TechSpot

Svchost.exe Trojan

Solved
By mGreen
Aug 12, 2012
  1. Greetings.

    I have been having some recent problems with my computer lately, and avast! is sending out all these alerts stating that there is a threat detected/trojan horse blocked/malicious url blocked, so on and so forth.

    I have done a MalwareBytes scan, and it has detected that svchost.exe is the Trojan at work. I will provide a log of the mbam log that was completed roughly 20 minutes ago.

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.12.01

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Mike :: MIKE-PC [administrator]

    Protection: Enabled

    8/12/2012 9:17:19 AM
    mbam-log-2012-08-12 (09-46-09).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 290235
    Time elapsed: 21 minute(s), 48 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 3452 -> No action taken.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

    (end)
    I have some computer experience, and I have gone to the last resort of backing up uninfected personal files to an external storage, and wiping the hard drive and formatting it. After the format and reinstall of anti virus programs and such, it is still showing that the trojan is there.
    If you require additional logs from Avast! or from another source, please let me know.
     
  2. mGreen

    mGreen TS Rookie Topic Starter Posts: 18

    I have forgotten the gmer log and and the DDS logs, I will list them in order below.

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-08-12 10:23:01
    Windows 6.1.7600
    Running: 4x4mq1zr.exe


    ---- Files - GMER 1.0.15 ----

    File C:\Windows\Temp\TMP0000001851B87BA4BCABEB66 524288 bytes

    ---- EOF - GMER 1.0.15 ----

    DDS.txt
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Mike at 10:23:58 on 2012-08-12
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6143.4301 [GMT -4:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\Dwm.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    -netsvcs
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\wuauclt.exe
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mWinlogon: Userinit=userinit.exe,
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
    TCP: Interfaces\{25679FFA-D803-444A-BB00-D39C9704C05B} : DhcpNameServer = 192.168.1.1 71.243.0.12
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Support.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO-X64: Ask Toolbar BHO - No File
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB-X64: Support.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-8-12 44808]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-12 655944]
    R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
    R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
    R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-12 136176]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-12 250056]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-12 136176]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-08-12 13:52:0020480----a-w-C:\Windows\svchost.exe
    2012-08-12 13:17:08--------d-----w-C:\Users\Mike\AppData\Roaming\Malwarebytes
    2012-08-12 13:16:28--------d-----w-C:\Users\Mike\AppData\Local\Google
    2012-08-12 06:20:05--------d-----w-C:\Windows\Panther
    2012-08-12 05:18:59--------d-----w-C:\ProgramData\Malwarebytes
    2012-08-12 05:18:5824904----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-08-12 05:18:58--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-08-12 04:44:2470344----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-12 04:44:24426184----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-08-12 04:26:36--------d-----w-C:\Program Files (x86)\Ask.com
    2012-08-12 04:26:36--------d-----w-C:\Program Files (x86)\ARO 2012
    2012-08-12 04:25:4954072----a-w-C:\Windows\System32\drivers\aswRdr2.sys
    2012-08-12 04:25:47958400----a-w-C:\Windows\System32\drivers\aswSnx.sys
    2012-08-12 04:25:4571064----a-w-C:\Windows\System32\drivers\aswMonFlt.sys
    2012-08-12 04:11:26230400----a-w-C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
    2012-08-12 04:05:21--------d-----w-C:\Windows\SysWow64\Wat
    2012-08-12 04:05:21--------d-----w-C:\Windows\System32\Wat
    2012-08-12 03:58:47--------d-----w-C:\ProgramData\NVIDIA Corporation
    2012-08-12 03:58:45--------d-----w-C:\Program Files\NVIDIA Corporation
    2012-08-12 03:58:45--------d-----w-C:\Program Files (x86)\NVIDIA Corporation
    2012-08-12 03:57:49367104----a-w-C:\Windows\System32\wcncsvc.dll
    2012-08-12 03:57:49276992----a-w-C:\Windows\SysWow64\wcncsvc.dll
    2012-08-12 03:54:253147264----a-w-C:\Windows\System32\win32k.sys
    2012-08-12 03:11:11--------d-sh--w-C:\Windows\Installer
    2012-08-12 03:11:0141224----a-w-C:\Windows\avastSS.scr
    2012-08-12 03:10:49--------d-----w-C:\ProgramData\AVAST Software
    2012-08-12 03:10:49--------d-----w-C:\Program Files\AVAST Software
    2012-08-12 03:08:34311808----a-w-C:\Windows\System32\msv1_0.dll
    2012-08-12 03:08:34257024----a-w-C:\Windows\SysWow64\msv1_0.dll
    2012-08-12 02:59:4114336----a-w-C:\Windows\System32\drivers\sffp_sd.sys
    2012-08-12 02:55:5199176----a-w-C:\Windows\SysWow64\PresentationHostProxy.dll
    2012-08-12 02:55:5149472----a-w-C:\Windows\SysWow64\netfxperf.dll
    2012-08-12 02:55:5148960----a-w-C:\Windows\System32\netfxperf.dll
    2012-08-12 02:55:51444752----a-w-C:\Windows\System32\mscoree.dll
    2012-08-12 02:55:51320352----a-w-C:\Windows\System32\PresentationHost.exe
    2012-08-12 02:55:51297808----a-w-C:\Windows\SysWow64\mscoree.dll
    2012-08-12 02:55:51295264----a-w-C:\Windows\SysWow64\PresentationHost.exe
    2012-08-12 02:55:511942856----a-w-C:\Windows\System32\dfshim.dll
    2012-08-12 02:55:511130824----a-w-C:\Windows\SysWow64\dfshim.dll
    2012-08-12 02:55:51109912----a-w-C:\Windows\System32\PresentationHostProxy.dll
    2012-08-12 02:46:2980896----a-w-C:\Windows\System32\imagehlp.dll
    2012-08-12 02:46:295120----a-w-C:\Windows\SysWow64\wmi.dll
    2012-08-12 02:46:295120----a-w-C:\Windows\System32\wmi.dll
    2012-08-12 02:46:2922896----a-w-C:\Windows\System32\drivers\fs_rec.sys
    2012-08-12 02:46:29220672----a-w-C:\Windows\System32\wintrust.dll
    2012-08-12 02:46:29172544----a-w-C:\Windows\SysWow64\wintrust.dll
    2012-08-12 02:46:29158720----a-w-C:\Windows\SysWow64\imagehlp.dll
    2012-08-12 02:44:41243712----a-w-C:\Windows\System32\drivers\ks.sys
    2012-08-12 02:44:41184832----a-w-C:\Windows\System32\drivers\usbvideo.sys
    2012-08-12 02:41:59182272----a-w-C:\Windows\System32\cryptsvc.dll
    2012-08-12 02:40:34139264----a-w-C:\Windows\System32\cabview.dll
    2012-08-12 02:40:34132608----a-w-C:\Windows\SysWow64\cabview.dll
    2012-08-12 02:33:079728----a-w-C:\Windows\SysWow64\sscore.dll
    2012-08-12 02:33:0777312----a-w-C:\Windows\System32\packager.dll
    2012-08-12 02:33:0767072----a-w-C:\Windows\SysWow64\packager.dll
    2012-08-12 02:33:07236032----a-w-C:\Windows\System32\srvsvc.dll
    2012-08-12 02:32:58826368----a-w-C:\Windows\SysWow64\rdpcore.dll
    2012-08-12 02:32:5823552----a-w-C:\Windows\System32\drivers\tdtcp.sys
    2012-08-12 02:32:581031680----a-w-C:\Windows\System32\rdpcore.dll
    2012-08-12 02:30:45--------d-----w-C:\Users\Mike\AppData\Local\Microsoft Games
    2012-08-12 02:29:012622464----a-w-C:\Windows\System32\wucltux.dll
    2012-08-12 02:28:5699840----a-w-C:\Windows\System32\wudriver.dll
    2012-08-12 02:28:0736864----a-w-C:\Windows\System32\wuapp.exe
    2012-08-12 02:28:07186752----a-w-C:\Windows\System32\wuwebv.dll
    .
    ==================== Find3M ====================
    .
    2012-06-06 05:50:502003968----a-w-C:\Windows\System32\msxml6.dll
    2012-06-06 05:50:501880064----a-w-C:\Windows\System32\msxml3.dll
    2012-06-06 05:09:461389568----a-w-C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:09:461236992----a-w-C:\Windows\SysWow64\msxml3.dll
    2012-06-02 05:38:2695088----a-w-C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:38:24152432----a-w-C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:37:45459216----a-w-C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:27:02340992----a-w-C:\Windows\System32\schannel.dll
    2012-06-02 05:27:00307200----a-w-C:\Windows\System32\ncrypt.dll
    2012-06-02 04:48:3922016----a-w-C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:48:35225280----a-w-C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:47:31219136----a-w-C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:42:5196768----a-w-C:\Windows\SysWow64\sspicli.dll
    2012-05-31 16:25:12279656------w-C:\Windows\System32\MpSigStub.exe
    .
    ============= FINISH: 10:24:25.40 ===============
    Attach.txt
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/11/2012 10:27:42 PM
    System Uptime: 8/12/2012 10:04:43 AM (0 hours ago)
    .
    Motherboard: ASRock | | 880GXH/USB3
    Processor: AMD Phenom(tm) II X2 555 Processor | CPUSocket | 3200/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 931 GiB total, 902.174 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Universal Serial Bus (USB) Controller
    Device ID: PCI\VEN_1B73&DEV_1000&SUBSYS_10001D5C&REV_01\4&18F1871F&0&0030
    Manufacturer:
    Name: Universal Serial Bus (USB) Controller
    PNP Device ID: PCI\VEN_1B73&DEV_1000&SUBSYS_10001D5C&REV_01\4&18F1871F&0&0030
    Service:
    .
    ==== System Restore Points ===================
    .
    RP1: 8/11/2012 10:27:53 PM - Windows Update
    RP2: 8/11/2012 10:42:58 PM - Windows Update
    RP3: 8/11/2012 10:44:05 PM - Windows Update
    RP4: 8/12/2012 12:24:35 AM - avast! Free Antivirus Setup
    RP5: 8/12/2012 12:26:29 AM - ARO 2012 - Before Installation
    RP6: 8/12/2012 12:26:57 AM - ARO 2012 - FIRST RUN
    RP7: 8/12/2012 12:33:33 AM - ARO 2012 Sun, Aug 12, 12 00:33
    RP8: 8/12/2012 1:25:15 AM - ARO 2012- Before One Click
    RP9: 8/12/2012 2:10:14 AM - Windows Update
    RP10: 8/12/2012 9:34:25 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 ActiveX
    Ask Toolbar
    avast! Free Antivirus
    Google Chrome
    Google Update Helper
    Malwarebytes Anti-Malware version 1.62.0.1300
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Support.com Toolbar Updater
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/12/2012 9:55:22 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer JUDY-HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{25679FFA-D803-444A-BB00-D39C9704C05B}. The master browser is stopping or an election is being forced.
    8/12/2012 12:10:18 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2703157).
    8/12/2012 12:10:18 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845).
    8/12/2012 12:10:18 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2544521).
    8/12/2012 12:07:58 AM, Error: Service Control Manager [7023] -
    8/12/2012 12:06:08 AM, Error: Service Control Manager [7034] - The UMVPFSrv service terminated unexpectedly. It has done this 1 time(s).
    8/12/2012 10:05:22 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002fb1fea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081212-36828-01.
    8/11/2012 10:59:15 PM, Error: Service Control Manager [7000] - The Infrared monitor service service failed to start due to the following error: A required privilege is not held by the client.
    .
    ==== End Of File ===========================
     
  3. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  4. mGreen

    mGreen TS Rookie Topic Starter Posts: 18

    Hello Broni, thank you for taking the time to respond. I have the scan from TDSSKiller completed, and the log is ready.
     
