Solved Google redirect, fake warnings

Pershh

Posts: 14   +0
I've had this redirect issue where clicking on any search in google would redirect to to an advertising page nearly every time. After about 4-5 searches clicking the same button it would bring me to the correct page. Another issue I've noticed is random alert notifications will pop up in the background such as the computer being infected. A few other issues I've noticed is that when I play a game in windowed mode, (minecraft, WoW) the games seem to unfocus as if another application had been clicked in the background, and I must reclick on the game window before I can start playing again. Another issue that seems to appear are random "Do you want to leave this page?" Boxes that appear quite randomly, sometimes even when I am not browsing the internet. And lastly, I've noticed my email has sent spam messages advertising products to people on my contacts list. I finished the 5 step process, and here are the logs. (No Gmer log generated) And thanks in advance for the help and time, I've had this problem for a bit and nothing I've tried worked to fix this.

Also, is it safe to continue playing games, or would it hurt the cleaning process?

.Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.16.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Justin :: JUSTIN-PC [administrator]
6/16/2012 12:29:04 AM
mbam-log-2012-06-16 (00-29-04).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208679
Time elapsed: 1 minute(s), 43 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

---
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Justin at 0:45:55 on 2012-06-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2336 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\DAODx.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\ASUS\EPU\EPU.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = 127.0.0.1:9421
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMLDEV~1.LNK - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{2A9E3075-1912-4E2B-B5F9-31FF1BCDDACB} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
BHO-X64: Conduit Engine - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File
BHO-X64: AMD SteadyVideo BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
BHO-X64: uTorrentBar - No File
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
TB-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-2-14 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2011-6-18 109056]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\C3DB.tmp --> C:\Windows\system32\C3DB.tmp [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-06-16 04:41:22 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4BEFA3E6-56DD-4D8F-9464-62C1C226A40C}\mpengine.dll
2012-06-16 04:25:17 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-16 04:25:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-15 02:24:15 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-06-15 01:59:18 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F9D94BE4-A55B-4AAA-A449-3C18F16896D4}\gapaengine.dll
2012-06-15 01:59:16 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-15 01:57:26 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-06-15 01:57:24 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-06-15 01:50:50 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-15 01:50:50 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-14 21:45:29 6144 ------w- C:\Windows\System32\C3DB.tmp
2012-06-14 21:37:05 6144 ------w- C:\Windows\System32\1219.tmp
2012-06-14 21:24:43 6144 ------w- C:\Windows\System32\926.tmp
2012-06-14 21:22:51 6144 ------w- C:\Windows\System32\53EA.tmp
2012-06-14 21:22:41 -------- d-----w- C:\Program Files (x86)\Sophos
2012-06-14 21:11:52 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2012-06-14 21:07:44 -------- d-----w- C:\ProgramData\HitmanPro
2012-06-14 20:57:54 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-14 19:50:12 -------- d-----w- C:\ComboFix
2012-06-14 06:12:40 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FBB33B4E-1854-4332-AFF3-29671E7927D1}\mpengine.dll
2012-06-14 02:32:11 98816 ----a-w- C:\Windows\sed.exe
2012-06-14 02:32:11 518144 ----a-w- C:\Windows\SWREG.exe
2012-06-14 02:32:11 256000 ----a-w- C:\Windows\PEV.exe
2012-06-14 02:32:11 208896 ----a-w- C:\Windows\MBR.exe
2012-06-13 15:33:40 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-13 15:33:40 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-13 15:33:40 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-13 15:33:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-13 15:33:09 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-13 15:33:09 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-13 15:33:09 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-13 15:33:03 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-13 15:32:51 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-13 15:32:36 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-13 15:32:36 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-13 15:32:19 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-13 15:32:19 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-13 15:32:18 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-13 15:32:18 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-13 15:32:18 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-13 15:32:18 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-09 14:04:43 -------- d-----w- C:\temp
2012-05-25 02:32:27 -------- d-----w- C:\Users\Justin\AppData\Roaming\LolClient2
.
==================== Find3M ====================
.
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-04 23:29:16 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-21 00:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-21 00:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
.
============= FINISH: 0:53:38.02 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/29/2011 12:57:48 PM
System Uptime: 6/16/2012 12:20:39 AM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A87TD EVO
Processor: AMD Phenom(tm) II X4 965 Processor | AM3 | 3400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 805.871 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SASKUTIL
Device ID: ROOT\LEGACY_SASKUTIL\0000
Manufacturer:
Name: SASKUTIL
PNP Device ID: ROOT\LEGACY_SASKUTIL\0000
Service: SASKUTIL
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SASDIFSV
Device ID: ROOT\LEGACY_SASDIFSV\0000
Manufacturer:
Name: SASDIFSV
PNP Device ID: ROOT\LEGACY_SASDIFSV\0000
Service: SASDIFSV
.
==== System Restore Points ===================
.
