TechSpot

Windows 7 Home Premium: rundll32.exe/slow login

Solved
By cookiesandjuice
Dec 19, 2012
Topic Status:
Not open for further replies.
  1. For a while now, every time that I try to log in, it takes maybe 20 seconds at the "Welcome" loading screen, and then some time on a black screen before my desktop shows up. Explorer.exe is already running though, so it shouldn't be a problem...? During that black screen the CPU usage is between 0% and 1%.

    As well, I've been having two instances of rundll32.exe. One has no description, no CMD line, and the other had something about NvCpl.dll (or something related to Nvidia). I researched online, and found that in the System32 folder, it had a page icon - apparently a sign of malware, and so I thought it was the problem. I did a full scan of my computer with the Malicious Software Removal Tool, but nothing came up.

    Next, I followed the directions here (http://www.revthatup.com/how-to-fix-rundll32-exe/) using Safe Mode, but when I downloaded rundll32.exe it also had a page icon. I went ahead and pasted it into System32, and upon restart I was asked if I wanted to run rundll32.exe from Unknown Publisher. Allowing it to run, there were again two instances of rundll32.exe.

    So I redeleted it using the article's info, and am not letting it run. However, every time I log in it asks if I want to run it, which is very annoying. As well, the lag time during login is still continuing.
    Please help! Thanks in advance =)
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
    Please review the 4-Step instructions and post the logs back here for my review.

    Also, include this scan:

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
  3. cookiesandjuice

    cookiesandjuice Newcomer, in training Topic Starter Posts: 25

    Thanks for the speedy reply!

    MBAM log:
    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.12.16.02

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Andrew :: ANDREW-PC [administrator]

    12/19/2012 6:21:27 PM
    mbam-log-2012-12-19 (18-21-27).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 34510
    Time elapsed: 2 minute(s), 2 second(s) [aborted]