  5. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    Please observe forum rules:
     
  6. mGreen

    mGreen TS Rookie Topic Starter Posts: 18

    12:07:43.0298 2008TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    12:07:43.0695 2008============================================================
    12:07:43.0695 2008Current date / time: 2012/08/12 12:07:43.0695
    12:07:43.0695 2008SystemInfo:
    12:07:43.0695 2008
    12:07:43.0695 2008OS Version: 6.1.7600 ServicePack: 0.0
    12:07:43.0695 2008Product type: Workstation
    12:07:43.0695 2008ComputerName: MIKE-PC
    12:07:43.0696 2008UserName: Mike
    12:07:43.0696 2008Windows directory: C:\Windows
    12:07:43.0696 2008System windows directory: C:\Windows
    12:07:43.0696 2008Running under WOW64
    12:07:43.0696 2008Processor architecture: Intel x64
    12:07:43.0696 2008Number of processors: 2
    12:07:43.0696 2008Page size: 0x1000
    12:07:43.0696 2008Boot type: Normal boot
    12:07:43.0696 2008============================================================
    12:07:44.0522 2008Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    12:07:44.0549 2008============================================================
    12:07:44.0549 2008\Device\Harddisk0\DR0:
    12:07:44.0549 2008MBR partitions:
    12:07:44.0549 2008\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    12:07:44.0549 2008\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
    12:07:44.0549 2008============================================================
    12:07:44.0586 2008C: <-> \Device\Harddisk0\DR0\Partition1
    12:07:44.0586 2008============================================================
    12:07:44.0586 2008Initialize success
    12:07:44.0586 2008============================================================
    12:08:16.0367 3600============================================================
    12:08:16.0368 3600Scan started
    12:08:16.0368 3600Mode: Manual;
    12:08:16.0368 3600============================================================
    12:08:16.0820 36001394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    12:08:16.0826 36001394ohci - ok
    12:08:16.0848 3600ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    12:08:16.0852 3600ACPI - ok
    12:08:16.0864 3600AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    12:08:16.0865 3600AcpiPmi - ok
    12:08:17.0041 3600AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    12:08:17.0046 3600AdobeFlashPlayerUpdateSvc - ok
    12:08:17.0088 3600adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    12:08:17.0099 3600adp94xx - ok
    12:08:17.0113 3600adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    12:08:17.0117 3600adpahci - ok
    12:08:17.0133 3600adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    12:08:17.0136 3600adpu320 - ok
    12:08:17.0156 3600AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    12:08:17.0158 3600AeLookupSvc - ok
    12:08:17.0204 3600AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
    12:08:17.0219 3600AFD - ok
    12:08:17.0234 3600agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    12:08:17.0236 3600agp440 - ok
    12:08:17.0250 3600ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    12:08:17.0251 3600ALG - ok
    12:08:17.0260 3600aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    12:08:17.0261 3600aliide - ok
    12:08:17.0264 3600amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    12:08:17.0265 3600amdide - ok
    12:08:17.0270 3600AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    12:08:17.0272 3600AmdK8 - ok
    12:08:17.0276 3600AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    12:08:17.0277 3600AmdPPM - ok
    12:08:17.0296 3600amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
    12:08:17.0298 3600amdsata - ok
    12:08:17.0308 3600amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    12:08:17.0311 3600amdsbs - ok
    12:08:17.0315 3600amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
    12:08:17.0316 3600amdxata - ok
    12:08:17.0331 3600AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    12:08:17.0332 3600AppID - ok
    12:08:17.0342 3600AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    12:08:17.0343 3600AppIDSvc - ok
    12:08:17.0353 3600Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
    12:08:17.0354 3600Appinfo - ok
    12:08:17.0361 3600arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    12:08:17.0363 3600arc - ok
    12:08:17.0380 3600arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    12:08:17.0382 3600arcsas - ok
    12:08:17.0399 3600aswFsBlk (df59b8e8df0bd2e0e303778a3806a17d) C:\Windows\system32\drivers\aswFsBlk.sys
    12:08:17.0400 3600aswFsBlk - ok
    12:08:17.0423 3600aswMonFlt (f8e6ab4f876feff69250f2e0c29ef004) C:\Windows\system32\drivers\aswMonFlt.sys
    12:08:17.0424 3600aswMonFlt - ok
    12:08:17.0434 3600aswRdr (aa92bc4bcba40ca3aa3ffd1be24f0c09) C:\Windows\System32\Drivers\aswrdr2.sys
    12:08:17.0435 3600aswRdr - ok
    12:08:17.0480 3600aswSnx (f06e230e1e8ca9437a6474b7b551cd37) C:\Windows\system32\drivers\aswSnx.sys
    12:08:17.0485 3600aswSnx - ok
    12:08:17.0506 3600aswSP (3610ca74a69e380424f0452dec5c1317) C:\Windows\system32\drivers\aswSP.sys
    12:08:17.0508 3600aswSP - ok
    12:08:17.0522 3600aswTdi (87de3e31cb0091d22351349869324065) C:\Windows\system32\drivers\aswTdi.sys
    12:08:17.0523 3600aswTdi - ok
    12:08:17.0526 3600AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    12:08:17.0527 3600AsyncMac - ok
    12:08:17.0529 3600atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    12:08:17.0530 3600atapi - ok
    12:08:17.0562 3600AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    12:08:17.0575 3600AudioEndpointBuilder - ok
    12:08:17.0580 3600AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    12:08:17.0583 3600AudioSrv - ok
    12:08:17.0684 3600avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    12:08:17.0686 3600avast! Antivirus - ok
    12:08:17.0720 3600AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
    12:08:17.0724 3600AxInstSV - ok
    12:08:17.0761 3600b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    12:08:17.0771 3600b06bdrv - ok
    12:08:17.0784 3600b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    12:08:17.0787 3600b57nd60a - ok
    12:08:17.0805 3600BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    12:08:17.0807 3600BDESVC - ok
    12:08:17.0830 3600Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    12:08:17.0831 3600Beep - ok
    12:08:17.0873 3600BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
    12:08:17.0880 3600BFE - ok
    12:08:17.0927 3600BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
    12:08:17.0946 3600BITS - ok
    12:08:18.0023 3600blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    12:08:18.0025 3600blbdrive - ok
    12:08:18.0051 3600bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
    12:08:18.0053 3600bowser - ok
    12:08:18.0056 3600BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    12:08:18.0057 3600BrFiltLo - ok
    12:08:18.0067 3600BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    12:08:18.0068 3600BrFiltUp - ok
    12:08:18.0081 3600Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
    12:08:18.0083 3600Browser - ok
    12:08:18.0102 3600Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    12:08:18.0106 3600Brserid - ok
    12:08:18.0112 3600BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    12:08:18.0113 3600BrSerWdm - ok
    12:08:18.0117 3600BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    12:08:18.0118 3600BrUsbMdm - ok
    12:08:18.0121 3600BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    12:08:18.0122 3600BrUsbSer - ok
    12:08:18.0126 3600BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    12:08:18.0127 3600BTHMODEM - ok
    12:08:18.0135 3600bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    12:08:18.0137 3600bthserv - ok
    12:08:18.0142 3600cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    12:08:18.0143 3600cdfs - ok
    12:08:18.0149 3600cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    12:08:18.0151 3600cdrom - ok
    12:08:18.0163 3600CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    12:08:18.0164 3600CertPropSvc - ok
    12:08:18.0166 3600circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    12:08:18.0167 3600circlass - ok
    12:08:18.0190 3600CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    12:08:18.0193 3600CLFS - ok
    12:08:18.0282 3600clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    12:08:18.0286 3600clr_optimization_v2.0.50727_32 - ok
    12:08:18.0367 3600clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    12:08:18.0371 3600clr_optimization_v2.0.50727_64 - ok
    12:08:18.0514 3600clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    12:08:18.0519 3600clr_optimization_v4.0.30319_32 - ok
    12:08:18.0622 3600clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    12:08:18.0625 3600clr_optimization_v4.0.30319_64 - ok
    12:08:18.0635 3600CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    12:08:18.0637 3600CmBatt - ok
    12:08:18.0644 3600cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    12:08:18.0647 3600cmdide - ok
    12:08:18.0686 3600CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
    12:08:18.0692 3600CNG - ok
    12:08:18.0695 3600Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    12:08:18.0696 3600Compbatt - ok
    12:08:18.0701 3600CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    12:08:18.0702 3600CompositeBus - ok
    12:08:18.0714 3600COMSysApp - ok
    12:08:18.0728 3600crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    12:08:18.0729 3600crcdisk - ok
    12:08:18.0760 3600CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
    12:08:18.0763 3600CryptSvc - ok
    12:08:18.0797 3600DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    12:08:18.0805 3600DcomLaunch - ok
    12:08:18.0825 3600defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    12:08:18.0830 3600defragsvc - ok
    12:08:18.0854 3600DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
    12:08:18.0856 3600DfsC - ok
    12:08:18.0880 3600Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
    12:08:18.0884 3600Dhcp - ok
    12:08:18.0889 3600discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    12:08:18.0890 3600discache - ok
    12:08:18.0895 3600Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    12:08:18.0897 3600Disk - ok
    12:08:18.0915 3600Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
    12:08:18.0917 3600Dnscache - ok
    12:08:18.0937 3600dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
    12:08:18.0941 3600dot3svc - ok
    12:08:18.0950 3600DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
    12:08:18.0954 3600DPS - ok
    12:08:18.0977 3600drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    12:08:18.0978 3600drmkaud - ok
    12:08:19.0028 3600DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
    12:08:19.0034 3600DXGKrnl - ok
    12:08:19.0054 3600EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    12:08:19.0056 3600EapHost - ok
    12:08:19.0182 3600ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    12:08:19.0229 3600ebdrv - ok
    12:08:19.0413 3600EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
    12:08:19.0418 3600EFS - ok
    12:08:19.0507 3600ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
    12:08:19.0526 3600ehRecvr - ok
    12:08:19.0553 3600ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    12:08:19.0557 3600ehSched - ok
    12:08:19.0667 3600elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    12:08:19.0691 3600elxstor - ok
    12:08:19.0698 3600ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    12:08:19.0699 3600ErrDev - ok
    12:08:19.0725 3600EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    12:08:19.0728 3600EventSystem - ok
    12:08:19.0749 3600exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    12:08:19.0751 3600exfat - ok
    12:08:19.0760 3600fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    12:08:19.0763 3600fastfat - ok
    12:08:19.0799 3600Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
    12:08:19.0805 3600Fax - ok
    12:08:19.0809 3600fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    12:08:19.0810 3600fdc - ok
    12:08:19.0822 3600fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    12:08:19.0823 3600fdPHost - ok
    12:08:19.0827 3600FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    12:08:19.0829 3600FDResPub - ok
    12:08:19.0833 3600FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    12:08:19.0834 3600FileInfo - ok
    12:08:19.0838 3600Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    12:08:19.0839 3600Filetrace - ok
    12:08:19.0843 3600flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    12:08:19.0844 3600flpydisk - ok
    12:08:19.0856 3600FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    12:08:19.0859 3600FltMgr - ok
    12:08:19.0922 3600FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
    12:08:19.0935 3600FontCache - ok
    12:08:19.0972 3600FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    12:08:19.0975 3600FontCache3.0.0.0 - ok
    12:08:19.0987 3600FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    12:08:19.0991 3600FsDepends - ok
    12:08:20.0011 3600Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
    12:08:20.0012 3600Fs_Rec - ok
    12:08:20.0040 3600fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    12:08:20.0042 3600fvevol - ok
    12:08:20.0058 3600gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    12:08:20.0059 3600gagp30kx - ok
    12:08:20.0104 3600gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
    12:08:20.0114 3600gpsvc - ok
    12:08:20.0168 3600gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    12:08:20.0172 3600gupdate - ok
    12:08:20.0180 3600gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    12:08:20.0183 3600gupdatem - ok
    12:08:20.0203 3600hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    12:08:20.0206 3600hcw85cir - ok
    12:08:20.0243 3600HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    12:08:20.0247 3600HdAudAddService - ok
    12:08:20.0254 3600HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    12:08:20.0255 3600HDAudBus - ok
    12:08:20.0259 3600HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    12:08:20.0260 3600HidBatt - ok
    12:08:20.0266 3600HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    12:08:20.0268 3600HidBth - ok
    12:08:20.0277 3600HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    12:08:20.0279 3600HidIr - ok
    12:08:20.0286 3600hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    12:08:20.0288 3600hidserv - ok
    12:08:20.0299 3600HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    12:08:20.0300 3600HidUsb - ok
    12:08:20.0330 3600hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
    12:08:20.0333 3600hkmsvc - ok
    12:08:20.0353 3600HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
    12:08:20.0358 3600HomeGroupListener - ok
    12:08:20.0372 3600HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
    12:08:20.0375 3600HomeGroupProvider - ok
    12:08:20.0382 3600HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    12:08:20.0383 3600HpSAMD - ok
    12:08:20.0416 3600HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    12:08:20.0427 3600HTTP - ok
    12:08:20.0430 3600hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    12:08:20.0430 3600hwpolicy - ok
    12:08:20.0436 3600i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    12:08:20.0437 3600i8042prt - ok
     
