motorola Phone Service Application Motorola "C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe"
    svchost.exe 1860 3,356 K 3,088 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k imgsvc
    UsbService64.exe 2364 0.10 3,900 K 1,352 K ASUS Wireless Router Utility ASUSTek COMPUTER INC. "C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe"
    WLIDSVC.EXE 3104 6,220 K 3,448 K Microsoft® Windows Live ID Service Microsoft Corporation "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
    WLIDSVCM.EXE 3580 2,956 K 700 K Microsoft® Windows Live ID Service Monitor Microsoft Corporation WLIDSvcM.exe 3104
    SearchIndexer.exe 3644 < 0.01 51,556 K 24,592 K Microsoft Windows Search Indexer Microsoft Corporation C:\Windows\system32\SearchIndexer.exe /Embedding
    wmpnetwk.exe 4040 14,576 K 16,088 K Windows Media Player Network Sharing Service Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnetwk.exe"
    svchost.exe 2060 16,396 K 13,912 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    svchost.exe 4604 82,432 K 18,428 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k secsvcs
    lsass.exe 616 0.02 8,340 K 10,780 K Local Security Authority Process Microsoft Corporation C:\Windows\system32\lsass.exe
    lsm.exe 628 < 0.01 3,872 K 1,976 K Local Session Manager Service Microsoft Corporation C:\Windows\system32\lsm.exe
    csrss.exe 564 0.10 3,744 K 8,324 K Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
    winlogon.exe 748 5,076 K 2,500 K Windows Logon Application Microsoft Corporation winlogon.exe
    BJMYPRT.EXE 1900 4,072 K 1,348 K Canon My Printer CANON INC. "C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE" /logon
    SetPoint.exe 1940 9,808 K 4,068 K Logitech SetPoint Event Manager (UNICODE) Logitech, Inc. "C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming
    KHALMNPR.exe 1368 9,408 K 3,256 K Logitech KHAL Main Process Logitech, Inc. KHALMNPR.EXE /API
    nusb3mon.exe 2272 < 0.01 2,808 K 3,024 K USB 3.0 Monitor NEC Electronics Corporation "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    jusched.exe 2376 2,440 K 864 K Java(TM) Update Scheduler Sun Microsystems, Inc. "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    jucheck.exe 1332 4,376 K 3,452 K Java(TM) Update Checker Sun Microsystems, Inc. "C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto -critical
    AvastUI.exe 2392 < 0.01 5,788 K 3,204 K avast! Antivirus AVAST Software "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
    MOM.exe 2404 < 0.01 47,256 K 13,120 K Catalyst Control Center: Monitoring program Advanced Micro Devices Inc. "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
    CCC.exe 4752 < 0.01 32,756 K 4,016 K Catalyst Control Center: Host application ATI Technologies Inc. "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
    procexp.exe 760 2,504 K 7,412 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\Logan\Desktop\ProcessExplorer\procexp.exe"
    procexp64.exe 4664 0.45 32,956 K 54,000 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\Logan\Desktop\ProcessExplorer\procexp.exe"
    explorer.exe 5000 0.03 56,548 K 75,496 K Windows Explorer Microsoft Corporation "C:\Windows\Explorer.EXE"
    Steam.exe 3668 0.43 202,136 K 126,128 K Steam Valve Corporation "C:\Program Files (x86)\Steam\Steam.exe"
    firefox.exe 1116 0.05 87,772 K 104,316 K Firefox Mozilla Corporation "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
    plugin-container.exe 3628 10,972 K 15,264 K Plugin Container for Firefox Mozilla Corporation "C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=1116.c1911a0.513609576 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" 1116 plugin \\.\pipe\gecko-crash-server-pipe.1116
    SC2.exe 3672 0.43 774,920 K 708,672 K StarCraft II Blizzard Entertainment, Inc. "C:\Program Files (x86)\StarCraft II\Versions\Base19679\SC2.exe"
     
  21. Broni

    Broni Malware Annihilator Posts: 47,078   +257

    Please click HERE to download Kaspersky Virus Removal Tool.

    • Double click on the file you just downloaded and let it install.
    • It will install to your desktop (be patient; it may take a while).
    • Accept license agreement and click "Start" button.
    • Click on Settings button [​IMG]
      • In Scan scope leave pre-checked items as they're and also checkmark My Computer
      • In Actions checkmark Select action: (disinfect; delete if disinfection fails) instead of preselected Prompt on detection
    • Click on Automatic Scan tab and then click on Start scanning button.
    • Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
    • When the scan is done NO log will be produced.
    • Click on Report button [​IMG] then on Automatic Scan report tab.
    • Right click anywhere within right pane, click Select All then right click again and click Copy.
    • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
    • You can save this on the desktop.
    • Post the contents of the document in your next reply.
     