RP214: 6/5/2012 3:00:16 AM - Windows Update
RP215: 6/8/2012 4:03:16 AM - Windows Update
RP216: 6/11/2012 12:32:25 PM - Windows Update
RP217: 6/13/2012 1:30:49 PM - Windows Update
RP218: 6/14/2012 9:50:56 PM - Windows Update
RP219: 6/14/2012 10:15:49 PM - Removed Java(TM) 6 Update 31
RP220: 6/14/2012 10:23:15 PM - Installed Java(TM) 7 Update 5
RP221: 6/14/2012 10:24:19 PM - Installed JavaFX 2.1.1
RP222: 6/15/2012 11:39:14 PM - Removed JavaFX 2.1.1
RP223: 6/15/2012 11:39:52 PM - Removed Java(TM) 7 Update 5
RP224: 6/15/2012 11:41:16 PM - Removed TurboV EVO
RP225: 6/16/2012 12:01:37 AM - Removed SAIO
RP226: 6/16/2012 12:02:31 AM - Removed NCsoft Launcher
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.6
Aion
Akamai NetSession Interface
Akamai NetSession Interface Service
AMD USB Filter Driver
AMD VISION Engine Control Center
Bandisoft MPEG-1 Decoder
Browser Configuration Utility
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Company of Heroes
Company of Heroes - FAKEMSI
Conduit Engine
EPU
Half-Life: Source
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HydraVision
JMicron JMB36X Driver
Junk Mail filter update
KAG 0.95A
League of Legends
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XNA Framework Redistributable 4.0
Mount&Blade Warband
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Natural Selection 2
Nexon Game Manager
NVIDIA PhysX
Pando Media Booster
Platform
Realtek Ethernet Controller Driver For Windows 7
Renesas Electronics USB 3.0 Host Controller Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype™ 5.9
StarCraft II
Steam
swMSM
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Ventrilo Client
VIA Platform Device Manager
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinRAR 4.10 (32-bit)
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
6/16/2012 12:44:50 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
6/16/2012 12:21:07 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
6/16/2012 12:17:00 AM, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
6/16/2012 12:02:03 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
6/14/2012 9:25:30 PM, Error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
6/14/2012 7:37:43 PM, Error: Service Control Manager [7000] - The MEMSWEEP2 service failed to start due to the following error: This driver has been blocked from loading
6/14/2012 7:37:43 PM, Error: Application Popup [1060] - \??\C:\Windows\system32\C3DB.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
6/14/2012 7:11:50 PM, Error: Application Popup [1060] - \??\C:\Windows\system32\1219.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
6/14/2012 5:41:10 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
6/14/2012 5:24:44 PM, Error: Application Popup [1060] - \??\C:\Windows\system32\926.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
6/14/2012 5:22:59 PM, Error: Application Popup [1060] - \??\C:\Windows\system32\53EA.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
6/14/2012 4:25:57 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
6/14/2012 4:24:55 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
6/14/2012 3:52:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
6/14/2012 3:47:21 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
6/14/2012 3:47:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
6/14/2012 3:47:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
6/14/2012 3:47:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/14/2012 3:47:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/14/2012 3:47:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
6/14/2012 3:47:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
6/14/2012 3:47:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/14/2012 3:46:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/14/2012 3:46:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx Wanarpv6 WfpLwf ws2ifsl
6/14/2012 3:46:54 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/14/2012 3:46:54 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/14/2012 3:46:54 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
6/14/2012 3:46:54 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/14/2012 3:46:54 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/14/2012 3:46:54 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
6/14/2012 3:46:54 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/14/2012 3:46:54 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/14/2012 3:46:54 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/14/2012 3:46:54 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/14/2012 3:46:54 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/14/2012 2:46:05 PM, Error: Service Control Manager [7034] - The ASUS System Control Service service terminated unexpectedly. It has done this 1 time(s).
6/13/2012 7:36:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
6/13/2012 7:36:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
6/13/2012 7:36:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
6/13/2012 7:36:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
6/13/2012 7:36:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.127.1941.0 Previous Signature Version: 1.127.71.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Delta User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: 1.1.8304.0 Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
6/13/2012 7:36:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.127.1941.0 Previous Signature Version: 1.127.71.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Delta User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: 1.1.8304.0 Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
6/13/2012 7:36:39 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.127.1941.0).
6/13/2012 7:36:34 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070643 Error description: Fatal error during installation.
6/13/2012 7:36:29 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.127.1941.0 Previous Signature Version: 1.127.71.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Delta User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.8304.0 Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
6/13/2012 7:36:29 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.127.1941.0 Previous Signature Version: 1.127.71.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Delta User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.8304.0 Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
6/13/2012 11:06:59 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
6/13/2012 10:20:34 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the BFE service which failed to start because of the following error: Access is denied.
6/13/2012 10:20:34 PM, Error: Service Control Manager [7000] - The BFE service failed to start due to the following error: Access is denied.
6/13/2012 10:16:13 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
6/13/2012 10:13:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx Wanarpv6 WfpLwf ws2ifsl
6/13/2012 10:13:15 PM, Error: Service Control Manager [7001] - The iphlpsvc service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/12/2012 1:51:24 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
6/12/2012 1:51:24 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
6/12/2012 1:51:24 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
6/12/2012 1:51:24 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
6/12/2012 1:51:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.127.1848.0 Previous Signature Version: 1.127.71.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Delta User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: 1.1.8304.0 Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
6/12/2012 1:51:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.127.1848.0 Previous Signature Version: 1.127.71.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Delta User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: 1.1.8304.0 Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
6/12/2012 1:51:16 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.127.1848.0).
6/12/2012 1:51:11 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070643 Error description: Fatal error during installation.
6/12/2012 1:51:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.127.1848.0 Previous Signature Version: 1.127.71.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Delta User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.8304.0 Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
6/12/2012 1:51:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.127.1848.0 Previous Signature Version: 1.127.71.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Delta User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.8304.0 Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
6/11/2012 12:33:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
6/11/2012 12:33:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
6/11/2012 12:33:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
6/11/2012 12:33:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
6/11/2012 12:32:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.127.1752.0 Previous Signature Version: 1.127.71.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Delta User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: 1.1.8304.0 Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
6/11/2012 12:32:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.127.1752.0 Previous Signature Version: 1.127.71.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Delta User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: 1.1.8304.0 Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
6/11/2012 12:32:51 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070643 Error description: Fatal error during installation.
