Solved Brand new computer issues

Johnny D

Johnny D

Posts: 14   +0
Built this new computer that runs Win 7 with a buddy who has done this numerous times on Friday, worked great all weekend.g

Today, Monday, all programs 3rd party or not, stop responding after ~20 seconds of uptime in Normal mode only.

Could not even be responsive long enough to do the preliminary steps as detailed in the pinned instruction threads all logs were done in safe mode.

Malware:

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.21.10

Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7600.16385
John Daniel :: JOHNDANIEL-PC [administrator]

Protection: Disabled

1/21/2013 8:14:19 PM
mbam-log-2013-01-21 (20-14-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225481
Time elapsed: 1 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 20
HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Users\John Daniel\AppData\LocalLow\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\John Daniel\AppData\LocalLow\Funmoods\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\John Daniel\AppData\LocalLow\Funmoods\Funmoods\us (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\John Daniel\AppData\LocalLow\Funmoods\Funmoods\us\20101003 (PUP.FunMoods) -> Quarantined and deleted successfully.

Files Detected: 0
(No malicious items detected)

(end)

DDS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 8.0.7600.16385
Run by John Daniel at 20:25:26 on 2013-01-21
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8125.6809 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\helppane.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=118564&tt=0313_6&babsrc=HP_ss&mntrId=b2bf64e6000000000000d43d7e357f9e
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10005&barid={942CD4B8-61FD-11E2-A437-D43D7E357F9E}
uURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
mWinlogon: Userinit = userinit.exe,
BHO: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: smartdownloader Class: {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - C:\Program Files (x86)\PutLockerDownloader\smarterdownloader.dll
TB: uTorrentControl_v2 Toolbar: {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
TB: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [AdobeBridge] <no file>
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{8C3ECBB5-D9A9-47AD-95AA-B4D884D1D97C} : DHCPNameServer = 209.18.47.61 209.18.47.62
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://searchfunmoods.com/?f=1&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtAyDyB0Fzy0EyCyE0EyCtN0D0Tzu0CtAzzyEtN1L2XzutBtFtBtFtCtFyEtDyB&cr=671711152
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-1-18 56208]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-1-18 676968]
S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-1-21 984144]
S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-1-21 370288]
S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-1-21 25232]
S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-1-21 71600]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-1-21 44808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-21 398184]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-21 682344]
S3 ElgatoGC658Y;Elgato Game Capture;C:\Windows\System32\drivers\ElgatoGC658.sys [2013-1-19 50288]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-21 24176]
S4 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-1-19 45056]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2013-01-22 04:02:14--------d-----w-C:\Users\John Daniel\AppData\Roaming\Malwarebytes
2013-01-22 04:02:12--------d-----w-C:\ProgramData\Malwarebytes
2013-01-22 04:02:1124176----a-w-C:\Windows\System32\drivers\mbam.sys
2013-01-22 04:02:11--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-22 04:02:04--------d-----w-C:\Users\John Daniel\AppData\Local\Programs
2013-01-21 23:07:27984144----a-w-C:\Windows\System32\drivers\aswSnx.sys
2013-01-21 23:07:2754072----a-w-C:\Windows\System32\drivers\aswRdr2.sys
2013-01-21 23:07:2571600----a-w-C:\Windows\System32\drivers\aswMonFlt.sys
2013-01-21 23:07:1341224----a-w-C:\Windows\avastSS.scr
2013-01-21 23:07:05--------d-----w-C:\ProgramData\AVAST Software
2013-01-21 23:07:05--------d-----w-C:\Program Files\AVAST Software
2013-01-21 22:55:122622464----a-w-C:\Windows\System32\wucltux.dll
2013-01-21 22:54:5299840----a-w-C:\Windows\System32\wudriver.dll
2013-01-21 22:54:4336864----a-w-C:\Windows\System32\wuapp.exe
2013-01-21 22:54:43186752----a-w-C:\Windows\System32\wuwebv.dll
2013-01-20 05:11:42--------d-----w-C:\Users\John Daniel\AppData\Local\Ico Converter
2013-01-20 05:11:08--------d-----w-C:\Program Files (x86)\Search_Spin
2013-01-20 05:10:56--------d-----w-C:\Program Files (x86)\Tomatosoft
2013-01-20 05:09:50--------d-----w-C:\Users\John Daniel\AppData\Local\Coupon Companion Plugin
2013-01-20 05:09:47--------d-----w-C:\Users\John Daniel\AppData\Local\Wajam
2013-01-20 05:09:47--------d-----w-C:\Program Files (x86)\Wajam
2013-01-20 05:09:44--------d-----w-C:\Program Files (x86)\Coupon Companion Plugin
2013-01-20 04:24:26--------d--h--w-C:\ProgramData\Common Files
2013-01-20 04:24:09--------d-----w-C:\Program Files (x86)\Stardock
2013-01-19 23:34:52--------d-----w-C:\Program Files (x86)\Smith Micro
2013-01-19 23:27:26332288----a-w-C:\Windows\System32\uxtheme.dll.backup
2013-01-19 23:27:252851328----a-w-C:\Windows\System32\themeui.dll.backup
2013-01-19 23:27:2344544----a-w-C:\Windows\System32\themeservice.dll.backup
2013-01-19 22:48:5550288----a-w-C:\Windows\System32\drivers\ElgatoGC658.sys
2013-01-19 22:48:55--------d-----w-C:\Program Files\Elgato
2013-01-19 22:48:44--------d-----w-C:\Users\John Daniel\AppData\Roaming\Elgato
2013-01-19 22:48:43--------d-----w-C:\Program Files (x86)\Elgato
2013-01-19 11:48:33--------d-----w-C:\Windows\Panther
2013-01-19 08:42:04--------d-----w-C:\Program Files (x86)\Common Files\BattlEye
2013-01-19 08:02:39--------d-----w-C:\Users\John Daniel\AppData\Roaming\PACE Anti-Piracy
2013-01-19 08:02:39--------d-----w-C:\Users\John Daniel\AppData\Local\PACE Anti-Piracy
2013-01-19 08:02:39--------d-----w-C:\ProgramData\PACE Anti-Piracy
2013-01-19 08:02:36--------d-----w-C:\Users\John Daniel\AppData\Roaming\NVIDIA
2013-01-19 08:02:19--------d-----w-C:\ProgramData\regid.1986-12.com.adobe
2013-01-19 07:58:06--------d-----w-C:\Windows\System32\appmgmt
2013-01-19 07:55:4756208------w-C:\Windows\System32\drivers\PxHlpa64.sys
2013-01-19 07:55:4710224------w-C:\Windows\System32\drivers\cdralw2k.sys
2013-01-19 07:55:4710224------w-C:\Windows\System32\drivers\cdr4_xp.sys
2013-01-19 07:55:47--------d-----w-C:\Program Files (x86)\Common Files\Sonic Shared
2013-01-19 07:55:47--------d-----w-C:\Program Files (x86)\Common Files\PX Storage Engine
2013-01-19 07:55:41--------d-----w-C:\Program Files (x86)\My Company Name
2013-01-19 07:36:24--------d-----w-C:\Users\John Daniel\AppData\Roaming\Babylon
2013-01-19 07:36:24--------d-----w-C:\ProgramData\Babylon
2013-01-19 06:09:05--------d-----w-C:\Users\John Daniel\AppData\Local\ArmA 2
2013-01-19 06:09:03--------d-----w-C:\Program Files (x86)\Bohemia Interactive
2013-01-19 06:02:5968104----a-w-C:\Windows\System32\XAPOFX1_0.dll
2013-01-19 06:01:18--------d-----w-C:\Users\John Daniel\AppData\Local\SwvUpdater
2013-01-19 06:01:06--------d-----w-C:\Users\John Daniel\AppData\Local\DayZCommander
2013-01-19 06:00:52--------d-----w-C:\Program Files (x86)\SweetIM
2013-01-19 06:00:33--------d-----w-C:\ProgramData\CLSoft LTD
2013-01-19 06:00:26--------d-----w-C:\ProgramData\Zoomex
2013-01-19 06:00:21--------d-----w-C:\ProgramData\InstallMate
2013-01-19 05:58:59--------d-----w-C:\Program Files (x86)\Dotjosh Studios
2013-01-19 05:47:4199176----a-w-C:\Windows\SysWow64\PresentationHostProxy.dll
2013-01-19 05:47:4149472----a-w-C:\Windows\SysWow64\netfxperf.dll
2013-01-19 05:47:4148960----a-w-C:\Windows\System32\netfxperf.dll
2013-01-19 05:47:41444752----a-w-C:\Windows\System32\mscoree.dll
2013-01-19 05:47:41320352----a-w-C:\Windows\System32\PresentationHost.exe
2013-01-19 05:47:41297808----a-w-C:\Windows\SysWow64\mscoree.dll
2013-01-19 05:47:41295264----a-w-C:\Windows\SysWow64\PresentationHost.exe
2013-01-19 05:47:411942856----a-w-C:\Windows\System32\dfshim.dll
2013-01-19 05:47:411130824----a-w-C:\Windows\SysWow64\dfshim.dll
2013-01-19 05:47:41109912----a-w-C:\Windows\System32\PresentationHostProxy.dll
2013-01-19 05:27:56--------d-----w-C:\Users\John Daniel\AppData\Local\Adobe
2013-01-19 04:54:32--------d-----w-C:\Users\John Daniel\AppData\Roaming\Funmoods
2013-01-19 04:54:16--------d-----w-C:\Users\John Daniel\AppData\Local\PutLockerDownloader
2013-01-19 04:54:14--------d-----w-C:\ProgramData\Tarma Installer
2013-01-19 04:54:13--------d-----w-C:\Program Files (x86)\PutLockerDownloader
2013-01-19 04:47:33--------d-----w-C:\Users\John Daniel\AppData\Roaming\XBMC
2013-01-19 04:46:08--------d-----w-C:\Program Files (x86)\XBMC