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    DDS logs:
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16457
    Run by Andrew at 18:34:13 on 2012-12-19
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2046.1364 [GMT -8:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
    C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\ctfmon.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k secsvcs
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
    mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe
    mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{5B8499E8-A5C6-45A8-A214-C25C1757042B} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{5B8499E8-A5C6-45A8-A214-C25C1757042B}\2657D626C656265656 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{5B8499E8-A5C6-45A8-A214-C25C1757042B}\35F6E616 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{5B8499E8-A5C6-45A8-A214-C25C1757042B}\4554C4553503438393 : DHCPNameServer = 192.168.1.254 75.153.176.9
    TCP: Interfaces\{5B8499E8-A5C6-45A8-A214-C25C1757042B}\45F6D6D69702E476579756E6 : DHCPNameServer = 192.168.43.1
    TCP: Interfaces\{5B8499E8-A5C6-45A8-A214-C25C1757042B}\545343135453 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{5B8499E8-A5C6-45A8-A214-C25C1757042B}\74275656E60225F6F6D6 : DHCPNameServer = 10.0.1.1
    TCP: Interfaces\{5B8499E8-A5C6-45A8-A214-C25C1757042B}\D4F62696C6560284F6473707F647027434 : DHCPNameServer = 10.0.0.1
    TCP: Interfaces\{7ADA438A-D22B-4F4A-9B87-7EC7541F0514} : DHCPNameServer = 192.168.1.254
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-12-18 738504]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-12-18 361032]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-12-18 21256]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-12-18 58680]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-12-18 44808]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2012-6-18 374648]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-7-26 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-7-26 1343400]
    .
    =============== Created Last 30 ================
    .
    2012-12-20 02:24:2560872----a-w-c:\programdata\microsoft\windows defender\definition updates\{99ef2e91-d33d-421c-81fb-da322cad6cdf}\offreg.dll
    2012-12-20 02:18:026891424----a-w-c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
    2012-12-20 02:17:546812136----a-w-c:\programdata\microsoft\windows defender\definition updates\{99ef2e91-d33d-421c-81fb-da322cad6cdf}\mpengine.dll
    2012-12-19 06:58:5344784----a-w-c:\windows\system32\drivers\aswRdr2.sys
    2012-12-19 06:58:51738504----a-w-c:\windows\system32\drivers\aswSnx.sys
    2012-12-19 06:58:4758680----a-w-c:\windows\system32\drivers\aswMonFlt.sys
    2012-12-19 06:57:5241224----a-w-c:\windows\avastSS.scr
    2012-12-19 06:57:39--------d-----w-c:\programdata\AVAST Software
    2012-12-19 06:57:39--------d-----w-c:\program files\AVAST Software
    2012-12-18 04:36:58--------d-----w-c:\windows\system32\drivers\umdf\es-ES
    2012-12-17 06:35:46--------d-----w-c:\users\andrew\appdata\local\Diagnostics
    2012-12-17 05:19:12--------d-----w-c:\program files\MSECACHE
    2012-12-15 07:46:49--------d--h--w-c:\windows\msdownld.tmp
    2012-12-15 07:46:36--------d-----w-c:\windows\system32\directx
    2012-12-15 04:33:5579256----a-w-c:\windows\system32\npOGPPlugin.dll
    2012-12-15 04:33:54271768----a-w-c:\windows\system32\OGPIEPlugin.ocx
    2012-12-12 00:26:192345984----a-w-c:\windows\system32\win32k.sys
    2012-12-12 00:25:592048----a-w-c:\windows\system32\tzres.dll
    2012-12-08 03:36:48--------d-----w-c:\program files\uTorrent
    2012-12-08 03:35:42--------d-----w-c:\users\andrew\appdata\roaming\uTorrent
    .
    ==================== Find3M ====================
    .
    2012-12-19 05:57:5344544----a-w-c:\windows\system32\rundll32.exe
    2012-11-14 02:09:221800704----a-w-c:\windows\system32\jscript9.dll