  22. Solrock

    Solrock TS Rookie Topic Starter Posts: 55

    Alright so I've tried to run this about half a dozen times and it hasn't gotten past 14%.
    The first time I started it thinking it wouldnt take long but i had to cancel it because i needed my computer for some homework when i tried it the next time i opened my browser thinking that it wouldn't bother the scan running but it did and the scan stopped working "check online for fix or close program" message. After that I got the same error but i thought it was because IE was running in the background and i got a pop up from that. And finally I unplugged my Internet and tried running it, got to the same 14% as last time and gave me the stopped working.

    Now I've been running this all from the setup icon that i downloaded as i couldn't find where it installed to, idk if that has anything to do with anything.

    What do you suggest? should i try it again from safe mode?

    Also on another note i have some verbatim IE errors i've been getting if you need them:
    "Are you sure you want to navigate away from this page? Click cancel below to continue browsing on local pages. Click OK to continue."
    and
    "Stop running script? A script on this page is causing your web browser to run slowly. If it continues to run your computer might become unresponsive"

    And there is something i realized recently that after all this started and i did a system restore in safe mode after rebooting there were a lot of files missing and i thought it was just a normal thing from the restore but now i've tried to copy something onto my desktop that was there before and it asked my to copy and replace as if the files were already there but invisible.
     
  23. Solrock

    Solrock TS Rookie Topic Starter Posts: 55

    I went ahead and rebooted into safe mode just to see if it would run before i left for class this morning. I got home and it had come up with the same error that the program had stopped working though this time it was up to 67%. I ran it again and took a shower and when i got out it was errored at 13% again. No luck.
     
  24. Broni

    Broni Malware Annihilator Posts: 47,078   +257

    Please Boot to the System Recovery Options
    If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
    It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...

    On the System Recovery Options menu you will get the following options:

    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt

    Choose Command Prompt
    You should see X:\SOURCES>...

    Execute the following commands in bold.
    Press Enter after every one of them.

    bootrec /fixmbr (<--- there is a "space" after "bootrec")

    exit

    Restart computer.

    Post new aswMBR log.
     
  25. Solrock

    Solrock TS Rookie Topic Starter Posts: 55

    OK so I ran the command and I'm not sure if it automatically comes up with a new log or not. I assumed not and reran the aswMBR here's the log for that...

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-17 17:41:56
    -----------------------------
    17:41:56.220 OS Version: Windows x64 6.1.7600
    17:41:56.220 Number of processors: 8 586 0x1A05
    17:41:56.221 ComputerName: X UserName:
    17:41:57.542 Initialize success
    17:41:57.605 AVAST engine defs: 11111703
    17:42:47.592 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\mv91xx1Port4Path0Target0Lun0
    17:42:47.594 Disk 0 Vendor: WDC_WD64 05.0 Size: 610480MB BusType: 11
    17:42:47.597 Device \Driver\mv91xx -> DriverStartIo SCSIPORT.SYS fffff88000d88bc0
    17:42:47.599 Device \Driver\mv91xx -> MajorFunction fffffa8007a4c2c0
    17:42:49.610 Disk 0 MBR read successfully
    17:42:49.613 Disk 0 MBR scan
    17:42:49.617 Disk 0 Windows 7 default MBR code
    17:42:49.620 Service scanning
    17:42:51.306 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
    17:42:51.920 Modules scanning
    17:42:51.924 Disk 0 trace - called modules:
    17:42:51.934 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80085c3334]<<
    17:42:51.939 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80085b1060]
    17:42:51.945 3 CLASSPNP.SYS[fffff88001b4a43f] -> nt!IofCallDriver -> \Device\Scsi\mv91xx1Port4Path0Target0Lun0[0xfffffa8007ba4050]
    17:42:51.950 \Driver\mv91xx[0xfffffa8007b86cd0] -> IRP_MJ_CREATE -> 0xfffffa8007a4c2c0
    17:42:52.791 AVAST engine scan C:\Windows
    17:42:55.532 AVAST engine scan C:\Windows\system32
    17:43:45.291 AVAST engine scan C:\Windows\system32\drivers
    17:43:50.756 AVAST engine scan C:\Users\Logan
    17:48:54.617 AVAST engine scan C:\ProgramData
    17:52:18.702 Scan finished successfully
    17:56:12.694 Disk 0 MBR has been saved successfully to "C:\Users\Logan\Desktop\MBR.dat"
    17:56:12.697 The log file has been saved successfully to "C:\Users\Logan\Desktop\aswMBR2.txt"
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.