2013-01-19 04:38:45--------d-----w-C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-19 04:36:16--------d-----w-C:\Users\John Daniel\AppData\Local\Apple Computer
2013-01-19 04:36:1133240----a-w-C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-01-19 04:35:48--------d-----w-C:\Program Files\iPod
2013-01-19 04:35:47--------d-----w-C:\Program Files\iTunes
2013-01-19 04:35:47--------d-----w-C:\Program Files (x86)\iTunes
2013-01-19 04:35:22--------d-----w-C:\Users\John Daniel\AppData\Local\Apple
2013-01-19 04:35:02--------d-----w-C:\Program Files\Bonjour
2013-01-19 04:35:02--------d-----w-C:\Program Files (x86)\Bonjour
2013-01-19 04:02:04884152----a-w-C:\Windows\System32\nvvsvc.exe
2013-01-19 04:02:0463928----a-w-C:\Windows\System32\nvshext.dll
2013-01-19 04:02:046382008----a-w-C:\Windows\System32\nvcpl.dll
2013-01-19 04:02:043455416----a-w-C:\Windows\System32\nvsvc64.dll
2013-01-19 04:02:042923201----a-w-C:\Windows\System32\nvcoproc.bin
2013-01-19 04:02:04118712----a-w-C:\Windows\System32\nvmctray.dll
2013-01-19 03:55:0777656----a-w-C:\Windows\System32\XAPOFX1_5.dll
2013-01-19 03:35:46--------d-----w-C:\Users\John Daniel\AppData\Roaming\Nico Mak Computing
2013-01-19 03:35:4318760----a-w-C:\Windows\System32\roboot64.exe
2013-01-19 03:35:42--------d-----w-C:\Program Files (x86)\WinZip Registry Optimizer
2013-01-19 03:35:39--------d-----w-C:\Users\John Daniel\AppData\Local\CRE
2013-01-19 03:35:37--------d-----w-C:\Program Files (x86)\Conduit
2013-01-19 03:35:36--------d-----w-C:\Users\John Daniel\AppData\Local\Conduit
2013-01-19 03:35:35--------d-----w-C:\Program Files (x86)\uTorrentControl_v2
2013-01-19 03:34:43--------d-----w-C:\Users\John Daniel\AppData\Roaming\uTorrent
2013-01-19 03:11:559161176----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A9D6CB93-784F-4B01-BCA7-F2DCF283F804}\mpengine.dll
2013-01-19 03:11:54279656------w-C:\Windows\System32\MpSigStub.exe
2013-01-19 03:02:43--------d-----w-C:\Program Files (x86)\Steam
2013-01-19 03:02:43--------d-----w-C:\Program Files (x86)\Common Files\Steam
2013-01-19 03:00:42--------d-sh--w-C:\Windows\Installer
2013-01-19 02:57:48--------d-----w-C:\Users\John Daniel\AppData\Local\Google
2013-01-19 02:56:46--------d-----w-C:\Users\John Daniel\AppData\Local\Deployment
2013-01-19 02:56:46--------d-----w-C:\Users\John Daniel\AppData\Local\Apps
2013-01-18 20:04:59712296----a-w-C:\Windows\System32\DTSSymmetryDLL64.dll
2013-01-18 20:03:15--------d-----w-C:\Program Files (x86)\Realtek
2013-01-18 20:01:1553248----a-w-C:\Windows\SysWow64\CSVer.dll
2013-01-18 20:01:08--------d-----w-C:\Intel
2013-01-18 20:00:54--------d-----w-C:\MSI
2013-01-18 19:55:45--------d-sh--w-C:\Recovery
2012-12-29 10:54:24550328----a-w-C:\Windows\SysWow64\nvStreaming.exe
.
==================== Find3M ====================
.
2012-12-19 21:53:041275392----a-w-C:\Windows\SysWow64\msxml4.dll
2012-12-19 21:53:0282432----a-w-C:\Windows\SysWow64\msxml4r.dll
.
============= FINISH: 20:25:39.45 ===============
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 1/19/2013 3:53:28 AM
System Uptime: 1/21/2013 8:22:58 PM (0 hours ago)
.
Motherboard: MSI | | B75MA-E33 (MS-7808)
Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz | SOCKET 0 | 3192/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1863 GiB total, 1809.032 GiB free.
D: is FIXED (FAT32) - 149 GiB total, 40.623 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_78081462&REV_04\3&11583659&0&A0
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_78081462&REV_04\3&11583659&0&A0
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: avast! Network Shield Support
Device ID: ROOT\LEGACY_ASWTDI\0000
Manufacturer:
Name: avast! Network Shield Support
PNP Device ID: ROOT\LEGACY_ASWTDI\0000
Service: aswTdi
.
Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_1E3A&SUBSYS_78081462&REV_04\3&11583659&0&B0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_1E3A&SUBSYS_78081462&REV_04\3&11583659&0&B0
Service:
.
==== System Restore Points ===================
.
RP14: 1/19/2013 2:48:12 PM - Installed Elgato Game Capture HD
RP15: 1/19/2013 3:34:02 PM - Installed StuffIt Expander 2011.
RP16: 1/19/2013 3:55:07 PM - Installed Theme Manager
RP17: 1/19/2013 11:57:58 PM - Installed Java 7 Update 11
RP18: 1/21/2013 2:54:33 PM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe AIR
Adobe Help Manager
Adobe Premiere Pro CS6
Adobe Premiere Pro CS6 Functional Content
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ARMA 2
ARMA 2: Operation Arrowhead
ARMA 2: Operation Arrowhead Beta
avast! Free Antivirus
BattlEye for OA Uninstall
BattlEye Uninstall
bl
Bonjour
Chivalry: Medieval Warfare
DayZ Commander
Elgato Game Capture HD
Game Capture HD v2.3.3.38
Google Chrome
Google Update Helper
iTunes
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
NVIDIA 3D Vision Controller Driver 310.90
NVIDIA 3D Vision Driver 310.90
NVIDIA Control Panel 310.90
NVIDIA Graphics Driver 310.90
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
ph
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Steam
uTorrentControl_v2 Toolbar
XBMC
.
==== Event Viewer Messages From Past Week ========
.
1/21/2013 8:23:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/21/2013 8:23:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/21/2013 8:23:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/21/2013 8:23:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/21/2013 8:23:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi cdrom discache spldr Wanarpv6
1/21/2013 8:17:37 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
1/21/2013 8:06:20 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
1/21/2013 7:32:19 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/21/2013 7:32:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/21/2013 7:32:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/21/2013 7:32:10 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi cdrom CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
1/21/2013 7:32:10 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/21/2013 7:32:10 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2013 7:32:10 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2013 7:32:10 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/21/2013 7:32:10 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/21/2013 7:32:10 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2013 7:32:10 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/21/2013 7:32:10 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/21/2013 7:32:10 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2013 7:32:10 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2013 7:30:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
1/21/2013 7:30:41 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/21/2013 7:23:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
1/21/2013 7:23:09 PM, Error: Service Control Manager [7000] - The Application Information service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/21/2013 3:07:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
1/21/2013 3:01:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom discache spldr Wanarpv6
1/21/2013 2:58:19 PM, Error: Service Control Manager [7022] - The Windows Defender service hung on starting.
1/21/2013 2:35:20 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
1/21/2013 2:35:20 PM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/21/2013 2:34:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
1/21/2013 12:37:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
1/21/2013 12:34:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/21/2013 12:33:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdrom CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
1/21/2013 11:15:58 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wbengine service.
1/21/2013 10:49:15 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
1/21/2013 10:43:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/21/2013 1:30:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
1/21/2013 1:29:36 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
1/21/2013 1:29:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
1/19/2013 11:30:39 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
1/18/2013 7:04:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
1/18/2013 7:04:13 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/18/2013 11:58:22 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
.
==== End Of File ===========================
 
More background information AND updates:


1. I have done two system restores back to ~24 hours after first start up, no change in performance.

2. I have tried clean boot in normal mode with no change in performance: http://support.microsoft.com/kb/331796

3. Also ran a disk check and still no change in performance:

[FONT=Segoe UI]"Open computer. Right click on your system drive and click properties>tools>check now. Tick the first option and click start. System will ask for a reboot. Click Schedule disk check"[/FONT]