6/11/2012 12:32:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.127.1752.0 Previous Signature Version: 1.127.71.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Delta User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.8304.0 Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
6/11/2012 12:32:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.127.1752.0 Previous Signature Version: 1.127.71.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Delta User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.8304.0 Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
6/11/2012 1:50:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
6/11/2012 1:50:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
6/11/2012 1:50:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
6/11/2012 1:50:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
6/11/2012 1:50:42 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.127.1752.0 Previous Signature Version: 1.127.71.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Delta User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: 1.1.8304.0 Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
6/11/2012 1:50:42 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.127.1752.0 Previous Signature Version: 1.127.71.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Delta User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: 1.1.8304.0 Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
6/11/2012 1:50:42 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.127.1752.0).
6/11/2012 1:50:33 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.71.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070643 Error description: Fatal error during installation.
6/11/2012 1:50:27 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.127.1752.0 Previous Signature Version: 1.127.71.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Delta User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.8304.0 Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
6/11/2012 1:50:27 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.127.1752.0 Previous Signature Version: 1.127.71.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Delta User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.8304.0 Previous Engine Version: 1.1.8403.0 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

=================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
I downloaded the aswMBR file as requested, but upon double clicking it and confirming administration, nothing opens or happens. One thing that just popped up from downloading avast was a threat recognized as
MBR:Alureon-K [Rtk] found under filename MBR: \\.\PhysicalDrive0\Partition3. Trying the "move to chest" options shows an error code 50 for an unsupported option, so I've left this alone.

The boot kit log is as follows.
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
, 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Finished running tdss and did as told.


18:09:46.0662 0932TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
18:09:46.0961 0932============================================================
18:09:46.0961 0932Current date / time: 2012/06/16 18:09:46.0961
18:09:46.0961 0932SystemInfo:
18:09:46.0961 0932
18:09:46.0961 0932OS Version: 6.1.7601 ServicePack: 1.0
18:09:46.0961 0932Product type: Workstation
18:09:46.0962 0932ComputerName: JUSTIN-PC
18:09:46.0962 0932UserName: Justin
18:09:46.0962 0932Windows directory: C:\Windows
18:09:46.0962 0932System windows directory: C:\Windows
18:09:46.0962 0932Running under WOW64
18:09:46.0962 0932Processor architecture: Intel x64
18:09:46.0962 0932Number of processors: 3
18:09:46.0962 0932Page size: 0x1000
18:09:46.0962 0932Boot type: Normal boot
18:09:46.0962 0932============================================================
18:09:47.0925 0932Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:09:47.0929 0932============================================================
18:09:47.0929 0932\Device\Harddisk0\DR0:
18:09:47.0929 0932MBR partitions:
18:09:47.0929 0932\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:09:47.0929 0932\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
18:09:47.0929 0932============================================================
18:09:47.0948 0932C: <-> \Device\Harddisk0\DR0\Partition1
18:09:47.0948 0932============================================================
18:09:47.0948 0932Initialize success
18:09:47.0948 0932============================================================
18:10:06.0680 2308============================================================
18:10:06.0680 2308Scan started
18:10:06.0680 2308Mode: Manual;
18:10:06.0680 2308============================================================
18:10:07.0069 2308!SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
18:10:07.0070 2308!SASCORE - ok
18:10:07.0167 23081394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
18:10:07.0169 23081394ohci - ok
18:10:07.0191 2308ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:10:07.0194 2308ACPI - ok
18:10:07.0204 2308AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:10:07.0204 2308AcpiPmi - ok
18:10:07.0258 2308AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:10:07.0259 2308AdobeARMservice - ok
18:10:07.0289 2308adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
18:10:07.0293 2308adp94xx - ok
18:10:07.0328 2308adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
18:10:07.0331 2308adpahci - ok
18:10:07.0340 2308adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
18:10:07.0341 2308adpu320 - ok
18:10:07.0364 2308AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:10:07.0365 2308AeLookupSvc - ok
18:10:07.0396 2308AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:10:07.0400 2308AFD - ok
18:10:07.0411 2308agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:10:07.0412 2308agp440 - ok
18:10:07.0533 2308Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll
18:10:07.0533 2308Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af
18:10:07.0537 2308Akamai ( HiddenFile.Multi.Generic ) - warning
18:10:07.0537 2308Akamai - detected HiddenFile.Multi.Generic (1)
18:10:07.0574 2308ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:10:07.0575 2308ALG - ok
18:10:07.0589 2308aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:10:07.0589 2308aliide - ok
18:10:07.0623 2308AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe
18:10:07.0625 2308AMD External Events Utility - ok
18:10:07.0660 2308AMD FUEL Service - ok
18:10:07.0664 2308amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:10:07.0665 2308amdide - ok
18:10:07.0712 2308amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
18:10:07.0712 2308amdiox64 - ok