    2012-11-14 01:58:151427968----a-w-c:\windows\system32\inetcpl.cpl
    2012-11-14 01:57:371129472----a-w-c:\windows\system32\wininet.dll
    2012-11-14 01:49:25142848----a-w-c:\windows\system32\ieUnatt.exe
    2012-11-14 01:48:27420864----a-w-c:\windows\system32\vbscript.dll
    2012-11-14 01:44:422382848----a-w-c:\windows\system32\mshtml.tlb
    2012-11-05 20:32:16295424----a-w-c:\windows\system32\atmfd.dll
    2012-11-05 20:32:0934304----a-w-c:\windows\system32\atmlib.dll
    2012-11-02 05:11:31376832----a-w-c:\windows\system32\dpnet.dll
    2012-10-16 07:39:52561664----a-w-c:\windows\apppatch\AcLayers.dll
    2012-10-09 17:40:3144032----a-w-c:\windows\system32\dhcpcsvc6.dll
    2012-10-09 17:40:31193536----a-w-c:\windows\system32\dhcpcore6.dll
    2012-10-04 16:47:18169984----a-w-c:\windows\system32\winsrv.dll
    2012-10-04 16:43:05293376----a-w-c:\windows\system32\KernelBase.dll
    2012-10-04 14:57:58271360----a-w-c:\windows\system32\conhost.exe
    2012-10-04 14:41:506144---ha-w-c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-10-04 14:41:504608---ha-w-c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-04 14:41:503584---ha-w-c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-04 14:41:503072---ha-w-c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-10-03 16:58:301293680----a-w-c:\windows\system32\drivers\tcpip.sys
    2012-10-03 16:42:2652224----a-w-c:\windows\system32\nlaapi.dll
    2012-10-03 16:42:26242176----a-w-c:\windows\system32\nlasvc.dll
    2012-10-03 16:42:2418944----a-w-c:\windows\system32\netevent.dll
    2012-10-03 16:42:24175104----a-w-c:\windows\system32\netcorehc.dll
    2012-10-03 16:42:23156672----a-w-c:\windows\system32\ncsi.dll
    2012-10-03 16:40:35499712----a-w-c:\windows\system32\iphlpsvc.dll
    2012-10-03 15:21:3835328----a-w-c:\windows\system32\drivers\tcpipreg.sys
    2012-09-30 03:54:2622856----a-w-c:\windows\system32\drivers\mbam.sys
    2012-09-25 22:47:4378336----a-w-c:\windows\system32\synceng.dll
    .
    ============= FINISH: 18:34:44.55 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/26/2012 10:45:27 AM
    System Uptime: 12/19/2012 6:11:12 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | |
    Processor: Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz | Microprocessor | 996/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 112 GiB total, 88.896 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP159: 12/16/2012 9:19:40 PM - Installed Windows Installer Clean Up
    RP161: 12/16/2012 9:45:47 PM - Installed Zune 4.8
    RP163: 12/16/2012 10:37:17 PM - IObit Uninstaller restore point
    RP164: 12/16/2012 10:37:52 PM - Removed Windows Installer Clean Up
    RP166: 12/16/2012 10:51:44 PM - IObit Uninstaller restore point
    RP168: 12/17/2012 8:36:01 PM - Installed Zune 4.8
    RP170: 12/18/2012 4:59:30 PM - IObit Uninstaller restore point
    RP172: 12/18/2012 5:00:25 PM - IObit Uninstaller restore point
    RP173: 12/18/2012 5:34:35 PM - Changing user folder names
    RP174: 12/18/2012 9:24:29 PM - Rundll32.exe virus elimination
    RP175: 12/18/2012 9:47:58 PM - Windows Update
    RP176: 12/18/2012 10:57:29 PM - avast! Free Antivirus Setup
    RP178: 12/18/2012 11:46:15 PM - IObit Uninstaller restore point
    .
    ==== Installed Programs ======================
    .
    µTorrent
    2007 Microsoft Office Suite Service Pack 3 (SP3)
    Auslogics Disk Defrag
    avast! Free Antivirus
    CCleaner
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Conexant HDA D110 MDC V.92 Modem
    DW WLAN Card Utility
    Google Chrome
    Google Update Helper
    Malwarebytes Anti-Malware version 1.65.1.1000
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Expression Blend 4
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
    Microsoft XNA Game Studio 4.0 Refresh (ARP entry)
    Microsoft XNA Game Studio 4.0 Refresh (Redists)
    Microsoft XNA Game Studio 4.0 Refresh (Shared Components)
    Microsoft XNA Game Studio 4.0 Refresh (Visual Studio)