[FONT=Segoe UI]4. I have no wifi card, I just realized if I unplug hard wire ethernet connection I have ZERO issues in normal mode. Currently running a full scan in normal mode offline. Will post results:[/FONT]


Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.21.10

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
John Daniel :: JOHNDANIEL-PC [administrator]

Protection: Enabled

1/21/2013 10:04:57 PM
mbam-log-2013-01-21 (22-04-57).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 398271
Time elapsed: 37 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Users\John Daniel\Downloads\Encore Working\Crack\32-bit\amtlib.dll (PUP.RiskwareTool.CK) -> Quarantined and deleted successfully.
C:\Users\John Daniel\Downloads\Encore Working\Crack\64-bit\amtlib.dll (PUP.RiskwareTool.CK) -> Quarantined and deleted successfully.
C:\Users\John Daniel\Downloads\Encore Working\Crack\Patcher\adobe.cs6.all.products.activator.(x32.y.x64)_up01-MPT.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
C:\Users\John Daniel\Downloads\Encore Working\Fix Encore Problem Optional\DLL Cracked\amtlib.Crack.CS6\32-bit\amtlib.dll (PUP.RiskwareTool.CK) -> Quarantined and deleted successfully.
C:\Users\John Daniel\Downloads\Encore Working\Fix Encore Problem Optional\DLL Cracked\amtlib.Crack.CS6\64-bit\amtlib.dll (PUP.RiskwareTool.CK) -> Quarantined and deleted successfully.
C:\Users\John Daniel\Downloads\Encore Working\Fix Encore Problem Optional\Patcher\adobe.cs6.all.products.activator.(x32.y.x64)_up01-MPT.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.

(end)
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=============================

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
Thank you!

RogueKiller V8.4.3 [Jan 21 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : John Daniel [Admin rights]
Mode : Remove -- Date : 01/22/2013 20:49:10

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[TASK][SUSP PATH] AmiUpdXp : C:\Users\John Daniel\AppData\Local\SwvUpdater\Updater.exe -> DELETED
[TASK][SUSP PATH] Funmoods : C:\Users\JOHNDA~1\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE /Check -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST2000DM001-1CH164 ATA Device +++++
--- User ---
[MBR] f0359c1159e378bcff9a76c311d7fe20
[BSP] c7aa29d716e0aa88d49d12389ee56d83 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1907627 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Seagate Portable USB Device +++++
--- User ---
[MBR] 234442a817eb3f865a64048a09d6cbb4
[BSP] 0940349a79115935209b449db4a68c17 : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 200 Mo
1 - [XXXXXX] UNKNOWN (0xaf) [VISIBLE] Offset (sectors): 409640 | Size: 152626 Mo
2 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 313251840 | Size: 152290 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_01222013_02d2049.txt >>
RKreport[1]_S_01222013_02d2048.txt ; RKreport[2]_D_01222013_02d2049.txt


MBAR SYS LOG TEXT:

Malwarebytes Anti-Rootkit BETA 1.01.0.1016

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 8.0.7600.16385

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.192000 GHz
Memory total: 8519471104, free: 7135993856

------------ Kernel report ------------
01/22/2013 20:50:48
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\vmstorfl.sys
\SystemRoot\system32\DRIVERS\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\Drivers\ElgatoGC658.sys
\SystemRoot\System32\Drivers\USBD.SYS
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\usp10.dll
\Windows\System32\setupapi.dll
\Windows\System32\psapi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\comdlg32.dll
\Windows\System32\shell32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\msctf.dll
\Windows\System32\user32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\difxapi.dll
\Windows\System32\nsi.dll
\Windows\System32\gdi32.dll
\Windows\System32\wininet.dll
\Windows\System32\ws2_32.dll
\Windows\System32\imm32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\Wldap32.dll
\Windows\System32\advapi32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\kernel32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\iertutil.dll
\Windows\System32\ole32.dll
\Windows\System32\sechost.dll
\Windows\System32\normaliz.dll
\Windows\System32\lpk.dll
\Windows\System32\urlmon.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8009d70060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000086\
Lower Device Object: 0xfffffa8009d74060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80076e1060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa8007149060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
No address found
No address found
Downloaded database version: v2013.01.23.03
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80076e1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80076e1b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80076e1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007149060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8a002a38960, 0xfffffa80076e1060, 0xfffffa8006983790
Lower DeviceData: 0xfffff8a003108880, 0xfffffa8007149060, 0xfffffa8006992e40
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 79A291F6

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 3906820096

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-3907009168-3907029168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8009d70060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800a6d6040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009d70060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8009d74060, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\
------------ End ----------
Upper DeviceData: 0xfffff8a002ea40e0, 0xfffffa8009d70060, 0xfffffa800698f790
Lower DeviceData: 0xfffff8a0030d0f20, 0xfffffa8009d74060, 0xfffffa8006934090
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: CEBD840D

Partition information:

Partition 0 type is Other (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 409639

Partition 1 type is Other (0xaf)
Partition is NOT ACTIVE.
Partition starts at LBA: 409640 Numsec = 312578128

Partition 2 type is Other (0xb)
Partition is NOT ACTIVE.
Partition starts at LBA: 313251840 Numsec = 311889920

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Infected: HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} --> [PUP.FunMoods]
Infected: HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page --> [PUP.FunMoods]
Done!
Scan finished
Creating System Restore point...
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1016

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 8.0.7600.16385

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.192000 GHz
Memory total: 8519471104, free: 7224418304

=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1016

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 8.0.7600.16385

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.192000 GHz
Memory total: 8519471104, free: 7286571008

------------ Kernel report ------------
01/22/2013 21:01:53
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\vmstorfl.sys
\SystemRoot\system32\DRIVERS\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\Drivers\ElgatoGC658.sys
\SystemRoot\System32\Drivers\USBD.SYS
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800a6b12e0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000085\
Lower Device Object: 0xfffffa800a6a6060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80076c1060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa8007128510
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80076c1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80076c1b20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80076c1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007128510, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8a0033de5a0, 0xfffffa80076c1060, 0xfffffa800ae53790
Lower DeviceData: 0xfffff8a002f8b820, 0xfffffa8007128510, 0xfffffa8008902e40
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 79A291F6

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 3906820096

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-3907009168-3907029168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800a6b12e0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800a6a65d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800a6b12e0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800a6a6060, DeviceName: \Device\00000085\, DriverName: \Driver\USBSTOR\
------------ End ----------
Upper DeviceData: 0xfffff8a002e4e930, 0xfffffa800a6b12e0, 0xfffffa8007679790
Lower DeviceData: 0xfffff8a002cd4d40, 0xfffffa800a6a6060, 0xfffffa80088bcd10
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: CEBD840D

Partition information:

Partition 0 type is Other (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 409639

Partition 1 type is Other (0xaf)
Partition is NOT ACTIVE.
Partition starts at LBA: 409640 Numsec = 312578128

Partition 2 type is Other (0xb)
Partition is NOT ACTIVE.
Partition starts at LBA: 313251840 Numsec = 311889920

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Infected: HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} --> [PUP.FunMoods]
Infected: HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page --> [PUP.FunMoods]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal successful. No system shutdown is required.
=======================================
MBAR LOG:

Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.23.03

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
John Daniel :: JOHNDANIEL-PC [administrator]

1/22/2013 9:05:49 PM
mbar-log-2013-01-22 (21-05-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28904
Time elapsed: 3 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page (PUP.FunMoods) -> Bad: (http://searchfunmoods.com/?f=1&a=nv...tAzzyEtN1L2XzutBtFtBtFtCtFyEtDyB&cr=671711152) Good: (http://www.google.com) -> Delete on reboot.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

=============================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Thanks Broni,after further review your previous set of instructions seems to have solved the issues I was having! Thank you so much.

Would you advise that I still continue with the steps you provided in your most recent post?

Thanks again, you saved me a disk rewrite.
 
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
Click to expand...
 