18:10:07.0737 2308AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
18:10:07.0738 2308AmdK8 - ok
18:10:07.0961 2308amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
18:10:08.0077 2308amdkmdag - ok
18:10:08.0124 2308amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
18:10:08.0127 2308amdkmdap - ok
18:10:08.0140 2308AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:10:08.0141 2308AmdPPM - ok
18:10:08.0165 2308amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:10:08.0166 2308amdsata - ok
18:10:08.0176 2308amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
18:10:08.0178 2308amdsbs - ok
18:10:08.0193 2308amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:10:08.0194 2308amdxata - ok
18:10:08.0265 2308AODDriver4.1 (0e2ba6dc63e9cf3bf275856735a3e3be) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
18:10:08.0266 2308AODDriver4.1 - ok
18:10:08.0284 2308AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:10:08.0285 2308AppID - ok
18:10:08.0297 2308AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:10:08.0298 2308AppIDSvc - ok
18:10:08.0306 2308Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:10:08.0307 2308Appinfo - ok
18:10:08.0332 2308arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
18:10:08.0333 2308arc - ok
18:10:08.0338 2308arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
18:10:08.0339 2308arcsas - ok
18:10:08.0388 2308AsIO (f6bda026e4157dc4e321ca391e9d9bc6) C:\Windows\syswow64\drivers\AsIO.sys
18:10:08.0389 2308AsIO - ok
18:10:08.0461 2308aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:10:08.0462 2308aspnet_state - ok
18:10:08.0491 2308AsSysCtrlService (8c1fd73cc27edd8d3344c632571c224c) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
18:10:08.0492 2308AsSysCtrlService - ok
18:10:08.0533 2308aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
18:10:08.0534 2308aswFsBlk - ok
18:10:08.0569 2308aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
18:10:08.0570 2308aswMonFlt - ok
18:10:08.0583 2308aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
18:10:08.0584 2308aswRdr - ok
18:10:08.0607 2308aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
18:10:08.0612 2308aswSnx - ok
18:10:08.0633 2308aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
18:10:08.0636 2308aswSP - ok
18:10:08.0649 2308aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
18:10:08.0649 2308aswTdi - ok
18:10:08.0681 2308AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:10:08.0681 2308AsyncMac - ok
18:10:08.0686 2308atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:10:08.0687 2308atapi - ok
18:10:08.0729 2308AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) C:\Windows\system32\drivers\AtihdW76.sys
18:10:08.0730 2308AtiHDAudioService - ok
18:10:08.0750 2308AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
18:10:08.0751 2308AtiPcie - ok
18:10:08.0813 2308AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:10:08.0818 2308AudioEndpointBuilder - ok
18:10:08.0822 2308AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:10:08.0825 2308AudioSrv - ok
18:10:09.0049 2308avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:10:09.0049 2308avast! Antivirus - ok
18:10:09.0081 2308AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:10:09.0082 2308AxInstSV - ok
18:10:09.0109 2308b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
18:10:09.0113 2308b06bdrv - ok
18:10:09.0146 2308b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:10:09.0148 2308b57nd60a - ok
18:10:09.0184 2308BCUService (7ed4e1d2e124ad4e6a287cf49dbc9bba) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
18:10:09.0185 2308BCUService - ok
18:10:09.0276 2308BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:10:09.0302 2308BDESVC - ok
18:10:09.0322 2308Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:10:09.0323 2308Beep - ok
18:10:09.0362 2308BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:10:09.0367 2308BFE - ok
18:10:09.0407 2308BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
18:10:09.0415 2308BITS - ok
18:10:09.0445 2308blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:10:09.0446 2308blbdrive - ok
18:10:09.0468 2308bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:10:09.0469 2308bowser - ok
18:10:09.0480 2308BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
18:10:09.0481 2308BrFiltLo - ok
18:10:09.0493 2308BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
18:10:09.0493 2308BrFiltUp - ok
18:10:09.0513 2308BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:10:09.0514 2308BridgeMP - ok
18:10:09.0521 2308Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:10:09.0523 2308Browser - ok
18:10:09.0540 2308Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:10:09.0542 2308Brserid - ok
18:10:09.0545 2308BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:10:09.0546 2308BrSerWdm - ok
18:10:09.0558 2308BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:10:09.0558 2308BrUsbMdm - ok
18:10:09.0561 2308BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:10:09.0561 2308BrUsbSer - ok
18:10:09.0567 2308BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
18:10:09.0568 2308BTHMODEM - ok
18:10:09.0574 2308bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:10:09.0576 2308bthserv - ok
18:10:09.0598 2308catchme - ok
18:10:09.0615 2308cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:10:09.0617 2308cdfs - ok
18:10:09.0626 2308cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:10:09.0627 2308cdrom - ok
18:10:09.0643 2308CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:10:09.0644 2308CertPropSvc - ok
18:10:09.0659 2308circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
18:10:09.0659 2308circlass - ok
18:10:09.0690 2308CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:10:09.0693 2308CLFS - ok
18:10:09.0728 2308clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:10:09.0729 2308clr_optimization_v2.0.50727_32 - ok
18:10:09.0760 2308clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:10:09.0761 2308clr_optimization_v2.0.50727_64 - ok
18:10:09.0801 2308clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:10:09.0802 2308clr_optimization_v4.0.30319_32 - ok
18:10:09.0833 2308clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:10:09.0835 2308clr_optimization_v4.0.30319_64 - ok
18:10:09.0838 2308CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
18:10:09.0838 2308CmBatt - ok
18:10:09.0852 2308cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:10:09.0852 2308cmdide - ok
18:10:09.0881 2308CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:10:09.0884 2308CNG - ok
18:10:09.0887 2308Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
18:10:09.0888 2308Compbatt - ok
18:10:09.0896 2308CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:10:09.0896 2308CompositeBus - ok