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Skype™ 6.0
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Windows Mobile Device Updater Component
    Zune
    Zune Language Pack (CHS)
    Zune Language Pack (CHT)
    Zune Language Pack (CSY)
    Zune Language Pack (DAN)
    Zune Language Pack (DEU)
    Zune Language Pack (ELL)
    Zune Language Pack (ESP)
    Zune Language Pack (FIN)
    Zune Language Pack (FRA)
    Zune Language Pack (HUN)
    Zune Language Pack (IND)
    Zune Language Pack (ITA)
    Zune Language Pack (JPN)
    Zune Language Pack (KOR)
    Zune Language Pack (MSL)
    Zune Language Pack (NLD)
    Zune Language Pack (NOR)
    Zune Language Pack (PLK)
    Zune Language Pack (PTB)
    Zune Language Pack (PTG)
    Zune Language Pack (RUS)
    Zune Language Pack (SVE)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/19/2012 6:14:23 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    12/19/2012 6:14:23 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    12/18/2012 9:52:35 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
    12/18/2012 7:17:54 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
    12/18/2012 5:38:03 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
    12/18/2012 10:55:25 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    12/18/2012 10:45:30 PM, Error: Microsoft Antimalware [2001] -
    12/18/2012 10:06:13 PM, Error: Service Control Manager [7022] - The DW WLAN Tray Service service hung on starting.
    12/18/2012 10:00:39 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    12/18/2012 10:00:30 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    12/18/2012 10:00:23 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21
    12/18/2012 10:00:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    12/18/2012 10:00:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    12/18/2012 10:00:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/18/2012 10:00:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    12/18/2012 10:00:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6
    12/15/2012 1:38:10 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    12/15/2012 1:38:10 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/15/2012 1:38:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    .
    ==== End Of File ===========================
    # AdwCleaner v2.101 - Logfile created 12/19/2012 at 19:06:12
    # Updated 16/12/2012 by Xplode
    # Operating system : Windows 7 Professional Service Pack 1 (32 bits)
    # User : Andrew - ANDREW-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Andrew\Downloads\adwcleaner.exe
    # Option [Delete]
    ***** [Services] *****
    ***** [Files / Folders] *****
    ***** [Registry] *****
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16457
    [OK] Registry is clean.
    -\\ Google Chrome v23.0.1271.97
    File : C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [OK] File is clean.
    File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [OK] File is clean.
    File : C:\Users\User_2\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [OK] File is clean.
    File : C:\Users\Moose\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [OK] File is clean.
    *************************
    AdwCleaner[S1].txt - [980 octets] - [19/12/2012 19:06:12]
    ########## EOF - C:\AdwCleaner[S1].txt - [1039 octets] ##########
    I think this means that my computer is clean. Interestingly enough, while login is not as quick as it used to be, there is no black screen before the desktop and taskbar pops up. However, I'm still curious about the 2 run32dll.exe's, the identity of the process which doesn't have a path, and if I should let the one related to NvCpl.dll run...
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    I want to make sure your computer is clean. The computer is only clean from adware. However, it is good to still check for malware, please do the following:

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  5. cookiesandjuice

    cookiesandjuice Newcomer, in training Topic Starter Posts: 25

    ComboFix 12-12-20.02 - Andrew 12/20/2012 18:23:19.1.2 - x86
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2046.1262 [GMT -8:00]
    Running from: c:\users\Andrew\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\User_2\Documents\~WRL1875.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-11-21 to 2012-12-21 )))))))))))))))))))))))))))))))
    .
    .
    2012-12-21 02:30 . 2012-12-21 02:30--------d-----w-c:\users\Andrew\AppData\Local\temp
    2012-12-20 02:17 . 2012-11-19 09:046812136----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{99EF2E91-D33D-421C-81FB-DA322CAD6CDF}\mpengine.dll
    2012-12-19 06:58 . 2012-10-30 23:5121256----a-w-c:\windows\system32\drivers\aswFsBlk.sys
    2012-12-19 06:58 . 2012-10-30 23:51361032----a-w-c:\windows\system32\drivers\aswSP.sys
    2012-12-19 06:58 . 2012-10-15 16:5944784----a-w-c:\windows\system32\drivers\aswRdr2.sys
    2012-12-19 06:58 . 2012-10-30 23:5154232----a-w-c:\windows\system32\drivers\aswTdi.sys
    2012-12-19 06:58 . 2012-10-30 23:51738504----a-w-c:\windows\system32\drivers\aswSnx.sys
    2012-12-19 06:58 . 2012-10-30 23:5158680----a-w-c:\windows\system32\drivers\aswMonFlt.sys
    2012-12-19 06:57 . 2012-10-30 23:5141224----a-w-c:\windows\avastSS.scr
    2012-12-19 06:57 . 2012-10-30 23:50227648----a-w-c:\windows\system32\aswBoot.exe
    2012-12-19 06:57 . 2012-12-19 06:57--------d-----w-c:\programdata\AVAST Software
    2012-12-19 06:57 . 2012-12-19 06:57--------d-----w-c:\program files\AVAST Software
    2012-12-19 01:11 . 2012-12-19 01:12--------d-----w-c:\users\Moose
    2012-12-18 04:36 . 2012-12-18 04:36--------d-----w-c:\windows\system32\drivers\UMDF\es-ES
    2012-12-18 04:36 . 2012-12-18 04:37--------d-----w-c:\program files\Zune
    2012-12-17 06:35 . 2012-12-17 06:35--------d-----w-c:\users\Andrew\AppData\Local\Diagnostics
    2012-12-17 05:19 . 2012-12-17 06:38--------d-----w-c:\program files\MSECACHE
    2012-12-15 07:46 . 2012-12-15 07:49--------d--h--w-c:\windows\msdownld.tmp
    2012-12-15 04:33 . 2009-11-19 10:3379256----a-w-c:\windows\system32\npOGPPlugin.dll
    2012-12-15 04:33 . 2009-11-19 10:33271768----a-w-c:\windows\system32\OGPIEPlugin.ocx
    2012-12-12 00:26 . 2012-11-22 02:562345984----a-w-c:\windows\system32\win32k.sys
    2012-12-12 00:25 . 2012-11-09 04:422048----a-w-c:\windows\system32\tzres.dll
    2012-12-08 03:36 . 2012-12-08 03:36--------d-----w-c:\program files\uTorrent
    2012-12-08 03:35 . 2012-12-15 08:41--------d-----w-c:\users\Andrew\AppData\Roaming\uTorrent
    2012-12-08 03:35 . 2012-12-08 07:50--------d-----w-c:\users\User\AppData\Roaming\uTorrent
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-19 05:57 . 2009-07-14 02:1444544----a-w-c:\windows\system32\rundll32.exe
    2012-11-16 03:35 . 2012-11-16 03:35192768----a-w-c:\programdata\Microsoft\VPDExpress\10.0\1033\ResourceCache.dll
    2012-10-16 07:39 . 2012-11-28 02:42561664----a-w-c:\windows\apppatch\AcLayers.dll
    2012-10-09 17:40 . 2012-11-15 18:19193536----a-w-c:\windows\system32\dhcpcore6.dll
    2012-10-09 17:40 . 2012-11-15 18:1944032----a-w-c:\windows\system32\dhcpcsvc6.dll
    2012-10-03 16:58 . 2012-11-15 18:191293680----a-w-c:\windows\system32\drivers\tcpip.sys
    2012-10-03 16:42 . 2012-11-15 18:1952224----a-w-c:\windows\system32\nlaapi.dll
    2012-10-03 16:42 . 2012-11-15 18:19242176----a-w-c:\windows\system32\nlasvc.dll
    2012-10-03 16:42 . 2012-11-15 18:19175104----a-w-c:\windows\system32\netcorehc.dll
    2012-10-03 16:42 . 2012-11-15 18:1918944----a-w-c:\windows\system32\netevent.dll
    2012-10-03 16:42 . 2012-11-15 18:19156672----a-w-c:\windows\system32\ncsi.dll
    2012-10-03 16:40 . 2012-11-15 18:19499712----a-w-c:\windows\system32\iphlpsvc.dll
    2012-10-03 15:21 . 2012-11-15 18:1935328----a-w-c:\windows\system32\drivers\tcpipreg.sys
    2012-09-30 03:54 . 2012-08-13 22:1122856----a-w-c:\windows\system32\drivers\mbam.sys
    2012-09-25 22:47 . 2012-11-15 18:1978336----a-w-c:\windows\system32\synceng.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 23:50121528----a-w-c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
    "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-03-06 96800]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-01-18 5955072]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
    .
    c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\users\User_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2009-03-06 18:5292704----a-w-c:\windows\System32\nvmctray.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2009-03-05 05:111657376----a-w-c:\windows\System32\nwiz.exe
    .
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
    R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 XDva401;XDva401;c:\windows\system32\XDva401.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-08-03 04:09]
    .
    2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-08-03 04:09]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.254
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-12-20 18:32:07
    ComboFix-quarantined-files.txt 2012-12-21 02:32
    .
    Pre-Run: 95,126,814,720 bytes free
    Post-Run: 94,907,858,944 bytes free
    .
    - - End Of File - - 23D0F44DB9A2F0413846D6C3271A607E
    Thanks!
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL Quick Scan

    Please download OTL by OldTimer to your Desktop.
    • Close all windows and double click OTL.exe.
    • Click Quick Scan button and let the program run uninterrupted.
    • It will produce a log for you called OTL.txt, please post it in your next reply.
    • You may need to use two posts to get it all.
  7. cookiesandjuice

    cookiesandjuice Newcomer, in training Topic Starter Posts: 25

    OTL logfile created on: 12/21/2012 9:44:53 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andrew\Downloads
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.65% Memory free
    4.00 Gb Paging File | 3.26 Gb Available in Paging File | 81.56% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 111.69 Gb Total Space | 86.58 Gb Free Space | 77.52% Space Free | Partition Type: NTFS