ComboFix 13-01-23.01 - John Daniel 01/23/2013 20:40:59.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8125.6099 [GMT -8:00]
Running from: c:\users\John Daniel\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-12-24 to 2013-01-24 )))))))))))))))))))))))))))))))
.
.
2013-01-24 04:44 . 2013-01-24 04:44--------d-----w-c:\users\Default\AppData\Local\temp
2013-01-23 00:25 . 2013-01-23 12:5876232----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{A9D6CB93-784F-4B01-BCA7-F2DCF283F804}\offreg.dll
2013-01-22 04:02 . 2013-01-22 04:02--------d-----w-c:\programdata\Malwarebytes
2013-01-22 04:02 . 2013-01-22 04:02--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-22 04:02 . 2012-12-15 00:4924176----a-w-c:\windows\system32\drivers\mbam.sys
2013-01-21 23:07 . 2012-10-30 23:5125232----a-w-c:\windows\system32\drivers\aswFsBlk.sys
2013-01-21 23:07 . 2012-10-30 23:51370288----a-w-c:\windows\system32\drivers\aswSP.sys
2013-01-21 23:07 . 2012-10-30 23:5159728----a-w-c:\windows\system32\drivers\aswTdi.sys
2013-01-21 23:07 . 2012-10-30 23:51984144----a-w-c:\windows\system32\drivers\aswSnx.sys
2013-01-21 23:07 . 2012-10-15 16:5954072----a-w-c:\windows\system32\drivers\aswRdr2.sys
2013-01-21 23:07 . 2012-10-30 23:5171600----a-w-c:\windows\system32\drivers\aswMonFlt.sys
2013-01-21 23:07 . 2012-10-30 23:50285328----a-w-c:\windows\system32\aswBoot.exe
2013-01-21 23:07 . 2012-10-30 23:5141224----a-w-c:\windows\avastSS.scr
2013-01-21 23:07 . 2012-10-30 23:50227648----a-w-c:\windows\SysWow64\aswBoot.exe
2013-01-21 23:07 . 2013-01-21 23:07--------d-----w-c:\programdata\AVAST Software
2013-01-21 23:07 . 2013-01-21 23:07--------d-----w-c:\program files\AVAST Software
2013-01-21 22:55 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
2013-01-21 22:55 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
2013-01-21 22:55 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
2013-01-21 22:55 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
2013-01-21 22:54 . 2012-06-02 22:1938424----a-w-c:\windows\system32\wups.dll
2013-01-21 22:54 . 2012-06-02 22:19701976----a-w-c:\windows\system32\wuapi.dll
2013-01-21 22:54 . 2012-06-02 22:1599840----a-w-c:\windows\system32\wudriver.dll
2013-01-21 22:54 . 2012-06-02 23:19186752----a-w-c:\windows\system32\wuwebv.dll
2013-01-21 22:54 . 2012-06-02 23:1536864----a-w-c:\windows\system32\wuapp.exe
2013-01-20 07:58 . 2013-01-20 07:58--------d-----w-c:\program files (x86)\Common Files\Java
2013-01-20 07:58 . 2013-01-20 07:58--------d-----w-c:\program files (x86)\Java
2013-01-20 07:57 . 2013-01-20 07:57--------d-----w-c:\programdata\McAfee
2013-01-20 05:11 . 2013-01-21 18:44--------d-----w-c:\program files (x86)\Search_Spin
2013-01-20 05:10 . 2013-01-20 05:10--------d-----w-c:\program files (x86)\Tomatosoft
2013-01-20 05:09 . 2013-01-21 18:44--------d-----w-c:\program files (x86)\Wajam
2013-01-20 05:09 . 2013-01-21 18:44--------d-----w-c:\program files (x86)\Coupon Companion Plugin
2013-01-20 04:24 . 2013-01-20 04:24--------d--h--w-c:\programdata\Common Files
2013-01-20 04:24 . 2013-01-20 04:24--------d-----w-c:\program files (x86)\Stardock
2013-01-19 23:34 . 2013-01-19 23:34--------d-----w-c:\program files (x86)\Smith Micro
2013-01-19 23:27 . 2009-07-14 01:41332288----a-w-c:\windows\system32\uxtheme.dll.backup
2013-01-19 23:27 . 2009-07-14 01:412851328----a-w-c:\windows\system32\themeui.dll.backup
2013-01-19 23:27 . 2009-07-14 01:4144544----a-w-c:\windows\system32\themeservice.dll.backup
2013-01-19 22:48 . 2013-01-19 22:48--------d-----w-c:\program files\Elgato
2013-01-19 22:48 . 2012-11-12 08:5050288----a-w-c:\windows\system32\drivers\ElgatoGC658.sys
2013-01-19 22:48 . 2013-01-19 22:48--------d-----w-c:\program files (x86)\Elgato
2013-01-19 11:48 . 2013-01-19 11:53--------d-----w-c:\windows\Panther
2013-01-19 08:42 . 2013-01-21 18:44--------d-----w-c:\program files (x86)\Common Files\BattlEye
2013-01-19 08:02 . 2013-01-19 08:02--------d-----w-c:\programdata\PACE Anti-Piracy
2013-01-19 08:02 . 2013-01-19 08:03--------d-----w-c:\programdata\regid.1986-12.com.adobe
2013-01-19 07:58 . 2013-01-19 07:58--------d-----w-c:\windows\system32\appmgmt
2013-01-19 07:55 . 2013-01-19 07:55--------d-----w-c:\program files (x86)\Common Files\Sonic Shared
2013-01-19 07:55 . 2013-01-19 07:55--------d-----w-c:\program files (x86)\Common Files\PX Storage Engine
2013-01-19 07:55 . 2011-11-03 11:0156208------w-c:\windows\system32\drivers\PxHlpa64.sys
2013-01-19 07:55 . 2011-10-17 11:0010224------w-c:\windows\system32\drivers\cdralw2k.sys
2013-01-19 07:55 . 2011-10-17 11:0010224------w-c:\windows\system32\drivers\cdr4_xp.sys
2013-01-19 07:55 . 2013-01-19 07:55--------d-----w-c:\program files (x86)\My Company Name
2013-01-19 07:54 . 2013-01-19 07:54--------d-----w-c:\program files (x86)\Common Files\Adobe AIR
2013-01-19 07:53 . 2013-01-19 07:53--------d-----w-c:\windows\SysWow64\Macromed
2013-01-19 07:36 . 2013-01-19 07:36--------d-----w-c:\programdata\Babylon
2013-01-19 06:09 . 2013-01-19 06:09--------d-----w-c:\program files (x86)\Bohemia Interactive
2013-01-19 06:02 . 2008-07-10 19:01467984----a-w-c:\windows\SysWow64\d3dx10_39.dll
2013-01-19 06:00 . 2013-01-19 08:14--------d-----w-c:\program files (x86)\SweetIM
2013-01-19 06:00 . 2013-01-19 06:00--------d-----w-c:\programdata\CLSoft LTD
2013-01-19 06:00 . 2013-01-19 07:47--------d-----w-c:\programdata\Zoomex
2013-01-19 06:00 . 2013-01-21 20:35--------d-----w-c:\programdata\InstallMate
2013-01-19 05:58 . 2013-01-19 05:58--------d-----w-c:\program files (x86)\Dotjosh Studios
2013-01-19 05:48 . 2013-01-19 05:48--------d-----w-c:\program files (x86)\Microsoft.NET
2013-01-19 05:47 . 2009-11-25 19:4749472----a-w-c:\windows\SysWow64\netfxperf.dll
2013-01-19 05:47 . 2009-11-25 19:47297808----a-w-c:\windows\SysWow64\mscoree.dll
2013-01-19 05:47 . 2009-11-25 19:4799176----a-w-c:\windows\SysWow64\PresentationHostProxy.dll
2013-01-19 05:47 . 2009-11-25 19:4748960----a-w-c:\windows\system32\netfxperf.dll
2013-01-19 05:47 . 2009-11-25 19:47295264----a-w-c:\windows\SysWow64\PresentationHost.exe
2013-01-19 05:47 . 2009-11-25 19:471130824----a-w-c:\windows\SysWow64\dfshim.dll
2013-01-19 05:47 . 2009-11-25 19:47109912----a-w-c:\windows\system32\PresentationHostProxy.dll
2013-01-19 05:47 . 2009-11-25 19:47444752----a-w-c:\windows\system32\mscoree.dll
2013-01-19 05:47 . 2009-11-25 19:47320352----a-w-c:\windows\system32\PresentationHost.exe
2013-01-19 05:47 . 2009-11-25 19:471942856----a-w-c:\windows\system32\dfshim.dll
2013-01-19 05:28 . 2013-01-19 08:11--------d-----w-c:\program files\Adobe
2013-01-19 05:28 . 2013-01-19 07:55--------d-----w-c:\program files\Common Files\Adobe
2013-01-19 05:28 . 2013-01-19 08:10--------d-----w-c:\program files (x86)\Common Files\Adobe
2013-01-19 05:06 . 2013-01-19 05:06--------d-----w-c:\program files\7-Zip
2013-01-19 04:54 . 2013-01-21 20:36--------d-----w-c:\programdata\Tarma Installer
2013-01-19 04:54 . 2013-01-19 04:54--------d-----w-c:\program files (x86)\PutLockerDownloader
2013-01-19 04:46 . 2013-01-19 04:46--------d-----w-c:\program files (x86)\XBMC
2013-01-19 04:38 . 2013-01-19 04:38--------d-----w-c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-19 04:36 . 2013-01-19 04:36--------dc----w-c:\windows\system32\DRVSTORE
2013-01-19 04:36 . 2012-08-21 21:0133240----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
2013-01-19 04:35 . 2013-01-19 04:35--------d-----w-c:\program files\iPod
2013-01-19 04:35 . 2013-01-19 04:36--------d-----w-c:\program files\iTunes
2013-01-19 04:35 . 2013-01-19 04:36--------d-----w-c:\program files (x86)\iTunes
2013-01-19 04:35 . 2013-01-19 04:35--------d-----w-c:\programdata\Apple Computer
2013-01-19 04:35 . 2013-01-19 04:35--------d-----w-c:\program files (x86)\Apple Software Update
2013-01-19 04:35 . 2013-01-19 04:35--------d-----w-c:\program files\Common Files\Apple
2013-01-19 04:35 . 2013-01-19 04:35--------d-----w-c:\program files\Bonjour
2013-01-19 04:35 . 2013-01-19 04:35--------d-----w-c:\program files (x86)\Bonjour
2013-01-19 04:34 . 2013-01-19 04:35--------d-----w-c:\program files (x86)\Common Files\Apple
2013-01-19 04:34 . 2013-01-19 04:35--------d-----w-c:\programdata\Apple
2013-01-19 04:01 . 2012-12-29 10:34958272----a-w-c:\windows\SysWow64\nvumdshim.dll
2013-01-19 03:55 . 2010-06-02 12:5577656----a-w-c:\windows\system32\XAPOFX1_5.dll
2013-01-19 03:35 . 2011-11-10 18:3318760----a-w-c:\windows\system32\roboot64.exe
2013-01-19 03:35 . 2013-01-19 05:57--------d-----w-c:\program files (x86)\WinZip Registry Optimizer
2013-01-19 03:35 . 2013-01-21 18:44--------d-----w-c:\program files (x86)\Conduit
2013-01-19 03:35 . 2013-01-19 03:35--------d-----w-c:\program files (x86)\uTorrentControl_v2
2013-01-19 03:11 . 2013-01-15 10:459161176----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{A9D6CB93-784F-4B01-BCA7-F2DCF283F804}\mpengine.dll
2013-01-19 03:11 . 2012-05-31 19:25279656------w-c:\windows\system32\MpSigStub.exe
2013-01-19 03:02 . 2013-01-19 08:27--------d-----w-c:\program files (x86)\Steam
2013-01-19 03:02 . 2013-01-19 04:04--------d-----w-c:\program files (x86)\Common Files\Steam
2013-01-19 03:00 . 2013-01-21 18:44--------d-sh--w-c:\windows\Installer
2013-01-19 02:57 . 2013-01-19 02:58--------d-----w-c:\program files (x86)\Google
2013-01-18 20:04 . 2012-01-23 14:30537456----a-w-c:\windows\system32\DTSU2PLFX64.dll
2013-01-18 20:01 . 2013-01-18 20:01--------d-----w-c:\program files (x86)\Intel
2013-01-18 20:01 . 2012-07-04 18:5553248----a-w-c:\windows\SysWow64\CSVer.dll
2013-01-18 20:01 . 2013-01-18 20:01--------d-----w-C:\Intel
2013-01-18 20:00 . 2013-01-18 20:00--------d-----w-C:\MSI
2013-01-18 19:57 . 2013-01-21 18:45--------d-----w-c:\users\John Daniel
2013-01-18 19:55 . 2013-01-18 19:55--------d-----w-C:\Recovery
2012-12-29 10:54 . 2012-12-29 10:54550328----a-w-c:\windows\SysWow64\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-19 21:53 . 2012-12-19 21:531275392----a-w-c:\windows\SysWow64\msxml4.dll
2012-12-19 21:53 . 2012-12-19 21:5382432----a-w-c:\windows\SysWow64\msxml4r.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
2011-05-09 09:49176936----a-w-c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}]
2012-11-06 16:19244328----a-w-c:\program files (x86)\PutLockerDownloader\smarterdownloader.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe [2013-01-23 45056]
R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;D:\NTIOLib_X64.sys [x]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]
S3 ElgatoGC658Y;Elgato Game Capture;c:\windows\system32\Drivers\ElgatoGC658.sys [2012-11-12 50288]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-16 676968]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-19 02:581606760----a-w-c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-24 c:\windows\Tasks\AdobeAAMUpdater-1.0-JohnDaniel-PC-John Daniel.job
- c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-12-15 18:13]
.
2013-01-21 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-01-21 23:50]
.
2013-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-19 02:57]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-19 02:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50133400----a-w-c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=118564&tt=0313_6&babsrc=HP_ss&mntrId=b2bf64e6000000000000d43d7e357f9e
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10005&barid={942CD4B8-61FD-11E2-A437-D43D7E357F9E}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file)
AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-23 20:45:25
ComboFix-quarantined-files.txt 2013-01-24 04:45
.
Pre-Run: 1,899,074,183,168 bytes free
Post-Run: 1,899,067,166,720 bytes free
.
- - End Of File - - 95D99B74B0FD2373FFA8979FE548A5CF
 