  7. mGreen

    mGreen TS Rookie Topic Starter Posts: 18

    12:08:20.0473 3600iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
    12:08:20.0486 3600iaStorV - ok
    12:08:20.0541 3600idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    12:08:20.0554 3600idsvc - ok
    12:08:20.0561 3600iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    12:08:20.0563 3600iirsp - ok
    12:08:20.0599 3600IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
    12:08:20.0610 3600IKEEXT - ok
    12:08:20.0615 3600intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    12:08:20.0616 3600intelide - ok
    12:08:20.0623 3600intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    12:08:20.0624 3600intelppm - ok
    12:08:20.0631 3600IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    12:08:20.0633 3600IPBusEnum - ok
    12:08:20.0638 3600IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    12:08:20.0639 3600IpFilterDriver - ok
    12:08:20.0667 3600iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
    12:08:20.0673 3600iphlpsvc - ok
    12:08:20.0678 3600IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    12:08:20.0679 3600IPMIDRV - ok
    12:08:20.0685 3600IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    12:08:20.0687 3600IPNAT - ok
    12:08:20.0706 3600irda (05360b1ea5a2abf620d1d96ebd8bd8f1) C:\Windows\system32\DRIVERS\irda.sys
    12:08:20.0708 3600irda - ok
    12:08:20.0709 3600IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    12:08:20.0710 3600IRENUM - ok
    12:08:20.0732 3600Irmon (3848384ab383f0a8f506c4370635c1f9) C:\Windows\System32\irmon.dll
    12:08:20.0733 3600Irmon - ok
    12:08:20.0788 3600irsir (d2ca12736624ba636f8357dc3ef0757e) C:\Windows\system32\DRIVERS\irsir.sys
    12:08:20.0820 3600irsir - ok
    12:08:20.0869 3600isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    12:08:20.0881 3600isapnp - ok
    12:08:20.0905 3600iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    12:08:20.0912 3600iScsiPrt - ok
    12:08:20.0925 3600kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    12:08:20.0927 3600kbdclass - ok
    12:08:20.0935 3600kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    12:08:20.0937 3600kbdhid - ok
    12:08:20.0955 3600KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    12:08:20.0958 3600KeyIso - ok
    12:08:20.0966 3600KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
    12:08:20.0967 3600KSecDD - ok
    12:08:20.0979 3600KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
    12:08:20.0981 3600KSecPkg - ok
    12:08:20.0985 3600ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    12:08:20.0986 3600ksthunk - ok
    12:08:21.0008 3600KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    12:08:21.0014 3600KtmRm - ok
    12:08:21.0047 3600LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
    12:08:21.0066 3600LanmanServer - ok
    12:08:21.0097 3600LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
    12:08:21.0109 3600LanmanWorkstation - ok
    12:08:21.0131 3600lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    12:08:21.0134 3600lltdio - ok
    12:08:21.0149 3600lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    12:08:21.0154 3600lltdsvc - ok
    12:08:21.0159 3600lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    12:08:21.0161 3600lmhosts - ok
    12:08:21.0168 3600LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    12:08:21.0170 3600LSI_FC - ok
    12:08:21.0175 3600LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    12:08:21.0177 3600LSI_SAS - ok
    12:08:21.0181 3600LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    12:08:21.0182 3600LSI_SAS2 - ok
    12:08:21.0188 3600LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    12:08:21.0189 3600LSI_SCSI - ok
    12:08:21.0195 3600luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    12:08:21.0197 3600luafv - ok
    12:08:21.0242 3600LVRS64 (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
    12:08:21.0248 3600LVRS64 - ok
    12:08:21.0498 3600LVUVC64 (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
    12:08:21.0518 3600LVUVC64 - ok
    12:08:21.0787 3600MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
    12:08:21.0790 3600MBAMProtector - ok
    12:08:21.0870 3600MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    12:08:21.0880 3600MBAMService - ok
    12:08:21.0914 3600Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
    12:08:21.0917 3600Mcx2Svc - ok
    12:08:21.0925 3600megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    12:08:21.0929 3600megasas - ok
    12:08:21.0957 3600MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    12:08:21.0960 3600MegaSR - ok
    12:08:21.0974 3600MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    12:08:21.0977 3600MMCSS - ok
    12:08:21.0982 3600Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    12:08:21.0983 3600Modem - ok
    12:08:22.0001 3600monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    12:08:22.0001 3600monitor - ok
    12:08:22.0006 3600mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    12:08:22.0007 3600mouclass - ok
    12:08:22.0010 3600mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    12:08:22.0011 3600mouhid - ok
    12:08:22.0018 3600mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    12:08:22.0020 3600mountmgr - ok
    12:08:22.0028 3600mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    12:08:22.0030 3600mpio - ok
    12:08:22.0036 3600mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    12:08:22.0037 3600mpsdrv - ok
    12:08:22.0079 3600MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
    12:08:22.0090 3600MpsSvc - ok
    12:08:22.0105 3600MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    12:08:22.0106 3600MRxDAV - ok
    12:08:22.0125 3600mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    12:08:22.0127 3600mrxsmb - ok
    12:08:22.0150 3600mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    12:08:22.0153 3600mrxsmb10 - ok
    12:08:22.0170 3600mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    12:08:22.0171 3600mrxsmb20 - ok
    12:08:22.0175 3600msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    12:08:22.0176 3600msahci - ok
    12:08:22.0182 3600msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    12:08:22.0184 3600msdsm - ok
    12:08:22.0197 3600MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    12:08:22.0200 3600MSDTC - ok
    12:08:22.0216 3600Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    12:08:22.0217 3600Msfs - ok
    12:08:22.0219 3600mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    12:08:22.0220 3600mshidkmdf - ok
    12:08:22.0223 3600msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    12:08:22.0223 3600msisadrv - ok
    12:08:22.0239 3600MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    12:08:22.0241 3600MSiSCSI - ok
    12:08:22.0243 3600msiserver - ok
    12:08:22.0255 3600MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    12:08:22.0256 3600MSKSSRV - ok
    12:08:22.0258 3600MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    12:08:22.0259 3600MSPCLOCK - ok
    12:08:22.0262 3600MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    12:08:22.0263 3600MSPQM - ok
    12:08:22.0277 3600MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    12:08:22.0281 3600MsRPC - ok
    12:08:22.0285 3600mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    12:08:22.0286 3600mssmbios - ok
    12:08:22.0289 3600MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    12:08:22.0289 3600MSTEE - ok
    12:08:22.0291 3600MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    12:08:22.0292 3600MTConfig - ok
    12:08:22.0302 3600Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    12:08:22.0303 3600Mup - ok
    12:08:22.0330 3600napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
    12:08:22.0340 3600napagent - ok
    12:08:22.0364 3600NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    12:08:22.0367 3600NativeWifiP - ok
    12:08:22.0414 3600NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    12:08:22.0422 3600NDIS - ok
    12:08:22.0426 3600NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    12:08:22.0427 3600NdisCap - ok
    12:08:22.0437 3600NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    12:08:22.0437 3600NdisTapi - ok
    12:08:22.0442 3600Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    12:08:22.0443 3600Ndisuio - ok
    12:08:22.0450 3600NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    12:08:22.0452 3600NdisWan - ok
    12:08:22.0455 3600NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    12:08:22.0457 3600NDProxy - ok
    12:08:22.0459 3600NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    12:08:22.0460 3600NetBIOS - ok
    12:08:22.0470 3600NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    12:08:22.0473 3600NetBT - ok
    12:08:22.0487 3600Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    12:08:22.0489 3600Netlogon - ok
    12:08:22.0515 3600Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    12:08:22.0520 3600Netman - ok
    12:08:22.0537 3600netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    12:08:22.0540 3600netprofm - ok
    12:08:22.0607 3600NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    12:08:22.0611 3600NetTcpPortSharing - ok
    12:08:22.0621 3600nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    12:08:22.0624 3600nfrd960 - ok
    12:08:22.0654 3600NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
    12:08:22.0659 3600NlaSvc - ok
    12:08:22.0664 3600Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    12:08:22.0665 3600Npfs - ok
    12:08:22.0676 3600nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    12:08:22.0679 3600nsi - ok
    12:08:22.0682 3600nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    12:08:22.0683 3600nsiproxy - ok
    12:08:22.0763 3600Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
    12:08:22.0789 3600Ntfs - ok
    12:08:23.0029 3600Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    12:08:23.0032 3600Null - ok
    12:08:23.0516 3600nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    12:08:23.0578 3600nvlddmkm - ok
    12:08:23.0631 3600nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
    12:08:23.0634 3600nvraid - ok
    12:08:23.0648 3600nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
    12:08:23.0650 3600nvstor - ok
    12:08:23.0664 3600nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    12:08:23.0666 3600nv_agp - ok
    12:08:23.0670 3600ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    12:08:23.0672 3600ohci1394 - ok
    12:08:23.0694 3600p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    12:08:23.0698 3600p2pimsvc - ok
    12:08:23.0722 3600p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    12:08:23.0734 3600p2psvc - ok
    12:08:23.0773 3600Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    12:08:23.0775 3600Parport - ok
    12:08:23.0810 3600partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
    12:08:23.0814 3600partmgr - ok
    12:08:23.0831 3600PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    12:08:23.0839 3600PcaSvc - ok
    12:08:23.0848 3600pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    12:08:23.0852 3600pci - ok
    12:08:23.0855 3600pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    12:08:23.0856 3600pciide - ok
    12:08:23.0867 3600pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    12:08:23.0871 3600pcmcia - ok
    12:08:23.0884 3600pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    12:08:23.0886 3600pcw - ok
    12:08:23.0915 3600PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    12:08:23.0920 3600PEAUTH - ok
    12:08:24.0040 3600PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    12:08:24.0041 3600PerfHost - ok
    12:08:24.0105 3600pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
    12:08:24.0136 3600pla - ok
    12:08:24.0177 3600PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
    12:08:24.0183 3600PlugPlay - ok
    12:08:24.0197 3600PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    12:08:24.0200 3600PNRPAutoReg - ok
    12:08:24.0212 3600PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    12:08:24.0215 3600PNRPsvc - ok
    12:08:24.0248 3600PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