18:10:09.0898 2308COMSysApp - ok
18:10:09.0910 2308crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
18:10:09.0911 2308crcdisk - ok
18:10:09.0944 2308CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
18:10:09.0946 2308CryptSvc - ok
18:10:09.0969 2308DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:10:09.0975 2308DcomLaunch - ok
18:10:10.0000 2308defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:10:10.0003 2308defragsvc - ok
18:10:10.0014 2308DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:10:10.0015 2308DfsC - ok
18:10:10.0034 2308Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:10:10.0037 2308Dhcp - ok
18:10:10.0044 2308discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:10:10.0045 2308discache - ok
18:10:10.0068 2308Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
18:10:10.0069 2308Disk - ok
18:10:10.0093 2308Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:10:10.0095 2308Dnscache - ok
18:10:10.0108 2308dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:10:10.0111 2308dot3svc - ok
18:10:10.0119 2308DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:10:10.0121 2308DPS - ok
18:10:10.0128 2308drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:10:10.0129 2308drmkaud - ok
18:10:10.0157 2308DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:10:10.0164 2308DXGKrnl - ok
18:10:10.0174 2308EagleX64 - ok
18:10:10.0182 2308EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:10:10.0183 2308EapHost - ok
18:10:10.0254 2308ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
18:10:10.0299 2308ebdrv - ok
18:10:10.0372 2308EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:10:10.0374 2308EFS - ok
18:10:10.0408 2308ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:10:10.0414 2308ehRecvr - ok
18:10:10.0418 2308ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:10:10.0420 2308ehSched - ok
18:10:10.0450 2308elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
18:10:10.0454 2308elxstor - ok
18:10:10.0456 2308ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:10:10.0457 2308ErrDev - ok
18:10:10.0476 2308EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:10:10.0480 2308EventSystem - ok
18:10:10.0490 2308exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:10:10.0492 2308exfat - ok
18:10:10.0511 2308fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:10:10.0512 2308fastfat - ok
18:10:10.0539 2308Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:10:10.0545 2308Fax - ok
18:10:10.0548 2308fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
18:10:10.0549 2308fdc - ok
18:10:10.0556 2308fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:10:10.0557 2308fdPHost - ok
18:10:10.0565 2308FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:10:10.0566 2308FDResPub - ok
18:10:10.0571 2308FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:10:10.0572 2308FileInfo - ok
18:10:10.0586 2308Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:10:10.0586 2308Filetrace - ok
18:10:10.0589 2308flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
18:10:10.0590 2308flpydisk - ok
18:10:10.0605 2308FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:10:10.0608 2308FltMgr - ok
18:10:10.0658 2308FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:10:10.0676 2308FontCache - ok
18:10:10.0709 2308FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:10:10.0710 2308FontCache3.0.0.0 - ok
18:10:10.0722 2308FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:10:10.0723 2308FsDepends - ok
18:10:10.0751 2308Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:10:10.0752 2308Fs_Rec - ok
18:10:10.0764 2308fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:10:10.0765 2308fvevol - ok
18:10:10.0784 2308gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
18:10:10.0785 2308gagp30kx - ok
18:10:10.0808 2308gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:10:10.0814 2308gpsvc - ok
18:10:10.0906 2308gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:10:10.0908 2308gupdate - ok
18:10:10.0918 2308gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:10:10.0919 2308gupdatem - ok
18:10:10.0944 2308hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:10:10.0945 2308hcw85cir - ok
18:10:10.0972 2308HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:10:10.0975 2308HdAudAddService - ok
18:10:10.0989 2308HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:10:10.0990 2308HDAudBus - ok
18:10:10.0993 2308HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
18:10:10.0994 2308HidBatt - ok
18:10:11.0000 2308HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
18:10:11.0001 2308HidBth - ok
18:10:11.0005 2308HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
18:10:11.0005 2308HidIr - ok
18:10:11.0018 2308hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:10:11.0019 2308hidserv - ok
18:10:11.0030 2308HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:10:11.0031 2308HidUsb - ok
18:10:11.0043 2308hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:10:11.0045 2308hkmsvc - ok
18:10:11.0061 2308HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:10:11.0064 2308HomeGroupListener - ok
18:10:11.0076 2308HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:10:11.0079 2308HomeGroupProvider - ok
18:10:11.0084 2308HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:10:11.0085 2308HpSAMD - ok
18:10:11.0111 2308HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:10:11.0117 2308HTTP - ok
18:10:11.0125 2308hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:10:11.0126 2308hwpolicy - ok
18:10:11.0135 2308i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:10:11.0137 2308i8042prt - ok
18:10:11.0170 2308iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:10:11.0173 2308iaStorV - ok
18:10:11.0250 2308idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:10:11.0257 2308idsvc - ok
18:10:11.0273 2308iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
18:10:11.0273 2308iirsp - ok
18:10:11.0304 2308IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:10:11.0311 2308IKEEXT - ok
18:10:11.0316 2308intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:10:11.0317 2308intelide - ok
18:10:11.0332 2308intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
18:10:11.0333 2308intelppm - ok
18:10:11.0346 2308IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:10:11.0348 2308IPBusEnum - ok
18:10:11.0360 2308IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:10:11.0361 2308IpFilterDriver - ok
18:10:11.0381 2308iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:10:11.0386 2308iphlpsvc - ok
18:10:11.0391 2308IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:10:11.0392 2308IPMIDRV - ok
18:10:11.0409 2308IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:10:11.0417 2308IPNAT - ok