Looks good.

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

======================

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

=========================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Issue seemed to pop back up mid scan during Adware process running.

# AdwCleaner v2.107 - Logfile created 01/23/2013 at 22:30:19
# Updated 21/01/2013 by Xplode
# Operating system : Windows 7 Ultimate (64 bits)
# User : John Daniel - JOHNDANIEL-PC
# Boot Mode : Normal
# Running from : C:\Users\John Daniel\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Conduit
Deleted on reboot : C:\Program Files (x86)\SweetIM
Deleted on reboot : C:\Program Files (x86)\uTorrentControl_v2
Deleted on reboot : C:\Program Files (x86)\Wajam
Deleted on reboot : C:\ProgramData\Babylon
Deleted on reboot : C:\ProgramData\InstallMate
Deleted on reboot : C:\ProgramData\Tarma Installer
Deleted on reboot : C:\ProgramData\Zoomex
Deleted on reboot : C:\Users\John Daniel\AppData\Local\Conduit
Deleted on reboot : C:\Users\John Daniel\AppData\Local\SwvUpdater
Deleted on reboot : C:\Users\John Daniel\AppData\Local\Wajam
Deleted on reboot : C:\Users\John Daniel\AppData\LocalLow\Conduit
Deleted on reboot : C:\Users\John Daniel\AppData\LocalLow\uTorrentControl_v2
Deleted on reboot : C:\Users\John Daniel\AppData\Roaming\Babylon
Deleted on reboot : C:\Users\John Daniel\AppData\Roaming\Funmoods
File Deleted : C:\END

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl_v2
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\948c8fb238b947
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Funmoods
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\uTorrentControl_v2
Key Deleted : HKLM\SOFTWARE\Wow6432Node\948c8fb238b947
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A1E23E5A-9F83-4583-9898-F4B504147B70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3C923E3-D077-4D89-9A93-F7117BA21F5A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=118564&tt=0313_6&babsrc=HP_ss&mntrId=b2bf64e6000000000000d43d7e357f9e --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10005&barid={942CD4B8-61FD-11E2-A437-D43D7E357F9E} --> hxxp://www.google.com

-\\ Google Chrome v24.0.1312.52

File : C:\Users\John Daniel\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.8] : homepage = "hxxp://search.conduit.com/?CUI=UN15821096861911019&ctid=CT3241284&SearchSource=48[...]
Deleted [l.2182] : homepage = "hxxp://search.conduit.com/?CUI=UN15821096861911019&ctid=CT3241284&SearchSource=48",

*************************

AdwCleaner[S1].txt - [7123 octets] - [23/01/2013 22:30:19]