    12:08:24.0257 3600PolicyAgent - ok
    12:08:24.0278 3600Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    12:08:24.0283 3600Power - ok
    12:08:24.0291 3600PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    12:08:24.0292 3600PptpMiniport - ok
    12:08:24.0296 3600Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    12:08:24.0298 3600Processor - ok
    12:08:24.0316 3600ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
    12:08:24.0320 3600ProfSvc - ok
    12:08:24.0337 3600ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    12:08:24.0338 3600ProtectedStorage - ok
    12:08:24.0346 3600Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    12:08:24.0348 3600Psched - ok
    12:08:24.0432 3600ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    12:08:24.0464 3600ql2300 - ok
    12:08:24.0626 3600ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    12:08:24.0630 3600ql40xx - ok
    12:08:24.0670 3600QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    12:08:24.0675 3600QWAVE - ok
    12:08:24.0680 3600QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    12:08:24.0681 3600QWAVEdrv - ok
    12:08:24.0684 3600RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    12:08:24.0685 3600RasAcd - ok
    12:08:24.0700 3600RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    12:08:24.0701 3600RasAgileVpn - ok
    12:08:24.0718 3600RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    12:08:24.0723 3600RasAuto - ok
    12:08:24.0733 3600Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    12:08:24.0735 3600Rasl2tp - ok
    12:08:24.0766 3600RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
    12:08:24.0773 3600RasMan - ok
    12:08:24.0779 3600RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    12:08:24.0781 3600RasPppoe - ok
    12:08:24.0787 3600RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    12:08:24.0789 3600RasSstp - ok
    12:08:24.0806 3600rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    12:08:24.0809 3600rdbss - ok
    12:08:24.0812 3600rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    12:08:24.0813 3600rdpbus - ok
    12:08:24.0817 3600RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    12:08:24.0818 3600RDPCDD - ok
    12:08:24.0827 3600RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    12:08:24.0828 3600RDPENCDD - ok
    12:08:24.0832 3600RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    12:08:24.0833 3600RDPREFMP - ok
    12:08:24.0850 3600RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
    12:08:24.0853 3600RDPWD - ok
    12:08:24.0863 3600rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    12:08:24.0865 3600rdyboost - ok
    12:08:24.0877 3600RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    12:08:24.0879 3600RemoteAccess - ok
    12:08:24.0892 3600RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    12:08:24.0896 3600RemoteRegistry - ok
    12:08:24.0902 3600RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    12:08:24.0904 3600RpcEptMapper - ok
    12:08:24.0916 3600RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    12:08:24.0916 3600RpcLocator - ok
    12:08:24.0946 3600RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    12:08:24.0950 3600RpcSs - ok
    12:08:24.0963 3600rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    12:08:24.0964 3600rspndr - ok
    12:08:25.0006 3600RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
    12:08:25.0010 3600RTL8167 - ok
    12:08:25.0038 3600SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    12:08:25.0043 3600SamSs - ok
    12:08:25.0057 3600sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    12:08:25.0062 3600sbp2port - ok
    12:08:25.0085 3600SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    12:08:25.0090 3600SCardSvr - ok
    12:08:25.0094 3600scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    12:08:25.0095 3600scfilter - ok
    12:08:25.0160 3600Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
    12:08:25.0174 3600Schedule - ok
    12:08:25.0196 3600SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    12:08:25.0197 3600SCPolicySvc - ok
    12:08:25.0214 3600SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
    12:08:25.0219 3600SDRSVC - ok
    12:08:25.0230 3600secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    12:08:25.0231 3600secdrv - ok
    12:08:25.0247 3600seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
    12:08:25.0250 3600seclogon - ok
    12:08:25.0259 3600SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    12:08:25.0262 3600SENS - ok
    12:08:25.0270 3600SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    12:08:25.0274 3600SensrSvc - ok
    12:08:25.0277 3600Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    12:08:25.0278 3600Serenum - ok
    12:08:25.0288 3600Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    12:08:25.0290 3600Serial - ok
    12:08:25.0291 3600sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    12:08:25.0292 3600sermouse - ok
    12:08:25.0302 3600SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
    12:08:25.0305 3600SessionEnv - ok
    12:08:25.0323 3600sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    12:08:25.0324 3600sffdisk - ok
    12:08:25.0331 3600sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    12:08:25.0333 3600sffp_mmc - ok
    12:08:25.0341 3600sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
    12:08:25.0342 3600sffp_sd - ok
    12:08:25.0344 3600sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    12:08:25.0345 3600sfloppy - ok
    12:08:25.0373 3600SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    12:08:25.0376 3600SharedAccess - ok
    12:08:25.0399 3600ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
    12:08:25.0404 3600ShellHWDetection - ok
    12:08:25.0408 3600SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    12:08:25.0409 3600SiSRaid2 - ok
    12:08:25.0422 3600SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    12:08:25.0424 3600SiSRaid4 - ok
    12:08:25.0429 3600Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    12:08:25.0431 3600Smb - ok
    12:08:25.0448 3600SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    12:08:25.0450 3600SNMPTRAP - ok
    12:08:25.0457 3600spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    12:08:25.0458 3600spldr - ok
    12:08:25.0494 3600Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
    12:08:25.0503 3600Spooler - ok
    12:08:25.0624 3600sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
    12:08:25.0676 3600sppsvc - ok
    12:08:25.0835 3600sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    12:08:25.0846 3600sppuinotify - ok
    12:08:26.0006 3600srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
    12:08:26.0017 3600srv - ok
    12:08:26.0053 3600srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
    12:08:26.0058 3600srv2 - ok
    12:08:26.0079 3600srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
    12:08:26.0081 3600srvnet - ok
    12:08:26.0109 3600SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    12:08:26.0114 3600SSDPSRV - ok
    12:08:26.0120 3600SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    12:08:26.0124 3600SstpSvc - ok
    12:08:26.0131 3600stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    12:08:26.0133 3600stexstor - ok
    12:08:26.0179 3600stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
    12:08:26.0196 3600stisvc - ok
    12:08:26.0199 3600swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    12:08:26.0201 3600swenum - ok
    12:08:26.0228 3600swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    12:08:26.0247 3600swprv - ok
    12:08:26.0322 3600SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
    12:08:26.0351 3600SysMain - ok
    12:08:26.0428 3600TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
    12:08:26.0431 3600TabletInputService - ok
    12:08:26.0451 3600TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
    12:08:26.0456 3600TapiSrv - ok
    12:08:26.0463 3600TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    12:08:26.0467 3600TBS - ok
    12:08:26.0554 3600Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
    12:08:26.0573 3600Tcpip - ok
    12:08:26.0691 3600TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
    12:08:26.0699 3600TCPIP6 - ok
    12:08:26.0731 3600tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    12:08:26.0732 3600tcpipreg - ok
    12:08:26.0736 3600TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    12:08:26.0737 3600TDPIPE - ok
    12:08:26.0750 3600TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
    12:08:26.0750 3600TDTCP - ok
    12:08:26.0758 3600tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    12:08:26.0759 3600tdx - ok
    12:08:26.0765 3600TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    12:08:26.0765 3600TermDD - ok
    12:08:26.0798 3600TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
    12:08:26.0812 3600TermService - ok
    12:08:26.0826 3600Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    12:08:26.0829 3600Themes - ok
    12:08:26.0840 3600THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    12:08:26.0842 3600THREADORDER - ok
    12:08:26.0855 3600TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    12:08:26.0858 3600TrkWks - ok
    12:08:26.0883 3600TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
    12:08:26.0885 3600TrustedInstaller - ok
    12:08:26.0891 3600tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    12:08:26.0892 3600tssecsrv - ok
    12:08:26.0909 3600tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    12:08:26.0911 3600tunnel - ok
    12:08:26.0915 3600uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    12:08:26.0916 3600uagp35 - ok
    12:08:26.0934 3600udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    12:08:26.0937 3600udfs - ok
    12:08:26.0957 3600UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    12:08:26.0959 3600UI0Detect - ok
    12:08:26.0964 3600uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    12:08:26.0965 3600uliagpkx - ok
    12:08:26.0979 3600umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    12:08:26.0980 3600umbus - ok
    12:08:26.0983 3600UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    12:08:26.0984 3600UmPass - ok
    12:08:27.0085 3600UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    12:08:27.0094 3600UMVPFSrv - ok
    12:08:27.0126 3600upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    12:08:27.0141 3600upnphost - ok
    12:08:27.0176 3600usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
    12:08:27.0177 3600usbaudio - ok
    12:08:27.0200 3600usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
    12:08:27.0202 3600usbccgp - ok
    12:08:27.0208 3600usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    12:08:27.0209 3600usbcir - ok
    12:08:27.0224 3600usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
    12:08:27.0225 3600usbehci - ok
    12:08:27.0245 3600usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
    12:08:27.0249 3600usbhub - ok
    12:08:27.0256 3600usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
    12:08:27.0258 3600usbohci - ok
    12:08:27.0278 3600usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    12:08:27.0279 3600usbprint - ok
    12:08:27.0299 3600usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    12:08:27.0300 3600usbscan - ok
    12:08:27.0316 3600USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
    12:08:27.0317 3600USBSTOR - ok
    12:08:27.0321 3600usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
    12:08:27.0322 3600usbuhci - ok
    12:08:27.0350 3600usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
    12:08:27.0352 3600usbvideo - ok
    12:08:27.0364 3600UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    12:08:27.0367 3600UxSms - ok
    12:08:27.0378 3600VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    12:08:27.0380 3600VaultSvc - ok
    12:08:27.0383 3600vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    12:08:27.0384 3600vdrvroot - ok
    12:08:27.0415 3600vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
    12:08:27.0426 3600vds - ok
    12:08:27.0430 3600vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    12:08:27.0431 3600vga - ok
     