18:10:11.0430 2308IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:10:11.0430 2308IRENUM - ok
18:10:11.0433 2308isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:10:11.0434 2308isapnp - ok
18:10:11.0455 2308iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:10:11.0457 2308iScsiPrt - ok
18:10:11.0512 2308JRAID (4a8a242fda43765f4f73ecde2ba0d62a) C:\Windows\system32\DRIVERS\jraid.sys
18:10:11.0514 2308JRAID - ok
18:10:11.0535 2308kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:10:11.0535 2308kbdclass - ok
18:10:11.0555 2308kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:10:11.0556 2308kbdhid - ok
18:10:11.0579 2308KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:10:11.0581 2308KeyIso - ok
18:10:11.0588 2308KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:10:11.0589 2308KSecDD - ok
18:10:11.0597 2308KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:10:11.0599 2308KSecPkg - ok
18:10:11.0610 2308ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:10:11.0611 2308ksthunk - ok
18:10:11.0629 2308KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:10:11.0633 2308KtmRm - ok
18:10:11.0648 2308LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
18:10:11.0652 2308LanmanServer - ok
18:10:11.0672 2308LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:10:11.0676 2308LanmanWorkstation - ok
18:10:11.0698 2308lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:10:11.0699 2308lltdio - ok
18:10:11.0716 2308lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:10:11.0720 2308lltdsvc - ok
18:10:11.0734 2308lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:10:11.0736 2308lmhosts - ok
18:10:11.0766 2308LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
18:10:11.0767 2308LSI_FC - ok
18:10:11.0772 2308LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
18:10:11.0773 2308LSI_SAS - ok
18:10:11.0786 2308LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
18:10:11.0787 2308LSI_SAS2 - ok
18:10:11.0792 2308LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
18:10:11.0793 2308LSI_SCSI - ok
18:10:11.0807 2308luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:10:11.0809 2308luafv - ok
18:10:11.0826 2308Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:10:11.0828 2308Mcx2Svc - ok
18:10:11.0832 2308megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
18:10:11.0833 2308megasas - ok
18:10:11.0845 2308MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
18:10:11.0848 2308MegaSR - ok
18:10:11.0894 2308MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\Windows\system32\C3DB.tmp
18:10:11.0895 2308MEMSWEEP2 - ok
18:10:11.0983 2308Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
18:10:11.0984 2308Microsoft Office Groove Audit Service - ok
18:10:11.0990 2308MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:10:11.0992 2308MMCSS - ok
18:10:12.0004 2308Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:10:12.0005 2308Modem - ok
18:10:12.0033 2308monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:10:12.0033 2308monitor - ok
18:10:12.0048 2308mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:10:12.0049 2308mouclass - ok
18:10:12.0077 2308mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:10:12.0078 2308mouhid - ok
18:10:12.0086 2308mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:10:12.0087 2308mountmgr - ok
18:10:12.0119 2308MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
18:10:12.0121 2308MpFilter - ok
18:10:12.0129 2308mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:10:12.0131 2308mpio - ok
18:10:12.0136 2308mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:10:12.0137 2308mpsdrv - ok
18:10:12.0157 2308MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:10:12.0164 2308MpsSvc - ok
18:10:12.0179 2308MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:10:12.0181 2308MRxDAV - ok
18:10:12.0209 2308mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:10:12.0210 2308mrxsmb - ok
18:10:12.0244 2308mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:10:12.0246 2308mrxsmb10 - ok
18:10:12.0255 2308mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:10:12.0257 2308mrxsmb20 - ok
18:10:12.0265 2308msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:10:12.0266 2308msahci - ok
18:10:12.0277 2308msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:10:12.0278 2308msdsm - ok
18:10:12.0287 2308MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:10:12.0290 2308MSDTC - ok
18:10:12.0301 2308Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:10:12.0302 2308Msfs - ok
18:10:12.0307 2308mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:10:12.0308 2308mshidkmdf - ok
18:10:12.0321 2308msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:10:12.0321 2308msisadrv - ok
18:10:12.0343 2308MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:10:12.0345 2308MSiSCSI - ok
18:10:12.0347 2308msiserver - ok
18:10:12.0356 2308MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:10:12.0356 2308MSKSSRV - ok
18:10:12.0403 2308MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:10:12.0403 2308MsMpSvc - ok
18:10:12.0415 2308MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:10:12.0416 2308MSPCLOCK - ok
18:10:12.0421 2308MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:10:12.0421 2308MSPQM - ok
18:10:12.0437 2308MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:10:12.0441 2308MsRPC - ok
18:10:12.0446 2308mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:10:12.0446 2308mssmbios - ok
18:10:12.0459 2308MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:10:12.0459 2308MSTEE - ok
18:10:12.0472 2308MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
18:10:12.0473 2308MTConfig - ok
18:10:12.0532 2308MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
18:10:12.0533 2308MTsensor - ok
18:10:12.0537 2308Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:10:12.0538 2308Mup - ok
18:10:12.0558 2308napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:10:12.0563 2308napagent - ok
18:10:12.0594 2308NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:10:12.0597 2308NativeWifiP - ok
18:10:12.0621 2308NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:10:12.0627 2308NDIS - ok
18:10:12.0653 2308NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:10:12.0653 2308NdisCap - ok
18:10:12.0662 2308NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:10:12.0663 2308NdisTapi - ok
18:10:12.0677 2308Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:10:12.0678 2308Ndisuio - ok
18:10:12.0689 2308NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:10:12.0690 2308NdisWan - ok
18:10:12.0694 2308NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:10:12.0695 2308NDProxy - ok
18:10:12.0709 2308NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:10:12.0710 2308NetBIOS - ok