    Computer Name: ANDREW-PC | User Name: Andrew | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/12/21 21:44:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Downloads\OTL.exe
    PRC - [2012/10/30 15:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/10/04 06:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2011/08/05 12:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
    PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2011/01/18 07:50:00 | 005,955,072 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
    PRC - [2011/01/18 07:50:00 | 000,040,960 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
    PRC - [2011/01/18 07:49:52 | 005,210,112 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
    PRC - [2010/11/20 03:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/11/30 16:22:58 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
    MOD - [2012/11/30 16:22:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
    MOD - [2012/11/30 16:22:33 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
    MOD - [2012/11/30 16:22:24 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
    MOD - [2012/07/26 12:58:28 | 000,062,464 | ---- | M] () -- C:\Windows\assembly\GAC_32\bcmwlrmt\5.100.235.0__6d6a20262490fcdc\bcmwlrmt.dll


    ========== Services (SafeList) ==========

    SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2012/07/26 12:21:56 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2011/08/05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
    SRV - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
    SRV - [2011/08/05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
    SRV - [2011/01/18 07:50:00 | 000,040,960 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
    SRV - [2009/07/13 17:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
    SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva401.sys -- (XDva401)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Andrew\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012/10/30 15:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/10/30 15:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/10/30 15:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012/10/30 15:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2012/10/30 15:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2012/10/15 08:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
    DRV - [2011/01/18 07:49:50 | 000,018,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
    DRV - [2010/11/20 03:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/20 03:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/20 03:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/20 01:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 00:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/11/20 00:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/20 00:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2009/09/09 16:19:16 | 000,069,664 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\oz776.sys -- (guardian2)
    DRV - [2009/03/06 10:52:00 | 007,545,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 C4 C2 84 8A DA CD 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
    FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)



    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\Windows\system32\npOGPPlugin.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - Extension: avast! WebRep = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

    O1 HOSTS File: ([2012/12/20 18:30:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B8499E8-A5C6-45A8-A214-C25C1757042B}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7ADA438A-D22B-4F4A-9B87-7EC7541F0514}: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/12/20 18:32:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/12/20 18:32:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/12/20 18:32:09 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\temp
    [2012/12/20 18:22:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/12/20 18:22:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/12/20 18:22:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/12/20 18:21:54 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/12/20 18:21:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/12/18 22:58:56 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2012/12/18 22:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/12/18 22:58:55 | 000,361,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2012/12/18 22:58:53 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
    [2012/12/18 22:58:52 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2012/12/18 22:58:51 | 000,738,504 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2012/12/18 22:58:47 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2012/12/18 22:57:52 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/12/18 22:57:51 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2012/12/18 22:57:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/12/18 22:57:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/12/17 20:37:50 | 000,000,000 | R--D | C] -- C:\Users\Andrew\Podcasts
    [2012/12/17 20:36:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
    [2012/12/17 20:36:17 | 000,000,000 | ---D | C] -- C:\Program Files\Zune
    [2012/12/16 22:35:46 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Diagnostics
    [2012/12/16 21:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
    [2012/12/14 23:46:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
    [2012/12/14 22:42:18 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Macromedia
    [2012/12/14 20:33:55 | 000,079,256 | ---- | C] (OGPlanet) -- C:\Windows\System32\npOGPPlugin.dll
    [2012/12/14 20:33:54 | 000,271,768 | ---- | C] (OGPlanet) -- C:\Windows\System32\OGPIEPlugin.ocx
    [2012/12/07 19:36:48 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
    [2012/12/07 19:35:42 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\uTorrent
    [2012/12/02 18:37:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/12/21 21:42:20 | 000,014,448 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/12/21 21:42:20 | 000,014,448 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/12/21 21:41:34 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/12/21 21:39:27 | 000,622,330 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/12/21 21:39:27 | 000,105,536 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/12/21 21:34:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/12/21 21:34:48 | 1609,134,080 | -HS- | M] () -- C:\hiberfil.sys
    [2012/12/20 22:25:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/12/20 18:43:10 | 000,369,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/12/20 18:30:11 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/12/18 23:47:19 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/12/18 22:58:47 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2012/12/16 22:39:05 | 000,002,314 | ---- | M] () -- C:\Users\Andrew\Documents\cc_20121216_223903.reg
    [2012/12/16 22:38:54 | 000,117,380 | ---- | M] () -- C:\Users\Andrew\Documents\cc_20121216_223846.reg
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/12/20 18:22:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/12/20 18:22:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/12/20 18:22:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/12/20 18:22:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/12/20 18:22:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/12/16 22:39:04 | 000,002,314 | ---- | C] () -- C:\Users\Andrew\Documents\cc_20121216_223903.reg
    [2012/12/16 22:38:51 | 000,117,380 | ---- | C] () -- C:\Users\Andrew\Documents\cc_20121216_223846.reg
    [2012/09/02 14:25:52 | 000,000,223 | ---- | C] () -- C:\Windows\TLCAPPS.INI
    [2012/07/28 18:12:57 | 000,430,080 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE
    [2012/07/26 12:56:38 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
    [2012/07/26 10:49:39 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2012/07/26 10:00:37 | 001,724,416 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll
    [2012/07/26 10:00:37 | 001,657,376 | ---- | C] () -- C:\Windows\System32\nwiz.exe
    [2012/07/26 10:00:37 | 001,503,232 | ---- | C] () -- C:\Windows\System32\nView.dll
    [2012/07/26 10:00:37 | 001,101,824 | ---- | C] () -- C:\Windows\System32\nvwimg.dll
    [2012/07/26 10:00:37 | 000,466,944 | ---- | C] () -- C:\Windows\System32\nvShell.dll
    [2012/07/26 10:00:37 | 000,449,056 | ---- | C] () -- C:\Windows\System32\nvAppBar.exe
    [2012/07/26 10:00:37 | 000,158,240 | ---- | C] () -- C:\Windows\System32\nvTaskbar.exe