  8. mGreen

    mGreen TS Rookie Topic Starter Posts: 18

    12:08:27.0434 3600VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    12:08:27.0435 3600VgaSave - ok
    12:08:27.0449 3600vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    12:08:27.0452 3600vhdmp - ok
    12:08:27.0455 3600viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    12:08:27.0456 3600viaide - ok
    12:08:27.0459 3600volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    12:08:27.0460 3600volmgr - ok
    12:08:27.0479 3600volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    12:08:27.0483 3600volmgrx - ok
    12:08:27.0494 3600volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    12:08:27.0497 3600volsnap - ok
    12:08:27.0509 3600vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    12:08:27.0512 3600vsmraid - ok
    12:08:27.0575 3600VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
    12:08:27.0616 3600VSS - ok
    12:08:27.0822 3600vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    12:08:27.0825 3600vwifibus - ok
    12:08:27.0872 3600W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    12:08:27.0888 3600W32Time - ok
    12:08:27.0893 3600WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    12:08:27.0895 3600WacomPen - ok
    12:08:27.0910 3600WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    12:08:27.0912 3600WANARP - ok
    12:08:27.0914 3600Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    12:08:27.0915 3600Wanarpv6 - ok
    12:08:28.0022 3600WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    12:08:28.0041 3600WatAdminSvc - ok
    12:08:28.0124 3600wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
    12:08:28.0146 3600wbengine - ok
    12:08:28.0184 3600WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    12:08:28.0188 3600WbioSrvc - ok
    12:08:28.0226 3600wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
    12:08:28.0232 3600wcncsvc - ok
    12:08:28.0235 3600WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    12:08:28.0239 3600WcsPlugInService - ok
    12:08:28.0244 3600Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    12:08:28.0245 3600Wd - ok
    12:08:28.0278 3600Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    12:08:28.0284 3600Wdf01000 - ok
    12:08:28.0289 3600WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    12:08:28.0291 3600WdiServiceHost - ok
    12:08:28.0294 3600WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    12:08:28.0297 3600WdiSystemHost - ok
    12:08:28.0317 3600WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
    12:08:28.0322 3600WebClient - ok
    12:08:28.0344 3600Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    12:08:28.0348 3600Wecsvc - ok
    12:08:28.0358 3600wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    12:08:28.0361 3600wercplsupport - ok
    12:08:28.0371 3600WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    12:08:28.0374 3600WerSvc - ok
    12:08:28.0381 3600WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    12:08:28.0381 3600WfpLwf - ok
    12:08:28.0386 3600WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    12:08:28.0387 3600WIMMount - ok
    12:08:28.0403 3600WinDefend - ok
    12:08:28.0407 3600WinHttpAutoProxySvc - ok
    12:08:28.0476 3600Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    12:08:28.0482 3600Winmgmt - ok
    12:08:28.0581 3600WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
    12:08:28.0615 3600WinRM - ok
    12:08:28.0751 3600Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    12:08:28.0772 3600Wlansvc - ok
    12:08:28.0778 3600WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    12:08:28.0779 3600WmiAcpi - ok
    12:08:28.0800 3600wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    12:08:28.0803 3600wmiApSrv - ok
    12:08:28.0817 3600WMPNetworkSvc - ok
    12:08:28.0829 3600WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    12:08:28.0833 3600WPCSvc - ok
    12:08:28.0841 3600WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
    12:08:28.0846 3600WPDBusEnum - ok
    12:08:28.0850 3600ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    12:08:28.0851 3600ws2ifsl - ok
    12:08:28.0862 3600wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
    12:08:28.0867 3600wscsvc - ok
    12:08:28.0870 3600WSearch - ok
    12:08:29.0018 3600wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
    12:08:29.0041 3600wuauserv - ok
    12:08:29.0073 3600WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    12:08:29.0075 3600WudfPf - ok
    12:08:29.0083 3600WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    12:08:29.0084 3600WUDFRd - ok
    12:08:29.0093 3600wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
    12:08:29.0097 3600wudfsvc - ok
    12:08:29.0112 3600WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    12:08:29.0117 3600WwanSvc - ok
    12:08:29.0141 3600MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    12:08:29.0183 3600\Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    12:08:29.0183 3600\Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    12:08:29.0190 3600Boot (0x1200) (ca7d5678360e1684185bd73a05e7d124) \Device\Harddisk0\DR0\Partition0
    12:08:29.0193 3600\Device\Harddisk0\DR0\Partition0 - ok
    12:08:29.0206 3600Boot (0x1200) (07aa2c00c277faa2491ebca82d7416af) \Device\Harddisk0\DR0\Partition1
    12:08:29.0208 3600\Device\Harddisk0\DR0\Partition1 - ok
    12:08:29.0208 3600============================================================
    12:08:29.0208 3600Scan finished
    12:08:29.0208 3600============================================================
    12:08:29.0217 3440Detected object count: 1
    12:08:29.0217 3440Actual detected object count: 1
    12:08:50.0552 3440\Device\Harddisk0\DR0\# - copied to quarantine
    12:08:50.0552 3440\Device\Harddisk0\DR0 - copied to quarantine
    12:08:50.0578 3440\Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    12:08:52.0361 3440\Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    12:08:52.0367 3440\Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    12:08:52.0432 3440\Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    12:08:52.0468 3440\Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    12:08:52.0479 3440\Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    12:08:52.0495 3440\Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    12:08:52.0496 3440\Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    12:08:52.0497 3440\Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    12:08:52.0499 3440\Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    12:08:52.0511 3440\Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    12:08:52.0557 3440\Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    12:08:52.0629 3440\Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    12:08:52.0630 3440\Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    12:08:52.0677 3440\Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    12:08:52.0749 3440\Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    12:08:52.0750 3440\Device\Harddisk0\DR0 - ok
    12:08:52.0779 3440\Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    12:09:05.0853 3596Deinitialize success
     
  9. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    Good :)

    Re-run MBAM one more time.
     
  10. mGreen

    mGreen TS Rookie Topic Starter Posts: 18

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.12.04

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Mike :: MIKE-PC [administrator]

    Protection: Enabled

    8/12/2012 12:37:14 PM
    mbam-log-2012-08-12 (12-37-14).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 310838
    Time elapsed: 13 minute(s), 4 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    (end)
     
  11. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    Re-run it one more time.
     
     
  12. mGreen

    mGreen TS Rookie Topic Starter Posts: 18

    I apologize for the late reply. Here is the log, it came up clean.

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.12.04

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Mike :: MIKE-PC [administrator]

    Protection: Enabled

    8/12/2012 9:26:13 PM
    mbam-log-2012-08-12 (21-26-13).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 315606
    Time elapsed: 16 minute(s), 25 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  13. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    Excellent!

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    http://download.bleepingcomputer.com/grinler/beta/rkill.exe
    http://download.bleepingcomputer.com/grinler/beta/iExplore.exe

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    Please post BOTH logs, rKill.txt and Combofix.txt.
     