18:10:12.0722 2308NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:10:12.0724 2308NetBT - ok
18:10:12.0753 2308Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:10:12.0754 2308Netlogon - ok
18:10:12.0783 2308Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:10:12.0787 2308Netman - ok
18:10:12.0850 2308NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:10:12.0852 2308NetMsmqActivator - ok
18:10:12.0854 2308NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:10:12.0855 2308NetPipeActivator - ok
18:10:12.0874 2308netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:10:12.0879 2308netprofm - ok
18:10:12.0882 2308NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:10:12.0883 2308NetTcpActivator - ok
18:10:12.0885 2308NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:10:12.0886 2308NetTcpPortSharing - ok
18:10:12.0933 2308nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
18:10:12.0934 2308nfrd960 - ok
18:10:12.0980 2308NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:10:12.0981 2308NisDrv - ok
18:10:13.0030 2308NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
18:10:13.0032 2308NisSrv - ok
18:10:13.0068 2308NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:10:13.0072 2308NlaSvc - ok
18:10:13.0081 2308Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:10:13.0081 2308Npfs - ok
18:10:13.0103 2308npggsvc - ok
18:10:13.0110 2308NPPTNT2 - ok
18:10:13.0120 2308nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:10:13.0122 2308nsi - ok
18:10:13.0128 2308nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:10:13.0129 2308nsiproxy - ok
18:10:13.0197 2308Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:10:13.0236 2308Ntfs - ok
18:10:13.0276 2308Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:10:13.0277 2308Null - ok
18:10:13.0301 2308nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
18:10:13.0302 2308nusb3hub - ok
18:10:13.0318 2308nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:10:13.0320 2308nusb3xhc - ok
18:10:13.0558 2308nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:10:13.0696 2308nvlddmkm - ok
18:10:13.0770 2308nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:10:13.0772 2308nvraid - ok
18:10:13.0792 2308nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:10:13.0793 2308nvstor - ok
18:10:13.0801 2308nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:10:13.0802 2308nv_agp - ok
18:10:13.0884 2308odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:10:13.0888 2308odserv - ok
18:10:13.0898 2308ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:10:13.0899 2308ohci1394 - ok
18:10:13.0929 2308ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:10:13.0930 2308ose - ok
18:10:13.0953 2308p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:10:13.0957 2308p2pimsvc - ok
18:10:13.0971 2308p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:10:13.0976 2308p2psvc - ok
18:10:13.0993 2308Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
18:10:13.0995 2308Parport - ok
18:10:14.0022 2308partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
18:10:14.0023 2308partmgr - ok
18:10:14.0033 2308PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:10:14.0036 2308PcaSvc - ok
18:10:14.0046 2308pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:10:14.0048 2308pci - ok
18:10:14.0055 2308pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:10:14.0055 2308pciide - ok
18:10:14.0071 2308pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
18:10:14.0073 2308pcmcia - ok
18:10:14.0077 2308pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:10:14.0078 2308pcw - ok
18:10:14.0101 2308PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:10:14.0106 2308PEAUTH - ok
18:10:14.0147 2308PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:10:14.0149 2308PerfHost - ok
18:10:14.0211 2308pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:10:14.0234 2308pla - ok
18:10:14.0279 2308PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:10:14.0285 2308PlugPlay - ok
18:10:14.0287 2308PnkBstrA - ok
18:10:14.0300 2308PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:10:14.0302 2308PNRPAutoReg - ok
18:10:14.0321 2308PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:10:14.0324 2308PNRPsvc - ok
18:10:14.0449 2308PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:10:14.0454 2308PolicyAgent - ok
18:10:14.0473 2308Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:10:14.0476 2308Power - ok
18:10:14.0502 2308PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:10:14.0503 2308PptpMiniport - ok
18:10:14.0521 2308Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
18:10:14.0522 2308Processor - ok
18:10:14.0555 2308ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
18:10:14.0558 2308ProfSvc - ok
18:10:14.0576 2308ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:10:14.0577 2308ProtectedStorage - ok
18:10:14.0603 2308Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:10:14.0605 2308Psched - ok
18:10:14.0647 2308ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
18:10:14.0669 2308ql2300 - ok
18:10:14.0712 2308ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
18:10:14.0714 2308ql40xx - ok
18:10:14.0726 2308QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:10:14.0730 2308QWAVE - ok
18:10:14.0741 2308QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:10:14.0741 2308QWAVEdrv - ok
18:10:14.0744 2308RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:10:14.0745 2308RasAcd - ok
18:10:14.0757 2308RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:10:14.0758 2308RasAgileVpn - ok
18:10:14.0769 2308RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:10:14.0772 2308RasAuto - ok
18:10:14.0780 2308Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:10:14.0781 2308Rasl2tp - ok
18:10:14.0796 2308RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:10:14.0800 2308RasMan - ok
18:10:14.0806 2308RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:10:14.0807 2308RasPppoe - ok
18:10:14.0813 2308RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:10:14.0814 2308RasSstp - ok
18:10:14.0829 2308rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:10:14.0831 2308rdbss - ok
18:10:14.0848 2308rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
18:10:14.0848 2308rdpbus - ok
18:10:14.0858 2308RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:10:14.0859 2308RDPCDD - ok
18:10:14.0883 2308RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:10:14.0883 2308RDPENCDD - ok
18:10:14.0888 2308RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:10:14.0889 2308RDPREFMP - ok
18:10:14.0918 2308RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
18:10:14.0920 2308RDPWD - ok
18:10:14.0932 2308rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:10:14.0934 2308rdyboost - ok