    ========== ZeroAccess Check ==========

    [2009/07/13 20:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 17:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2012/11/15 20:26:50 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Auslogics
    [2012/08/11 20:48:50 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\PCDr
    [2012/12/15 00:41:50 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\uTorrent

    ========== Purity Check ==========



    < End of report >
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death

    Note: Absence of issues does not mean that you're protected in the future.
  9. cookiesandjuice

    cookiesandjuice Newcomer, in training Topic Starter Posts: 25

    I ran ESET Online Scanner as you instructed, but no issues were detected.

    At the moment, the only issue I have is the issue of rundll32.exe having two instances, one that tries to run at log-in but I am denying it access, and the other which is running without a command line. However, winlogon.exe and csrss.exe also do not have command lines.

    However, I do recall that when I first got my computer, it had two instances of rundll32.exe that ran. I believe it should be safe to run it, especially since after I installed avast! recently, there has been no annoying wait at a black screen upon log-in.

    UPDATE: I have run the second instance, and successfully restarted without lag. I will post again if the issue reoccurs, or if I have another issue. Thank you for your time! (=
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi there. It's normal for rundll32.exe to be running under a few instances. No worries.


    It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create


    Remove tools, temp files, old Restore Points

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
    • It may open a log for you, but I don't need that.

    To remove all of the tools we used and the files and folders they created do the following:
    Double click OTL.exe.
    • Click the CleanUp button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  11. cookiesandjuice

    cookiesandjuice Newcomer, in training Topic Starter Posts: 25

    Results of screen317's Security Check version 0.99.56
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Security Center service is not running! This report may not be accurate!
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.1.1000
    CCleaner
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    Google Chrome 22.0.1229.79
    Google Chrome 22.0.1229.92
    Google Chrome 22.0.1229.94
    Google Chrome 23.0.1271.64
    Google Chrome 23.0.1271.91
    Google Chrome 23.0.1271.95
    Google Chrome 23.0.1271.97
    ````````Process Check: objlist.exe by Laurent````````
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.


    Any other questions before I mark this topic solved?
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Topic solved. :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.