  14. mGreen

    mGreen TS Rookie Topic Starter Posts: 18

    ComboFix 12-08-10.02 - Mike 08/12/2012 21:57:17.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6143.4375 [GMT -4:00]
    Running from: c:\users\Mike\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-13 02:00 . 2012-08-13 02:0069000----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C29F088-B712-4267-BB63-7D4CFB9A9F4E}\offreg.dll
    2012-08-13 02:00 . 2012-08-13 02:00--------d-----w-c:\users\Default\AppData\Local\temp
    2012-08-12 19:06 . 2012-08-12 19:06--------d-----w-c:\windows\en
    2012-08-12 19:05 . 2012-08-12 19:05--------d-----w-c:\program files (x86)\Microsoft SQL Server Compact Edition
    2012-08-12 19:05 . 2012-08-12 19:05--------d-----w-c:\program files\Windows Live
    2012-08-12 19:04 . 2012-08-12 19:04--------d-----w-c:\windows\PCHEALTH
    2012-08-12 19:04 . 2012-08-12 19:05--------d-----w-c:\program files (x86)\Windows Live
    2012-08-12 19:03 . 2010-06-02 08:5577656----a-w-c:\windows\system32\XAPOFX1_5.dll
    2012-08-12 19:03 . 2010-06-02 08:5574072----a-w-c:\windows\SysWow64\XAPOFX1_5.dll
    2012-08-12 19:03 . 2010-06-02 08:55527192----a-w-c:\windows\SysWow64\XAudio2_7.dll
    2012-08-12 19:03 . 2010-06-02 08:55518488----a-w-c:\windows\system32\XAudio2_7.dll
    2012-08-12 19:03 . 2010-05-26 15:412526056----a-w-c:\windows\system32\D3DCompiler_43.dll
    2012-08-12 19:03 . 2010-05-26 15:412106216----a-w-c:\windows\SysWow64\D3DCompiler_43.dll
    2012-08-12 19:03 . 2010-05-26 15:41276832----a-w-c:\windows\system32\d3dx11_43.dll
    2012-08-12 19:03 . 2010-05-26 15:41248672----a-w-c:\windows\SysWow64\d3dx11_43.dll
    2012-08-12 19:02 . 2009-09-04 21:29453456----a-w-c:\windows\SysWow64\d3dx10_42.dll
    2012-08-12 19:02 . 2009-09-04 21:29523088----a-w-c:\windows\system32\d3dx10_42.dll
    2012-08-12 19:01 . 2006-11-29 17:064398360----a-w-c:\windows\system32\d3dx9_32.dll
    2012-08-12 19:01 . 2006-11-29 17:063426072----a-w-c:\windows\SysWow64\d3dx9_32.dll
    2012-08-12 19:01 . 2012-08-12 19:01--------d-----w-c:\program files (x86)\Microsoft SkyDrive
    2012-08-12 19:00 . 2012-08-12 19:00--------d-----w-c:\programdata\Microsoft SkyDrive
    2012-08-12 19:00 . 2010-08-11 05:193860992----a-w-c:\windows\system32\UIRibbon.dll
    2012-08-12 19:00 . 2010-08-11 05:131164800----a-w-c:\windows\system32\UIRibbonRes.dll
    2012-08-12 19:00 . 2010-08-11 04:442983424----a-w-c:\windows\SysWow64\UIRibbon.dll
    2012-08-12 19:00 . 2010-08-11 04:351164800----a-w-c:\windows\SysWow64\UIRibbonRes.dll
    2012-08-12 18:56 . 2012-08-12 18:56--------d-----w-c:\program files (x86)\Common Files\Windows Live
    2012-08-12 16:08 . 2012-08-12 16:08--------d-----w-C:\TDSSKiller_Quarantine
    2012-08-12 06:20 . 2012-08-12 02:27--------d-----w-c:\windows\Panther
    2012-08-12 06:11 . 2012-08-12 06:11--------d-----w-c:\program files (x86)\Microsoft.NET
    2012-08-12 05:18 . 2012-08-12 05:18--------d-----w-c:\programdata\Malwarebytes
    2012-08-12 05:18 . 2012-08-12 05:19--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-12 05:18 . 2012-07-03 17:4624904----a-w-c:\windows\system32\drivers\mbam.sys
    2012-08-12 04:44 . 2012-08-12 05:2870344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-12 04:44 . 2012-08-12 05:28426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-12 04:44 . 2012-08-12 04:44--------d-----w-c:\windows\SysWow64\Macromed
    2012-08-12 04:44 . 2012-08-12 04:44--------d-----w-c:\windows\system32\Macromed
    2012-08-12 04:26 . 2012-08-12 04:27--------d-----w-c:\program files (x86)\Ask.com
    2012-08-12 04:25 . 2012-08-12 04:27--------d-----w-c:\program files (x86)\Google
    2012-08-12 04:25 . 2012-07-03 16:21355856----a-w-c:\windows\system32\drivers\aswSP.sys
    2012-08-12 04:25 . 2012-07-03 16:2125232----a-w-c:\windows\system32\drivers\aswFsBlk.sys
    2012-08-12 04:25 . 2012-07-03 16:2154072----a-w-c:\windows\system32\drivers\aswRdr2.sys
    2012-08-12 04:25 . 2012-07-03 16:2159728----a-w-c:\windows\system32\drivers\aswTdi.sys
    2012-08-12 04:25 . 2012-07-03 16:21958400----a-w-c:\windows\system32\drivers\aswSnx.sys
    2012-08-12 04:25 . 2012-07-03 16:2171064----a-w-c:\windows\system32\drivers\aswMonFlt.sys
    2012-08-12 04:25 . 2012-07-03 16:21285328----a-w-c:\windows\system32\aswBoot.exe
    2012-08-12 04:11 . 2012-08-12 04:11--------d-----w-c:\programdata\Hewlett-Packard
    2012-08-12 04:11 . 2009-07-14 01:41230400----a-w-c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
    2012-08-12 04:08 . 2012-08-12 19:01--------d-----w-c:\users\Larry
    2012-08-12 04:05 . 2012-08-12 04:05--------d-----w-c:\windows\SysWow64\Wat
    2012-08-12 04:05 . 2012-08-12 04:05--------d-----w-c:\windows\system32\Wat
    2012-08-12 03:58 . 2012-08-12 03:58--------d-----w-c:\programdata\NVIDIA Corporation
    2012-08-12 03:58 . 2012-08-12 03:58--------d-----w-c:\program files\NVIDIA Corporation
    2012-08-12 03:58 . 2012-08-12 03:58--------d-----w-c:\program files (x86)\NVIDIA Corporation
    2012-08-12 03:57 . 2010-09-14 06:45367104----a-w-c:\windows\system32\wcncsvc.dll
    2012-08-12 03:57 . 2010-09-14 06:07276992----a-w-c:\windows\SysWow64\wcncsvc.dll
    2012-08-12 03:54 . 2012-06-12 03:023147264----a-w-c:\windows\system32\win32k.sys
    2012-08-12 03:11 . 2012-08-13 01:10--------d-sh--w-c:\windows\Installer
    2012-08-12 03:11 . 2012-07-03 16:2141224----a-w-c:\windows\avastSS.scr
    2012-08-12 03:11 . 2012-07-03 16:21227648----a-w-c:\windows\SysWow64\aswBoot.exe
    2012-08-12 03:10 . 2012-08-12 04:24--------d-----w-c:\programdata\AVAST Software
    2012-08-12 03:10 . 2012-08-12 04:24--------d-----w-c:\program files\AVAST Software
    2012-08-12 03:08 . 2009-09-10 06:28311808----a-w-c:\windows\system32\msv1_0.dll
    2012-08-12 03:08 . 2009-09-10 05:52257024----a-w-c:\windows\SysWow64\msv1_0.dll
    2012-08-12 02:59 . 2009-10-10 03:1714336----a-w-c:\windows\system32\drivers\sffp_sd.sys
    2012-08-12 02:55 . 2009-11-25 16:4799176----a-w-c:\windows\SysWow64\PresentationHostProxy.dll
    2012-08-12 02:55 . 2009-11-25 16:4749472----a-w-c:\windows\SysWow64\netfxperf.dll
    2012-08-12 02:55 . 2009-11-25 16:4748960----a-w-c:\windows\system32\netfxperf.dll
    2012-08-12 02:55 . 2009-11-25 16:47297808----a-w-c:\windows\SysWow64\mscoree.dll
    2012-08-12 02:55 . 2009-11-25 16:47295264----a-w-c:\windows\SysWow64\PresentationHost.exe
    2012-08-12 02:55 . 2009-11-25 16:471130824----a-w-c:\windows\SysWow64\dfshim.dll
    2012-08-12 02:55 . 2009-11-25 16:47109912----a-w-c:\windows\system32\PresentationHostProxy.dll
    2012-08-12 02:55 . 2009-11-25 16:47444752----a-w-c:\windows\system32\mscoree.dll
    2012-08-12 02:55 . 2009-11-25 16:47320352----a-w-c:\windows\system32\PresentationHost.exe
    2012-08-12 02:55 . 2009-11-25 16:471942856----a-w-c:\windows\system32\dfshim.dll
    2012-08-12 02:51 . 2012-08-12 02:51--------d-----w-c:\program files (x86)\Common Files\logishrd
    2012-08-12 02:51 . 2012-08-12 02:51--------d-----w-c:\program files\Common Files\logishrd
    2012-08-12 02:50 . 2012-07-03 07:1959701280----a-w-c:\windows\system32\MRT.exe
    2012-08-12 02:46 . 2012-03-01 06:5422896----a-w-c:\windows\system32\drivers\fs_rec.sys
    2012-08-12 02:46 . 2012-03-01 06:45220672----a-w-c:\windows\system32\wintrust.dll
    2012-08-12 02:46 . 2012-03-01 06:4080896----a-w-c:\windows\system32\imagehlp.dll
    2012-08-12 02:46 . 2012-03-01 06:355120----a-w-c:\windows\system32\wmi.dll
    2012-08-12 02:46 . 2012-03-01 05:49172544----a-w-c:\windows\SysWow64\wintrust.dll
    2012-08-12 02:46 . 2012-03-01 05:45158720----a-w-c:\windows\SysWow64\imagehlp.dll
    2012-08-12 02:46 . 2012-03-01 05:405120----a-w-c:\windows\SysWow64\wmi.dll
    2012-08-12 02:44 . 2010-03-04 04:40184832----a-w-c:\windows\system32\drivers\usbvideo.sys
    2012-08-12 02:44 . 2010-03-04 04:32243712----a-w-c:\windows\system32\drivers\ks.sys
    2012-08-12 02:42 . 2012-06-09 05:3014165504----a-w-c:\windows\system32\shell32.dll
    2012-08-12 02:41 . 2012-04-24 05:59182272----a-w-c:\windows\system32\cryptsvc.dll
    2012-08-12 02:40 . 2010-01-09 07:19139264----a-w-c:\windows\system32\cabview.dll
    2012-08-12 02:40 . 2010-01-09 06:52132608----a-w-c:\windows\SysWow64\cabview.dll
    2012-08-12 02:33 . 2011-11-19 15:0777312----a-w-c:\windows\system32\packager.dll
    2012-08-12 02:33 . 2011-11-19 14:0667072----a-w-c:\windows\SysWow64\packager.dll
    2012-08-12 02:33 . 2010-08-27 06:14236032----a-w-c:\windows\system32\srvsvc.dll
    2012-08-12 02:33 . 2010-08-27 05:469728----a-w-c:\windows\SysWow64\sscore.dll
    2012-08-12 02:32 . 2012-02-15 06:271031680----a-w-c:\windows\system32\rdpcore.dll
    2012-08-12 02:32 . 2012-02-15 05:44826368----a-w-c:\windows\SysWow64\rdpcore.dll
    2012-08-12 02:32 . 2012-02-15 04:4623552----a-w-c:\windows\system32\drivers\tdtcp.sys
    2012-08-12 02:29 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
    2012-08-12 02:29 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
    2012-08-12 02:29 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
    2012-08-12 02:29 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
    2012-08-12 02:28 . 2012-06-02 22:1938424----a-w-c:\windows\system32\wups.dll
    2012-08-12 02:28 . 2012-06-02 22:19701976----a-w-c:\windows\system32\wuapi.dll
    2012-08-12 02:28 . 2012-06-02 22:1599840----a-w-c:\windows\system32\wudriver.dll
    2012-08-12 02:28 . 2012-06-02 19:19186752----a-w-c:\windows\system32\wuwebv.dll
    2012-08-12 02:28 . 2012-06-02 19:1536864----a-w-c:\windows\system32\wuapp.exe
    2012-08-12 02:27 . 2012-08-12 02:28--------d-----w-c:\users\Mike
    2012-08-12 02:27 . 2012-08-12 02:27--------d-----w-C:\Recovery
    2012-07-28 06:54 . 2012-07-28 06:54321472----a-w-c:\windows\WLXPGSS.SCR
    2012-07-26 23:08 . 2012-07-26 23:08862664----a-w-c:\windows\SysWow64\msvcr110.dll
    2012-07-26 23:08 . 2012-07-26 23:08534480----a-w-c:\windows\SysWow64\msvcp110.dll
    2012-07-26 23:08 . 2012-07-26 23:08251864----a-w-c:\windows\SysWow64\vccorlib110.dll
    2012-07-26 23:08 . 2012-07-26 23:08153536----a-w-c:\windows\SysWow64\atl110.dll
    2012-07-26 23:08 . 2012-07-26 23:08115656----a-w-c:\windows\SysWow64\vcomp110.dll
    2012-07-26 19:22 . 2012-07-26 19:22828872----a-w-c:\windows\system32\msvcr110.dll
    2012-07-26 19:22 . 2012-07-26 19:22661448----a-w-c:\windows\system32\msvcp110.dll
    2012-07-26 19:22 . 2012-07-26 19:22354264----a-w-c:\windows\system32\vccorlib110.dll
    2012-07-26 19:22 . 2012-07-26 19:22177096----a-w-c:\windows\system32\atl110.dll
    2012-07-26 19:22 . 2012-07-26 19:22124360----a-w-c:\windows\system32\vcomp110.dll
    2012-07-17 19:20 . 2012-07-17 19:201178920----a-w-c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDRES.DLL
    2012-07-17 19:17 . 2012-07-17 19:17529664----a-w-c:\program files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    2012-07-17 19:16 . 2012-07-17 19:1656072----a-w-c:\program files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll
    2012-07-17 19:16 . 2012-07-17 19:161134856----a-w-c:\program files\Common Files\Microsoft Shared\Windows Live\wlidcli.dll
    2012-07-17 19:14 . 2012-07-17 19:14420608----a-w-c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL
    2012-07-17 19:14 . 2012-07-17 19:14290560----a-w-c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2012-06-07 01:331519304----a-w-c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
    "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-07 1564872]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-12 136176]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-12 250056]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-12 136176]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-12 1255736]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
    S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
    S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-12 05:28]
    .
    2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-12 04:25]
    .
    2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-12 04:25]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-07-03 16:21133400----a-w-c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
    .
    - - - - ORPHANS REMOVED - - - -
    .
    ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
    ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
    ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
    ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
    ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
    ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-08-12 22:01:53
    ComboFix-quarantined-files.txt 2012-08-13 02:01
    .
    Pre-Run: 964,075,343,872 bytes free
    Post-Run: 964,137,586,688 bytes free
    .
    - - End Of File - - 216B1E7687FDA122446BA820E915A195
     
  15. mGreen

    mGreen TS Rookie Topic Starter Posts: 18

    Rkill 2.1.0 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html
    Program started at: 08/12/2012 10:16:16 PM in x64 mode.
    Windows Version: Windows 7
    Checking for Windows services to stop.
    * No malware services found to stop.
    Checking for processes to terminate.
    * No malware processes found to kill.
    Checking Registry for malware related settings.
    * No issues found in the Registry.
    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
    * HKLM\Software\Classes\.com "@" has been changed to ComFile!
    * HKLM\Software\Classes\.com "@" was reset to comfile!
    Performing miscellaneous checks.
    * No issues found.
    Searching for Missing Digital Signatures:
    * No issues found.
    Restarting Explorer.exe in order to apply changes.
    Program finished at: 08/12/2012 10:16:24 PM
    Execution time: 0 hours(s), 0 minute(s), and 8 seconds(s)
     
  16. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    Looks good :)

    Uninstall Ask Toolbar, typical foistware.