########## EOF - C:\AdwCleaner[S1].txt - [7183 octets] ##########
JRT:
Junkware Removal Tool (JRT) by Thisisu
Version: 4.5.0 (01.23.2013:2)
OS: Windows 7 Ultimate x64
Ran by John Daniel on Wed 01/23/2013 at 22:48:11.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\clsoft ltd"
Successfully deleted: [Folder] "C:\Users\John Daniel\appdata\local\coupon companion plugin"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupon companion plugin"
Successfully deleted: [Folder] "C:\Program Files (x86)\winzip registry optimizer"
~~~ Chrome
Successfully deleted: [Registry Key] hkey_current_user\software\google\chrome\extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/23/2013 at 22:54:23.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
OTL Extras logfile created on: 1/23/2013 10:56:09 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John Daniel\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.93 Gb Total Physical Memory | 6.49 Gb Available Physical Memory | 81.74% Memory free
15.87 Gb Paging File | 14.38 Gb Available in Paging File | 90.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 1768.46 Gb Free Space | 94.93% Space Free | Partition Type: NTFS
Drive D: | 148.68 Gb Total Space | 40.62 Gb Free Space | 27.32% Space Free | Partition Type: FAT32

Computer Name: JOHNDANIEL-PC | User Name: John Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1384736647-331854287-2825797545-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02672408-EB1B-4408-B129-E5143E9D939A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{13BF2AB9-728E-4905-8D23-C7826A887A22}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{304668CD-3897-4EC4-8E31-678E24EEA577}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{3258D78B-37DC-4AAD-A0BD-BE60EE8B8B8F}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{3390CCF2-86DC-4CEA-8874-68A35F20465E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{3B4ED12B-85F0-41FE-8CD5-0CB001AB00F7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3F84B7A6-F144-4117-A95E-F007FB8D854A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{43865C0C-3F39-45E4-BB41-E409EE725655}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{4DAEE31D-33D4-41B1-9738-F634415F5F66}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{71C16043-C602-48D8-8D66-A04C87F99C59}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{8DF763AF-44D5-473F-AA54-217596722050}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A1175920-D7D5-4275-B526-2D388EB5369E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{A4653467-397F-4DBE-9E08-23A5B2173E43}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{AA5CC2CE-8AAD-45D6-9E2A-72E85C4411AB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{AAAD5BC4-4DC0-440C-9939-6F2488246D7A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{B9E0A5C7-EB9F-4E5E-826C-5819399ABC3A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{BD139AA1-606B-4079-B6D6-A1062809BDEF}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{C182E2CD-783C-49B0-B725-4B1F322EB89B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{D5144B94-BE21-4650-8654-7909AC3437AA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E97C41CF-C432-4EC7-9036-D9904DA5EDBC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{F4F9B81D-EEEE-4945-9AD1-0085A02EC605}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F7AE08F6-7618-48E9-844B-2A9EBCF69DB5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{F8A50B48-DD4D-4234-8D84-D4DC8AEF12B7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{F9D620F1-8578-4F7C-BAF9-0BB3BF8112AB}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{4A9D2728-4AC2-48AD-B85E-FD3ACAFAD28D}C:\program files (x86)\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |
"UDP Query User{2C6A6ABE-B056-42CA-A0E5-1B03D1131E3F}C:\program files (x86)\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2E33E83E-6794-4D98-A2BE-A07304409B57}" = Elgato Game Capture HD
"{614020C8-2E16-4E16-A5F0-04DE2AB96097}" = Adobe Premiere Pro CS6 Functional Content
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7176B973-6011-43C1-AEBC-2D73FE7C6982}" = Adobe Premiere Pro CS6
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{91B930B5-9281-4A6E-8E74-978247499AE7}" = DayZ Commander
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"avast" = avast! Free Antivirus
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"Game Capture HD v2.3.3.38" = Game Capture HD v2.3.3.38
"Google Chrome" = Google Chrome
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Steam App 219540" = ARMA 2: Operation Arrowhead Beta
"Steam App 219640" = Chivalry: Medieval Warfare
"Steam App 33900" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1384736647-331854287-2825797545-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"XBMC" = XBMC

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/24/2013 2:55:28 AM | Computer Name = JohnDaniel-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000773e000a Faulting process
id: 0x174 Faulting application start time: 0x01cdf9feae774ea1 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: unknown Report Id: 08e78ddb-65f3-11e2-88c1-d43d7e357f9e

Error - 1/24/2013 2:56:33 AM | Computer Name = JohnDaniel-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_BITS, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x000000000007000a Faulting process
id: 0x12bc Faulting application start time: 0x01cdf9fff169ea3c Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: unknown Report Id: 2fd281d2-65f3-11e2-88c1-d43d7e357f9e

Error - 1/24/2013 2:58:38 AM | Computer Name = JohnDaniel-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_BITS, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000773e000a Faulting process
id: 0x440 Faulting application start time: 0x01cdfa00152cd69a Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: unknown Report Id: 7a1b533f-65f3-11e2-88c1-d43d7e357f9e

[ System Events ]
Error - 1/24/2013 2:58:40 AM | Computer Name = JohnDaniel-PC | Source = Service Control Manager | ID = 7034
Description = The Server service terminated unexpectedly. It has done this 3 time(s).

Error - 1/24/2013 2:58:40 AM | Computer Name = JohnDaniel-PC | Source = Service Control Manager | ID = 7031
Description = The Multimedia Class Scheduler service terminated unexpectedly. It
has done this 2 time(s). The following corrective action will be taken in 300000
milliseconds: Restart the service.

Error - 1/24/2013 2:58:40 AM | Computer Name = JohnDaniel-PC | Source = Service Control Manager | ID = 7031
Description = The User Profile Service service terminated unexpectedly. It has
done this 2 time(s). The following corrective action will be taken in 300000 milliseconds:
Restart the service.

Error - 1/24/2013 2:58:40 AM | Computer Name = JohnDaniel-PC | Source = Service Control Manager | ID = 7031
Description = The Remote Access Connection Manager service terminated unexpectedly.
It has done this 2 time(s). The following corrective action will be taken in
300000 milliseconds: Restart the service.

Error - 1/24/2013 2:58:40 AM | Computer Name = JohnDaniel-PC | Source = Service Control Manager | ID = 7034
Description = The Task Scheduler service terminated unexpectedly. It has done this
3 time(s).

Error - 1/24/2013 2:58:40 AM | Computer Name = JohnDaniel-PC | Source = Service Control Manager | ID = 7031
Description = The Secondary Logon service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 300000 milliseconds:
Restart the service.

Error - 1/24/2013 2:58:40 AM | Computer Name = JohnDaniel-PC | Source = Service Control Manager | ID = 7031
Description = The System Event Notification Service service terminated unexpectedly.
It has done this 2 time(s). The following corrective action will be taken in
300000 milliseconds: Restart the service.

Error - 1/24/2013 2:58:40 AM | Computer Name = JohnDaniel-PC | Source = Service Control Manager | ID = 7034
Description = The Shell Hardware Detection service terminated unexpectedly. It
has done this 3 time(s).

Error - 1/24/2013 2:58:40 AM | Computer Name = JohnDaniel-PC | Source = Service Control Manager | ID = 7034
Description = The Themes service terminated unexpectedly. It has done this 3 time(s).

Error - 1/24/2013 2:58:40 AM | Computer Name = JohnDaniel-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Management Instrumentation service terminated unexpectedly.
It has done this 2 time(s). The following corrective action will be taken in
300000 milliseconds: Restart the service.


< End of report >
 
OTL logfile created on: 1/23/2013 10:56:09 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John Daniel\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.93 Gb Total Physical Memory | 6.49 Gb Available Physical Memory | 81.74% Memory free
15.87 Gb Paging File | 14.38 Gb Available in Paging File | 90.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 1768.46 Gb Free Space | 94.93% Space Free | Partition Type: NTFS
Drive D: | 148.68 Gb Total Space | 40.62 Gb Free Space | 27.32% Space Free | Partition Type: FAT32

Computer Name: JOHNDANIEL-PC | User Name: John Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/23 22:55:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John Daniel\Downloads\OTL.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/10/30 15:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/22 21:21:58 | 000,045,056 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013/01/18 19:04:10 | 000,541,608 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/12/29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/29 02:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/11/12 00:50:28 | 000,050,288 | ---- | M] (UB658) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElgatoGC658.sys -- (ElgatoGC658Y)
DRV:64bit: - [2012/10/30 15:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 15:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 15:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 15:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 15:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 08:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/03 07:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/02/15 21:42:00 | 000,676,968 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1384736647-331854287-2825797545-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1384736647-331854287-2825797545-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1384736647-331854287-2825797545-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 D9 ED 67 F0 F5 CD 01 [binary data]
IE - HKU\S-1-5-21-1384736647-331854287-2825797545-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1384736647-331854287-2825797545-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1384736647-331854287-2825797545-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1384736647-331854287-2825797545-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)


[2013/01/18 19:35:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John Daniel\AppData\Roaming\Mozilla\Firefox\extensions
[2013/01/18 19:35:38 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\John Daniel\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2013/01/18 20:54:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2013/01/19 21:09:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions
[2012/11/06 08:19:24 | 000,214,034 | ---- | M] () (No name found) -- C:\Users\John Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\putlockerdownloader@putlockerdownloader.com.xpi
[2012/10/13 09:27:00 | 000,037,914 | ---- | M] () (No name found) -- C:\Users\John Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
[2013/01/18 23:37:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - Extension: Google Docs = C:\Users\John Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.4_0\
CHR - Extension: Google Drive = C:\Users\John Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\John Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\John Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\John Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\John Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.1.5_0\
CHR - Extension: Gmail = C:\Users\John Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Docs = C:\Users\John Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.4_0\
CHR - Extension: Google Drive = C:\Users\John Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\John Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\John Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\John Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\John Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.1.5_0\
CHR - Extension: Gmail = C:\Users\John Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (smartdownloader Class) - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - C:\Program Files (x86)\PutLockerDownloader\smarterdownloader.dll (TODO: <Company name>)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1384736647-331854287-2825797545-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1384736647-331854287-2825797545-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C3ECBB5-D9A9-47AD-95AA-B4D884D1D97C}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/23 22:48:10 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/01/23 22:48:04 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/23 22:31:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/23 20:45:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/23 20:40:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/23 20:40:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/23 20:40:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/23 20:40:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/23 20:39:48 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/23 20:21:02 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\Desktop\C4 Throw