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  17. mGreen

    mGreen TS Rookie Topic Starter Posts: 18

    OTL logfile created on: 8/12/2012 10:36:20 PM - Run 1
    OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Mike\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 4.71 Gb Available Physical Memory | 78.44% Memory free
    12.00 Gb Paging File | 10.59 Gb Available in Paging File | 88.29% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 898.01 Gb Free Space | 96.41% Space Free | Partition Type: NTFS

    Computer Name: MIKE-PC | User Name: Mike | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/08/12 22:34:48 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
    PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


    ========== Modules (No Company Name) ==========


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/08/12 01:28:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/07/03 12:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012/07/03 12:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012/07/03 12:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012/07/03 12:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012/07/03 12:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2012/07/03 12:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
    DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
    DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 20:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2008/01/19 13:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irsir.sys -- (irsir)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-93952822-3381910838-1579628254-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-93952822-3381910838-1579628254-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-93952822-3381910838-1579628254-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A 33 00 93 32 78 CD 01 [binary data]
    IE - HKU\S-1-5-21-93952822-3381910838-1579628254-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-93952822-3381910838-1579628254-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-93952822-3381910838-1579628254-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)



    ========== Chrome ==========

    CHR - homepage: http://www.google.com
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\pdf.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    CHR - Extension: avast! WebRep = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\

    O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKU\S-1-5-21-93952822-3381910838-1579628254-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-93952822-3381910838-1579628254-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-93952822-3381910838-1579628254-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.243.0.12
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25679FFA-D803-444A-BB00-D39C9704C05B}: DhcpNameServer = 192.168.1.1 71.243.0.12
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/12 22:34:47 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
    [2012/08/12 22:15:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/08/12 22:07:04 | 001,118,624 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Mike\Desktop\rkill.exe
    [2012/08/12 21:56:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/08/12 21:56:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/08/12 21:56:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/08/12 21:56:24 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/08/12 21:56:13 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/08/12 21:50:33 | 004,729,547 | R--- | C] (Swearware) -- C:\Users\Mike\Desktop\ComboFix.exe
    [2012/08/12 15:06:30 | 000,000,000 | ---D | C] -- C:\Windows\en
    [2012/08/12 15:05:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    [2012/08/12 15:05:05 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
    [2012/08/12 15:04:59 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
    [2012/08/12 15:04:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
    [2012/08/12 15:01:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
    [2012/08/12 15:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
    [2012/08/12 14:56:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
    [2012/08/12 12:08:50 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/08/12 10:15:22 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Macromedia
    [2012/08/12 10:05:19 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2012/08/12 09:17:08 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Malwarebytes
    [2012/08/12 09:16:28 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Google
    [2012/08/12 09:15:09 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Adobe
    [2012/08/12 02:20:05 | 000,000,000 | ---D | C] -- C:\Windows\Panther
    [2012/08/12 02:11:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
    [2012/08/12 01:21:09 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
    [2012/08/12 01:20:45 | 000,000,000 | -HSD | C] -- C:\System Volume Information
    [2012/08/12 01:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/08/12 01:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/08/12 01:18:58 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/08/12 01:18:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/08/12 00:44:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
    [2012/08/12 00:44:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
    [2012/08/12 00:27:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2012/08/12 00:26:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
    [2012/08/12 00:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
    [2012/08/12 00:25:53 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/08/12 00:25:53 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/08/12 00:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/08/12 00:25:49 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2012/08/12 00:25:48 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/08/12 00:25:47 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/08/12 00:25:45 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/08/12 00:25:45 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/08/12 00:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
    [2012/08/12 00:05:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
    [2012/08/12 00:05:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
    [2012/08/11 23:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
    [2012/08/11 23:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
    [2012/08/11 23:58:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
    [2012/08/11 23:11:11 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
    [2012/08/11 23:11:01 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/08/11 23:11:01 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/08/11 23:10:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/08/11 23:10:49 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/08/11 22:51:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd
    [2012/08/11 22:51:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
    [2012/08/11 22:30:45 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Microsoft Games
    [2012/08/11 22:28:33 | 000,000,000 | R--D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    [2012/08/11 22:28:33 | 000,000,000 | R--D | C] -- C:\Users\Mike\Searches
    [2012/08/11 22:28:33 | 000,000,000 | R--D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2012/08/11 22:28:33 | 000,000,000 | -H-D | C] -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
    [2012/08/11 22:28:04 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Identities
    [2012/08/11 22:27:58 | 000,000,000 | R--D | C] -- C:\Users\Mike\Contacts
    [2012/08/11 22:27:56 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\VirtualStore
    [2012/08/11 22:27:51 | 000,000,000 | --SD | C] -- C:\Users\Mike\AppData\Roaming\Microsoft
    [2012/08/11 22:27:51 | 000,000,000 | R--D | C] -- C:\Users\Mike\Videos
    [2012/08/11 22:27:51 | 000,000,000 | R--D | C] -- C:\Users\Mike\Saved Games
    [2012/08/11 22:27:51 | 000,000,000 | R--D | C] -- C:\Users\Mike\Pictures
    [2012/08/11 22:27:51 | 000,000,000 | R--D | C] -- C:\Users\Mike\Music
    [2012/08/11 22:27:51 | 000,000,000 | R--D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    [2012/08/11 22:27:51 | 000,000,000 | R--D | C] -- C:\Users\Mike\Links
    [2012/08/11 22:27:51 | 000,000,000 | R--D | C] -- C:\Users\Mike\Favorites
    [2012/08/11 22:27:51 | 000,000,000 | R--D | C] -- C:\Users\Mike\Downloads
    [2012/08/11 22:27:51 | 000,000,000 | R--D | C] -- C:\Users\Mike\Documents
    [2012/08/11 22:27:51 | 000,000,000 | R--D | C] -- C:\Users\Mike\Desktop
    [2012/08/11 22:27:51 | 000,000,000 | R--D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    [2012/08/11 22:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\AppData\Local\Temporary Internet Files
    [2012/08/11 22:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Templates
    [2012/08/11 22:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Start Menu
    [2012/08/11 22:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\SendTo
    [2012/08/11 22:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Recent
    [2012/08/11 22:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\PrintHood
    [2012/08/11 22:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\NetHood
    [2012/08/11 22:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Documents\My Videos
    [2012/08/11 22:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Documents\My Pictures
    [2012/08/11 22:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Documents\My Music
    [2012/08/11 22:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\My Documents
    [2012/08/11 22:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Local Settings
    [2012/08/11 22:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\AppData\Local\History
    [2012/08/11 22:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Cookies
    [2012/08/11 22:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Application Data
    [2012/08/11 22:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\AppData\Local\Application Data
    [2012/08/11 22:27:51 | 000,000,000 | -H-D | C] -- C:\Users\Mike\AppData
    [2012/08/11 22:27:51 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Temp
    [2012/08/11 22:27:51 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Microsoft
    [2012/08/11 22:27:51 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Media Center Programs
    [2012/08/11 22:27:40 | 000,000,000 | ---D | C] -- C:\Recovery
    [2012/08/11 22:27:35 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2012/07/24 13:22:36 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mike\Desktop\TDSSKiller.exe

    ========== Files - Modified Within 30 Days ==========

    [2012/08/12 22:35:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/08/12 22:34:48 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
    [2012/08/12 22:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/08/12 22:22:25 | 000,719,716 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/08/12 22:22:25 | 000,619,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/08/12 22:22:25 | 000,104,372 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/08/12 22:18:30 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/08/12 22:18:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/08/12 22:18:02 | 536,272,895 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/12 22:08:07 | 000,013,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/12 22:08:07 | 000,013,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/12 22:07:04 | 001,118,624 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Mike\Desktop\rkill.exe
    [2012/08/12 21:50:43 | 004,729,547 | R--- | M] (Swearware) -- C:\Users\Mike\Desktop\ComboFix.exe
    [2012/08/12 12:07:31 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mike\Desktop\TDSSKiller.exe
    [2012/08/12 10:05:16 | 822,761,947 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/08/12 09:15:06 | 000,001,437 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/08/12 01:24:22 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
    [2012/08/12 01:24:22 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
    [2012/08/12 01:21:43 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2012/08/12 01:18:59 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/12 00:27:30 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/08/12 00:25:53 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/08/12 00:25:45 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/08/12 00:07:14 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/08/11 22:54:22 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
    [2012/08/11 22:54:22 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
    [2012/08/11 22:50:57 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI

    ========== Files Created - No Company Name ==========

    [2012/08/12 21:56:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/08/12 21:56:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/08/12 21:56:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/08/12 21:56:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/08/12 21:56:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/08/12 15:06:15 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
    [2012/08/12 15:06:08 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
    [2012/08/12 15:05:37 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
    [2012/08/12 10:05:16 | 822,761,947 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/08/12 01:24:18 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [2012/08/12 01:24:15 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [2012/08/12 01:21:43 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2012/08/12 01:20:45 | 536,272,895 | -HS- | C] () -- C:\hiberfil.sys
    [2012/08/12 01:18:59 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/12 00:44:25 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/08/12 00:27:30 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/08/12 00:25:59 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/08/12 00:25:58 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/08/12 00:25:53 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/08/12 00:25:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2012/08/11 22:54:22 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
    [2012/08/11 22:54:22 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
    [2012/08/11 22:50:57 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
    [2012/08/11 22:31:23 | 000,001,437 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/08/11 22:29:02 | 000,001,443 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2012/08/11 22:29:02 | 000,001,409 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    [2012/08/11 22:27:51 | 000,000,290 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2012/08/11 22:27:51 | 000,000,272 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
    [2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
    [2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

    ========== LOP Check ==========

    [2012/08/12 17:26:03 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Windows Live Writer
    [2009/07/14 01:08:49 | 000,005,392 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >
     
  18. mGreen

    mGreen TS Rookie Topic Starter Posts: 18

    OTL Extras logfile created on: 8/12/2012 10:36:20 PM - Run 1
    OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Mike\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 4.71 Gb Available Physical Memory | 78.44% Memory free
    12.00 Gb Paging File | 10.59 Gb Available in Paging File | 88.29% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 898.01 Gb Free Space | 96.41% Space Free | Partition Type: NTFS