[2013/01/23 19:50:52 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Roaming\PDAppFlex
[2013/01/22 20:48:10 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\Desktop\RK_Quarantine
[2013/01/21 20:02:14 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Roaming\Malwarebytes
[2013/01/21 20:02:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/21 20:02:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/21 20:02:11 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/21 20:02:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/21 20:02:04 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Local\Programs
[2013/01/21 15:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/01/21 15:07:30 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/01/21 15:07:29 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/01/21 15:07:27 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/01/21 15:07:27 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/01/21 15:07:27 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/01/21 15:07:25 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/01/21 15:07:25 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/01/21 15:07:13 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2013/01/21 15:07:13 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
 
[2013/01/21 15:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/01/21 15:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/01/19 23:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/01/19 23:58:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/01/19 23:58:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/01/19 23:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/01/19 21:11:42 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Local\Ico Converter
[2013/01/19 21:11:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Search_Spin
[2013/01/19 21:10:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tomatosoft
[2013/01/19 20:24:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/01/19 20:24:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Stardock
[2013/01/19 20:24:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock
[2013/01/19 15:34:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smith Micro
[2013/01/19 14:48:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elgato
[2013/01/19 14:48:55 | 000,050,288 | ---- | C] (UB658) -- C:\Windows\SysNative\drivers\ElgatoGC658.sys
[2013/01/19 14:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Elgato
[2013/01/19 14:48:44 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Roaming\Elgato
[2013/01/19 14:48:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elgato
[2013/01/19 03:50:21 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/01/19 03:49:45 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/01/19 03:48:33 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/01/19 00:42:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BattlEye
[2013/01/19 00:02:39 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Roaming\PACE Anti-Piracy
[2013/01/19 00:02:39 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Local\PACE Anti-Piracy
[2013/01/19 00:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2013/01/19 00:02:36 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Roaming\NVIDIA
[2013/01/19 00:02:34 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\Documents\Adobe
[2013/01/19 00:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2013/01/18 23:58:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/01/18 23:55:47 | 000,056,208 | ---- | C] (Rovi Corporation) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2013/01/18 23:55:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2013/01/18 23:55:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2013/01/18 23:55:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2013/01/18 23:54:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013/01/18 23:53:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/01/18 23:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2013/01/18 23:53:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013/01/18 23:39:33 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Roaming\WinRAR
[2013/01/18 23:39:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2013/01/18 23:37:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/18 23:35:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/01/18 23:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/01/18 22:26:34 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\Desktop\MAC Music
[2013/01/18 22:09:05 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Local\ArmA 2
[2013/01/18 22:09:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2013/01/18 22:09:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bohemia Interactive
[2013/01/18 22:03:19 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Local\ArmA 2 OA
[2013/01/18 22:03:19 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\Documents\ArmA 2
[2013/01/18 22:03:17 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2013/01/18 22:01:06 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Local\DayZCommander
[2013/01/18 21:58:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dotjosh Studios
[2013/01/18 21:48:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/01/18 21:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013/01/18 21:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013/01/18 21:28:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/01/18 21:28:06 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Roaming\Macromedia
[2013/01/18 21:28:04 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Roaming\Adobe
[2013/01/18 21:27:56 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Local\Adobe
[2013/01/18 21:06:43 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/01/18 20:54:16 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Local\PutLockerDownloader
[2013/01/18 20:54:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PutLockerDownloader
[2013/01/18 20:54:11 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PutLockerDownloader.com
[2013/01/18 20:47:33 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Roaming\XBMC
[2013/01/18 20:46:14 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBMC
[2013/01/18 20:46:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XBMC
[2013/01/18 20:38:45 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/01/18 20:36:16 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Local\Apple Computer
[2013/01/18 20:36:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/01/18 20:36:15 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Roaming\Apple Computer
[2013/01/18 20:36:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013/01/18 20:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/01/18 20:35:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/01/18 20:35:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/01/18 20:35:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/01/18 20:35:22 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Local\Apple
[2013/01/18 20:35:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/01/18 20:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/01/18 20:35:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/01/18 20:35:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/01/18 20:34:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/01/18 20:34:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013/01/18 20:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013/01/18 20:02:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/01/18 20:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013/01/18 20:01:58 | 000,061,368 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013/01/18 20:01:58 | 000,053,176 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013/01/18 20:01:51 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013/01/18 20:01:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013/01/18 20:01:23 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013/01/18 20:01:08 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013/01/18 19:55:12 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\Documents\My Games
[2013/01/18 19:35:46 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Roaming\Nico Mak Computing
[2013/01/18 19:35:43 | 000,018,760 | ---- | C] (WinZip Computing, S.L.(WinZip Computing)) -- C:\Windows\SysNative\roboot64.exe
[2013/01/18 19:35:39 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Local\CRE
[2013/01/18 19:35:38 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Roaming\Mozilla
[2013/01/18 19:34:43 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Roaming\uTorrent
[2013/01/18 19:16:08 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2013/01/18 19:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/01/18 19:02:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013/01/18 19:02:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013/01/18 19:00:42 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013/01/18 18:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/01/18 18:57:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/01/18 18:57:48 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Local\Google
[2013/01/18 18:56:46 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Local\Deployment
[2013/01/18 18:56:46 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Local\Apps
[2013/01/18 12:05:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013/01/18 12:05:23 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013/01/18 12:05:11 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2013/01/18 12:05:11 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013/01/18 12:05:11 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2013/01/18 12:05:11 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013/01/18 12:05:11 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013/01/18 12:05:11 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013/01/18 12:05:11 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2013/01/18 12:05:11 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2013/01/18 12:05:10 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2013/01/18 12:05:08 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013/01/18 12:05:08 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013/01/18 12:05:08 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013/01/18 12:05:08 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013/01/18 12:05:08 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013/01/18 12:05:08 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013/01/18 12:05:05 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2013/01/18 12:05:05 | 001,345,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2013/01/18 12:05:05 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2013/01/18 12:05:05 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2013/01/18 12:05:05 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2013/01/18 12:05:05 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2013/01/18 12:05:05 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2013/01/18 12:05:04 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2013/01/18 12:05:03 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2013/01/18 12:05:03 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013/01/18 12:05:03 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2013/01/18 12:05:03 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013/01/18 12:05:02 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2013/01/18 12:05:00 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013/01/18 12:05:00 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2013/01/18 12:04:59 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2013/01/18 12:04:59 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2013/01/18 12:04:59 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2013/01/18 12:04:59 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2013/01/18 12:04:59 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2013/01/18 12:04:59 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2013/01/18 12:04:59 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2013/01/18 12:04:59 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2013/01/18 12:04:59 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2013/01/18 12:04:59 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2013/01/18 12:04:59 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2013/01/18 12:04:59 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2013/01/18 12:04:58 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2013/01/18 12:04:58 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2013/01/18 12:04:56 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013/01/18 12:04:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013/01/18 12:04:11 | 000,676,968 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2013/01/18 12:03:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013/01/18 12:03:14 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/01/18 12:01:15 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013/01/18 12:01:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013/01/18 12:01:08 | 000,000,000 | ---D | C] -- C:\Intel
[2013/01/18 12:00:54 | 000,000,000 | ---D | C] -- C:\MSI
[2013/01/18 11:59:12 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/01/18 11:57:22 | 000,000,000 | R--D | C] -- C:\Users\John Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/01/18 11:57:22 | 000,000,000 | R--D | C] -- C:\Users\John Daniel\Searches