    Computer Name: MIKE-PC | User Name: Mike | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-93952822-3381910838-1579628254-1001\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0A981EA5-3D06-4A00-A2A2-58E155C48B04}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{1BB55052-8A63-4DCA-9D13-1A66EAC960AD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{212C619A-362F-438A-A692-EFB89823C228}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{290B6B85-5DDF-4CBD-82D7-2B8A6B994471}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{2D1B550D-74E4-47D8-B67D-CABDF3ABFB14}" = rport=139 | protocol=6 | dir=out | app=system |
    "{2F204023-A67B-42CF-8FE1-322C10A705B2}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{2FE370F7-886F-4A1C-A95D-6CB8E46A804F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{33D51604-EE55-498C-B35A-F0A896E0F9BD}" = lport=139 | protocol=6 | dir=in | app=system |
    "{4502CA5E-74FD-4164-8535-FF89CEE21BA4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{454A2CCA-FDBA-461A-AFB2-7476246AF4BF}" = lport=138 | protocol=17 | dir=in | app=system |
    "{4A301F15-ECDB-4666-8263-9832A44A5035}" = lport=445 | protocol=6 | dir=in | app=system |
    "{4C5331EB-6B7A-4E6D-86F9-C0FD86A98474}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{519331E8-E479-4AF5-A5F6-A33AEB8BC49A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{5268EFBD-CDC7-4132-A34C-5842B2474F7B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{658FB287-51AC-4E3A-A2C4-8498552169EA}" = rport=138 | protocol=17 | dir=out | app=system |
    "{67AF3215-361A-48CA-BF17-55F203258B1D}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{6D529486-57E9-4846-8B73-B7CDEF4E7D7C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{A3A20030-AFB9-432E-8694-4352E9A6B2DC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B1DCC7B5-4680-4FC3-AD01-EE172A84F704}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{B8E4D0AD-377B-490C-8524-0F0CBAC8D8FB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C937F2D5-5695-4DDB-8A55-484FE2BB6810}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{D264D8F9-79A4-44A0-82F4-EC1B785D3BFA}" = rport=137 | protocol=17 | dir=out | app=system |
    "{FA223B64-A891-4146-ABC3-0C659CB1764F}" = lport=137 | protocol=17 | dir=in | app=system |
    "{FB7E2FE6-6C44-4FAA-95A2-6AB05A1C6C9B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{FCD8E4FC-C39B-4F36-B368-041BC13B5D42}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{3194D92E-4AAD-4399-B84C-3CA43F392BDC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{329510AD-D544-4839-88CC-B880AEACFBCC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{3B347E55-7162-4D3C-8AC2-D5368DB2D739}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{3E767DE1-8557-40F1-B513-8380624D5EE5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{714D0777-FE49-4BFD-82FD-F162A2F96F36}" = protocol=6 | dir=out | app=system |
    "{72AB8970-EE32-46A1-9467-31F82ADBE105}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{75E8E56D-F43C-4DFA-8E5D-0BC261B1AD0A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{7CF0662A-400C-42F5-B431-D1F6C2FE7B63}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{800CE447-8505-46AC-9B58-1C43B714B95E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8726BCC6-5B75-4161-A5BB-721792EE7DAE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{88D76C35-9690-480E-A335-CB5D1B280F40}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{89ADBC7C-FAC6-4A6F-A39F-4B6531B63B5C}" = dir=in | app=c:\users\larry\appdata\local\microsoft\skydrive\skydrive.exe |
    "{8FE22660-3B5F-4880-971C-55022203CFB0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{939C1330-9BAC-4367-A73C-361CCCC45D24}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{B60D21B4-E977-4104-86FF-E6E7A264C07E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{C0C989E4-EB0C-4C37-9CBF-2561407E762F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{CEC8935E-D376-497F-B828-AFFDE4430E7E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D88EF343-385C-4A2A-951A-6122BEA1F5BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E2B63CB8-175F-4D29-B1DA-C36AE2946C03}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E36D9A58-125D-48F0-BA37-01DAE212C9EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{F6B83633-3BCF-49EB-9076-769135474C91}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{4BA33BE3-20CF-4972-BD67-B44CEFA52DCB}" = Windows Live MIME IFilter
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
    "{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack
    "{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker
    "{44E89CCA-BB20-4EA6-80EB-4126E886F83D}" = Windows Live Mail
    "{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials
    "{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
    "{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
    "{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common
    "{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery
    "{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
    "{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
    "{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
    "{CBB00A31-1E0F-458C-BA15-0BAFF0567772}" = Windows Live Mail
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0DA672E-15DB-4413-BE2D-887DD1513607}" = Windows Live Writer
    "{FE58D81E-30CE-4C73-9A52-28E886B62B91}" = Windows Live Writer Resources
    "{FECB76C1-1C1D-4A84-8D47-5754C74B5A5E}" = Junk Mail filter update
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "avast" = avast! Free Antivirus
    "Google Chrome" = Google Chrome
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "WinLiveSuite" = Windows Live Essentials

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/11/2012 11:17:42 PM | Computer Name = Mike-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 124 Start
    Time: 01cd7838b5b0b5d5 Termination Time: 62 Application Path: C:\Program Files (x86)\Internet
    Explorer\iexplore.exe Report Id: 3a930a08-e42c-11e1-a197-00252244f4d6

    Error - 8/11/2012 11:19:10 PM | Computer Name = Mike-PC | Source = Application Hang | ID = 1002
    Description = The program avast.setup version 7.0.1456.418 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 474 Start
    Time: 01cd7837fa6d96ac Termination Time: 0 Application Path: C:\Users\Mike\AppData\Local\Temp\_av_sfx.tm~a03036\avast.setup
    Report
    Id:

    Error - 8/12/2012 12:06:06 AM | Computer Name = Mike-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: UMVPFSrv.exe, version: 13.31.1044.0, time
    stamp: 0x4f166843 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x75366a34 Faulting process id: 0x3c4 Faulting application
    start time: 0x01cd783fa959e108 Faulting application path: C:\Program Files (x86)\Common
    Files\logishrd\LVMVFM\UMVPFSrv.exe Faulting module path: unknown Report Id: 09e9bbfb-e433-11e1-a42c-00252244f4d6

    Error - 8/12/2012 12:06:13 AM | Computer Name = Mike-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x75366a34 Faulting process id: 0x7b8 Faulting application
    start time: 0x01cd783fcd2dfda3 Faulting application path: \\.\globalroot\systemroot\svchost.exe
    Faulting
    module path: unknown Report Id: 0d9ea3e7-e433-11e1-a42c-00252244f4d6

    Error - 8/12/2012 12:25:45 AM | Computer Name = Mike-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\AVAST Software\Avast\asOutExt64.dll".
    Dependent
    Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 8/12/2012 1:25:03 AM | Computer Name = Mike-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: ARO.exe, version: 8.0.12.0, time stamp:
    0x4ff56973 Faulting module name: ARO.exe, version: 8.0.12.0, time stamp: 0x4ff56973
    Exception
    code: 0xc0000005 Fault offset: 0x0001ffaa Faulting process id: 0xc5c Faulting application
    start time: 0x01cd784ad0c8cba7 Faulting application path: C:\Program Files (x86)\ARO
    2012\ARO.exe Faulting module path: C:\Program Files (x86)\ARO 2012\ARO.exe Report
    Id: 10e39d43-e43e-11e1-9951-00252244f4d6

    Error - 8/12/2012 10:56:05 AM | Computer Name = Mike-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: ARO.exe, version: 8.0.12.0, time stamp:
    0x4ff56973 Faulting module name: ARO.exe, version: 8.0.12.0, time stamp: 0x4ff56973
    Exception
    code: 0xc0000005 Fault offset: 0x0001ffaa Faulting process id: 0x9a8 Faulting application
    start time: 0x01cd789a9709efb1 Faulting application path: C:\Program Files (x86)\ARO
    2012\ARO.exe Faulting module path: C:\Program Files (x86)\ARO 2012\ARO.exe Report
    Id: d6aab6ef-e48d-11e1-a3da-00252244f4d6

    Error - 8/12/2012 12:57:39 PM | Computer Name = Mike-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: ARO.exe, version: 8.0.12.0, time stamp:
    0x4ff56973 Faulting module name: ARO.exe, version: 8.0.12.0, time stamp: 0x4ff56973
    Exception
    code: 0xc0000005 Fault offset: 0x0001ffaa Faulting process id: 0x838 Faulting application
    start time: 0x01cd78ab8e38d8df Faulting application path: C:\Program Files (x86)\ARO
    2012\ARO.exe Faulting module path: C:\Program Files (x86)\ARO 2012\ARO.exe Report
    Id: d2a25a14-e49e-11e1-a0c5-00252244f4d6

    Error - 8/12/2012 2:57:51 PM | Computer Name = Mike-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
    Description = Application or service 'Windows Search' could not be shut down.

    Error - 8/12/2012 6:43:20 PM | Computer Name = Mike-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: ARO.exe, version: 8.0.12.0, time stamp:
    0x4ff56973 Faulting module name: ARO.exe, version: 8.0.12.0, time stamp: 0x4ff56973
    Exception
    code: 0xc0000005 Fault offset: 0x0001ffaa Faulting process id: 0xb80 Faulting application
    start time: 0x01cd78dbdb5cdf0e Faulting application path: C:\Program Files (x86)\ARO
    2012\ARO.exe Faulting module path: C:\Program Files (x86)\ARO 2012\ARO.exe Report
    Id: 1d0e319b-e4cf-11e1-9e7c-00252244f4d6

    [ System Events ]
    Error - 8/12/2012 10:15:25 PM | Computer Name = Mike-PC | Source = DCOM | ID = 10005
    Description =

    Error - 8/12/2012 10:15:25 PM | Computer Name = Mike-PC | Source = DCOM | ID = 10005
    Description =

    Error - 8/12/2012 10:15:25 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 8/12/2012 10:15:25 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 8/12/2012 10:15:25 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 8/12/2012 10:15:25 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 8/12/2012 10:15:25 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 8/12/2012 10:15:25 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 8/12/2012 10:15:25 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 8/12/2012 10:15:25 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068


    < End of report >
     
  19. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKU\S-1-5-21-93952822-3381910838-1579628254-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
      [2012/08/12 00:26:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ==========================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  20. mGreen

    mGreen TS Rookie Topic Starter Posts: 18

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\S-1-5-21-93952822-3381910838-1579628254-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
    C:\Program Files (x86)\Ask.com\Updater folder moved successfully.
    C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully.
    C:\Program Files (x86)\Ask.com\assets folder moved successfully.
    C:\Program Files (x86)\Ask.com folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Larry
    ->Temp folder emptied: 802 bytes
    ->Temporary Internet Files folder emptied: 263093965 bytes
    ->Google Chrome cache emptied: 14970218 bytes
    ->Flash cache emptied: 4520 bytes

    User: Mike
    ->Temp folder emptied: 328008 bytes
    ->Temporary Internet Files folder emptied: 5945174 bytes
    ->Google Chrome cache emptied: 97503048 bytes
    ->Flash cache emptied: 492 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 22479168 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 386.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Larry

    User: Mike

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Larry
    ->Flash cache emptied: 0 bytes

    User: Mike
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.57.0 log created on 08132012_091020

    Files\Folders moved on Reboot...
    C:\Users\Larry\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...
    File C:\Users\Larry\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    File C:\Users\Mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    [2012/08/13 09:11:53 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5

    Registry entries deleted on Reboot...
     
  21. mGreen

    mGreen TS Rookie Topic Starter Posts: 18

    Results of screen317's Security Check version 0.99.43
    Windows 7 x64 (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.62.0.1300
    Google Chrome 21.0.1180.75
    Google Chrome VisualElementsManifest.xml..
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 5%
    ````````````````````End of Log``````````````````````
     
  22. mGreen

    mGreen TS Rookie Topic Starter Posts: 18

    Farbar Service Scanner Version: 06-08-2012
    Ran by Mike (administrator) on 13-08-2012 at 09:16:09
    Running from "C:\Users\Mike\Downloads"
    Microsoft Windows 7 Home Premium (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.
    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    System Restore:
    ============
    System Restore Disabled Policy:
    ========================
    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================
    Windows Defender:
    ==============
    Other Services:
    ==============
    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys
    [2012-08-11 22:41] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2012-08-11 22:42] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll
    [2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll
    [2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll
    [2012-08-11 22:41] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    **** End of log ****
     
  23. mGreen

    mGreen TS Rookie Topic Starter Posts: 18

    C:\TDSSKiller_Quarantine\12.08.2012_12.07.43\mbr0000\tdlfs0000\tsk0000.dtaWin64/Olmarik.AK trojan
    C:\TDSSKiller_Quarantine\12.08.2012_12.07.43\mbr0000\tdlfs0000\tsk0001.dtaa variant of Win32/Rootkit.Kryptik.NH trojan
     
  24. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  25. mGreen

    mGreen TS Rookie Topic Starter Posts: 18

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Larry
    ->Temp folder emptied: 15444878 bytes
    ->Temporary Internet Files folder emptied: 20521292 bytes
    ->Google Chrome cache emptied: 1905008 bytes
    ->Flash cache emptied: 598 bytes

    User: Mike
    ->Temp folder emptied: 1389 bytes
    ->Temporary Internet Files folder emptied: 6625448 bytes
    ->Google Chrome cache emptied: 30515323 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 22484594 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 93.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Larry
    ->Flash cache emptied: 0 bytes

    User: Mike
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Larry

    User: Mike

    User: Public

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.57.0 log created on 08132012_153919

    Files\Folders moved on Reboot...
    C:\Users\Mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...
    File C:\Users\Mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    [2012/08/13 15:41:37 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5

    Registry entries deleted on Reboot...
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.