[2013/01/18 11:57:22 | 000,000,000 | R--D | C] -- C:\Users\John Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/01/18 11:57:22 | 000,000,000 | -H-D | C] -- C:\Users\John Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/01/18 11:57:15 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Roaming\Identities
[2013/01/18 11:57:13 | 000,000,000 | R--D | C] -- C:\Users\John Daniel\Contacts
[2013/01/18 11:57:12 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Local\VirtualStore
[2013/01/18 11:57:05 | 000,000,000 | --SD | C] -- C:\Users\John Daniel\AppData\Roaming\Microsoft
[2013/01/18 11:57:05 | 000,000,000 | R--D | C] -- C:\Users\John Daniel\Videos
[2013/01/18 11:57:05 | 000,000,000 | R--D | C] -- C:\Users\John Daniel\Saved Games
[2013/01/18 11:57:05 | 000,000,000 | R--D | C] -- C:\Users\John Daniel\Pictures
[2013/01/18 11:57:05 | 000,000,000 | R--D | C] -- C:\Users\John Daniel\Music
[2013/01/18 11:57:05 | 000,000,000 | R--D | C] -- C:\Users\John Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/01/18 11:57:05 | 000,000,000 | R--D | C] -- C:\Users\John Daniel\Links
[2013/01/18 11:57:05 | 000,000,000 | R--D | C] -- C:\Users\John Daniel\Favorites
[2013/01/18 11:57:05 | 000,000,000 | R--D | C] -- C:\Users\John Daniel\Downloads
[2013/01/18 11:57:05 | 000,000,000 | R--D | C] -- C:\Users\John Daniel\Documents
[2013/01/18 11:57:05 | 000,000,000 | R--D | C] -- C:\Users\John Daniel\Desktop
[2013/01/18 11:57:05 | 000,000,000 | R--D | C] -- C:\Users\John Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/01/18 11:57:05 | 000,000,000 | -HSD | C] -- C:\Users\John Daniel\AppData\Local\Temporary Internet Files
[2013/01/18 11:57:05 | 000,000,000 | -HSD | C] -- C:\Users\John Daniel\Templates
[2013/01/18 11:57:05 | 000,000,000 | -HSD | C] -- C:\Users\John Daniel\Start Menu
[2013/01/18 11:57:05 | 000,000,000 | -HSD | C] -- C:\Users\John Daniel\SendTo
[2013/01/18 11:57:05 | 000,000,000 | -HSD | C] -- C:\Users\John Daniel\Recent
[2013/01/18 11:57:05 | 000,000,000 | -HSD | C] -- C:\Users\John Daniel\PrintHood
[2013/01/18 11:57:05 | 000,000,000 | -HSD | C] -- C:\Users\John Daniel\NetHood
[2013/01/18 11:57:05 | 000,000,000 | -HSD | C] -- C:\Users\John Daniel\Documents\My Videos
[2013/01/18 11:57:05 | 000,000,000 | -HSD | C] -- C:\Users\John Daniel\Documents\My Pictures
[2013/01/18 11:57:05 | 000,000,000 | -HSD | C] -- C:\Users\John Daniel\Documents\My Music
[2013/01/18 11:57:05 | 000,000,000 | -HSD | C] -- C:\Users\John Daniel\My Documents
[2013/01/18 11:57:05 | 000,000,000 | -HSD | C] -- C:\Users\John Daniel\Local Settings
[2013/01/18 11:57:05 | 000,000,000 | -HSD | C] -- C:\Users\John Daniel\AppData\Local\History
[2013/01/18 11:57:05 | 000,000,000 | -HSD | C] -- C:\Users\John Daniel\Cookies
[2013/01/18 11:57:05 | 000,000,000 | -HSD | C] -- C:\Users\John Daniel\Application Data
[2013/01/18 11:57:05 | 000,000,000 | -HSD | C] -- C:\Users\John Daniel\AppData\Local\Application Data
[2013/01/18 11:57:05 | 000,000,000 | -H-D | C] -- C:\Users\John Daniel\AppData
[2013/01/18 11:57:05 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Local\Temp
[2013/01/18 11:57:05 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Local\Microsoft
[2013/01/18 11:57:05 | 000,000,000 | ---D | C] -- C:\Users\John Daniel\AppData\Roaming\Media Center Programs
[2013/01/18 11:55:45 | 000,000,000 | ---D | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2013/01/23 22:57:37 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/23 22:54:25 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/23 22:54:25 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/23 22:54:25 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/23 22:52:32 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/23 22:52:32 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/23 22:47:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/23 22:47:26 | 2094,632,959 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/23 22:03:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/23 19:50:48 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\AdobeAAMUpdater-1.0-JohnDaniel-PC-John Daniel.job
[2013/01/21 21:44:31 | 000,001,406 | ---- | M] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
[2013/01/21 20:02:12 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/21 15:09:08 | 000,002,111 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/01/21 15:07:25 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\avast! Emergency Update.job
[2013/01/21 15:07:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/01/19 22:07:26 | 000,000,000 | -H-- | M] () -- C:\Users\John Daniel\Documents\Default.rdp
[2013/01/19 14:48:56 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Game Capture HD.lnk
[2013/01/19 03:53:26 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/01/19 03:53:26 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/01/19 00:25:23 | 004,891,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/18 23:27:55 | 000,001,518 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2013/01/18 20:38:50 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/18 20:04:21 | 000,002,279 | ---- | M] () -- C:\Users\John Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/18 19:02:45 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/01/18 18:58:26 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/01/18 18:55:09 | 000,001,437 | ---- | M] () -- C:\Users\John Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/01/18 11:58:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/12/29 02:34:47 | 000,061,368 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/12/29 02:34:47 | 000,053,176 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/12/29 02:34:47 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012/12/29 00:40:11 | 002,923,201 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin

========== Files Created - No Company Name ==========

[2013/01/23 20:40:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/23 20:40:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/23 20:40:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/23 20:40:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/23 20:40:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/23 19:50:48 | 000,000,364 | ---- | C] () -- C:\Windows\tasks\AdobeAAMUpdater-1.0-JohnDaniel-PC-John Daniel.job
[2013/01/21 20:02:12 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/21 15:07:32 | 000,002,111 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/01/21 15:07:25 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\avast! Emergency Update.job
[2013/01/21 15:07:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/01/19 22:07:26 | 000,000,000 | -H-- | C] () -- C:\Users\John Daniel\Documents\Default.rdp
[2013/01/19 14:48:56 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Game Capture HD.lnk
[2013/01/19 03:53:19 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013/01/19 03:53:06 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013/01/19 03:49:45 | 2094,632,959 | -HS- | C] () -- C:\hiberfil.sys
[2013/01/18 23:54:07 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2013/01/18 23:27:55 | 000,001,530 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
[2013/01/18 23:27:55 | 000,001,518 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2013/01/18 21:59:00 | 000,001,406 | ---- | C] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
[2013/01/18 20:36:15 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/18 20:35:21 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/01/18 20:02:04 | 002,923,201 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2013/01/18 20:01:33 | 000,017,266 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013/01/18 19:02:45 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/01/18 18:58:26 | 000,002,279 | ---- | C] () -- C:\Users\John Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/18 18:58:26 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/01/18 18:58:01 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/18 18:58:00 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/18 18:55:09 | 000,001,437 | ---- | C] () -- C:\Users\John Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/01/18 12:05:08 | 000,290,813 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013/01/18 11:58:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/01/18 11:57:31 | 000,001,409 | ---- | C] () -- C:\Users\John Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/01/18 11:57:26 | 000,001,443 | ---- | C] () -- C:\Users\John Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/01/18 11:57:05 | 000,000,290 | ---- | C] () -- C:\Users\John Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/01/18 11:57:05 | 000,000,272 | ---- | C] () -- C:\Users\John Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009/07/13 17:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/13 17:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 17:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/19 14:48:44 | 000,000,000 | ---D | M] -- C:\Users\John Daniel\AppData\Roaming\Elgato
[2013/01/18 21:57:17 | 000,000,000 | ---D | M] -- C:\Users\John Daniel\AppData\Roaming\Nico Mak Computing
[2013/01/19 00:02:39 | 000,000,000 | ---D | M] -- C:\Users\John Daniel\AppData\Roaming\PACE Anti-Piracy
[2013/01/23 19:50:52 | 000,000,000 | ---D | M] -- C:\Users\John Daniel\AppData\Roaming\PDAppFlex
[2013/01/21 12:35:23 | 000,000,000 | ---D | M] -- C:\Users\John Daniel\AppData\Roaming\uTorrent
[2013/01/23 00:19:12 | 000,000,000 | ---D | M] -- C:\Users\John Daniel\AppData\Roaming\XBMC

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1053 bytes -> C:\Users\John Daniel\AppData\Local\ALgUSq4i:nTlR96pp6gilI3mg7M7a1W
< End of report >
 
Issue seemed to pop back up
Click to expand...
What did exactly happen?

=========================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
@Alternate Data Stream - 1053 bytes -> C:\Users\John Daniel\AppData\Local\ALgUSq4i:nTlR96pp6gilI3mg7M7a1W

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

=============================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
The issue is that after ~30 seconds of start up in normal mode all programs stop responding and just hang on the cursor wheel. Even fundamentally simple programs like the command prompt, the computer does not even shut down properly, it just hangs. However, my computer behaves normally when the Ethernet cord is not connected ( I don't have a wifi card) or when I boot up in all variations of safe mode. This subsided for about 24 hours there and now still persists I will post these logs and follow up on the status. Again, thanks for your help.


Results of screen317's Security Check version 0.99.57
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Google Chrome 24.0.1312.52
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````
Farbar Service Scanner Version: 16-01-2013
Ran by John Daniel (administrator) on 24-01-2013 at 18:03:19
Running from "C:\Users\John Daniel\Downloads"
Windows 7 Ultimate (X64)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2009-07-13 15:25] - [2009-07-13 17:45] - 1898576 ____A (Microsoft Corporation) 912107716BAB424C7870E8E6AF5E07E1

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


C:\Users\John Daniel\Downloads\Rocket_Download_Manager_Setup.exea variant of Win32/Adware.iBryte.D applicationcleaned by deleting - quarantined
 
There is definitely some issue with some Windows services.

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22001645.gif




Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22001646.gif



Go to Step 4 and under "System Restore" click on Create button:

p22001644.gif



Go to Start Repairs tab and click Start button.

p22001166.gif



Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

p22002732.gif


Click on box next to the Restart System when Finished. Then click on Start.

Post new FSS log.
 
Okay did exactly as you stated in this post and it worked like a charm and has been since yesterday. However I cannot locate the log for the Windows Repair tool. Should I just run FSS again and post that log?
 
Farbar Service Scanner Version: 16-01-2013
Ran by John Daniel (administrator) on 26-01-2013 at 14:20:57
Running from "C:\Users\John Daniel\Downloads"
Windows 7 Ultimate (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
Looks good :)


Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.
 
Thank you so much for the help Broni! This is my first PC all to myself since all I used were MACs up to this point so I went a bit willy nilly with downloads and learned my first PC lesson. But your tireless efforts are greatly appreciated I will have to set up a paypal so that I can donate.

The PC is running smoothly as it did the first start up. Again, this is literally a brand new build with brand new parts, its overkill for what I am trying to do but everything runs super smooth now that we have gotten rid of that lingering issue. Thanks again Broni.

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: John Daniel
->Temp folder emptied: 17687546 bytes
->Temporary Internet Files folder emptied: 4135982 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 348635314 bytes
->Flash cache emptied: 343 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 203003329 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46433439 bytes
RecycleBin emptied: 10139 bytes

Total Files Cleaned = 591.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: John Daniel
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: John Daniel
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 01262013_173135

Files\Folders moved on Reboot...
C:\Users\John Daniel\AppData\Local\Temp\Bunndle\BunndleOfferManager.dll moved successfully.
C:\Users\John Daniel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
784
uber_beetle
uber_beetle
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back