18:10:14.0964 2308RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:10:14.0967 2308RemoteAccess - ok
18:10:14.0982 2308RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:10:14.0985 2308RemoteRegistry - ok
18:10:15.0001 2308RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:10:15.0003 2308RpcEptMapper - ok
18:10:15.0015 2308RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:10:15.0017 2308RpcLocator - ok
18:10:15.0039 2308RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:10:15.0043 2308RpcSs - ok
18:10:15.0048 2308rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:10:15.0049 2308rspndr - ok
18:10:15.0093 2308RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0)
 
C:\Windows\system32\DRIVERS\Rt64win7.sys
18:10:15.0097 2308RTL8167 - ok
18:10:15.0117 2308SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:10:15.0118 2308SamSs - ok
18:10:15.0186 2308SASDIFSV - ok
18:10:15.0197 2308SASKUTIL - ok
18:10:15.0211 2308sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:10:15.0212 2308sbp2port - ok
18:10:15.0229 2308SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:10:15.0233 2308SCardSvr - ok
18:10:15.0247 2308scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:10:15.0247 2308scfilter - ok
18:10:15.0277 2308Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:10:15.0296 2308Schedule - ok
18:10:15.0317 2308SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:10:15.0318 2308SCPolicySvc - ok
18:10:15.0331 2308SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:10:15.0335 2308SDRSVC - ok
18:10:15.0374 2308secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:10:15.0375 2308secdrv - ok
18:10:15.0394 2308seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:10:15.0397 2308seclogon - ok
18:10:15.0405 2308SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
18:10:15.0408 2308SENS - ok
18:10:15.0419 2308SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:10:15.0421 2308SensrSvc - ok
18:10:15.0441 2308Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:10:15.0441 2308Serenum - ok
18:10:15.0457 2308Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:10:15.0459 2308Serial - ok
18:10:15.0472 2308sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
18:10:15.0473 2308sermouse - ok
18:10:15.0485 2308SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:10:15.0488 2308SessionEnv - ok
18:10:15.0494 2308sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:10:15.0495 2308sffdisk - ok
18:10:15.0498 2308sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:10:15.0499 2308sffp_mmc - ok
18:10:15.0507 2308sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:10:15.0508 2308sffp_sd - ok
18:10:15.0511 2308sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
18:10:15.0512 2308sfloppy - ok
18:10:15.0552 2308SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:10:15.0555 2308SharedAccess - ok
18:10:15.0574 2308ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:10:15.0579 2308ShellHWDetection - ok
18:10:15.0594 2308SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
18:10:15.0595 2308SiSRaid2 - ok
18:10:15.0600 2308SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
18:10:15.0601 2308SiSRaid4 - ok
18:10:15.0700 2308SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
18:10:15.0702 2308SkypeUpdate - ok
18:10:15.0712 2308Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:10:15.0713 2308Smb - ok
18:10:15.0735 2308SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:10:15.0737 2308SNMPTRAP - ok
18:10:15.0750 2308spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:10:15.0751 2308spldr - ok
18:10:15.0774 2308Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:10:15.0780 2308Spooler - ok
18:10:15.0855 2308sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:10:15.0907 2308sppsvc - ok
18:10:15.0960 2308sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:10:15.0963 2308sppuinotify - ok
18:10:15.0991 2308srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:10:15.0995 2308srv - ok
18:10:16.0014 2308srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:10:16.0017 2308srv2 - ok
18:10:16.0031 2308srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:10:16.0033 2308srvnet - ok
18:10:16.0063 2308ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
18:10:16.0065 2308ssadbus - ok
18:10:16.0075 2308ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
18:10:16.0076 2308ssadmdfl - ok
18:10:16.0084 2308ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
18:10:16.0086 2308ssadmdm - ok
18:10:16.0105 2308SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:10:16.0109 2308SSDPSRV - ok
18:10:16.0122 2308SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:10:16.0125 2308SstpSvc - ok
18:10:16.0174 2308Steam Client Service - ok
18:10:16.0197 2308stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
18:10:16.0198 2308stexstor - ok
18:10:16.0223 2308stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:10:16.0229 2308stisvc - ok
18:10:16.0243 2308swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:10:16.0243 2308swenum - ok
18:10:16.0261 2308swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:10:16.0267 2308swprv - ok
18:10:16.0307 2308SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:10:16.0337 2308SysMain - ok
18:10:16.0385 2308TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:10:16.0389 2308TabletInputService - ok
18:10:16.0404 2308TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:10:16.0409 2308TapiSrv - ok
18:10:16.0416 2308TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:10:16.0419 2308TBS - ok
18:10:16.0493 2308Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
18:10:16.0523 2308Tcpip - ok
18:10:16.0617 2308TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
18:10:16.0625 2308TCPIP6 - ok
18:10:16.0676 2308tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:10:16.0677 2308tcpipreg - ok
18:10:16.0689 2308TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:10:16.0690 2308TDPIPE - ok
18:10:16.0723 2308TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:10:16.0723 2308TDTCP - ok
18:10:16.0733 2308tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:10:16.0734 2308tdx - ok
18:10:16.0740 2308TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
18:10:16.0741 2308TermDD - ok
18:10:16.0764 2308TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:10:16.0771 2308TermService - ok
18:10:16.0785 2308Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:10:16.0788 2308Themes - ok
18:10:16.0811 2308THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:10:16.0813 2308THREADORDER - ok
18:10:16.0824 2308TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:10:16.0827 2308TrkWks - ok
18:10:16.0864 2308TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:10:16.0866 2308TrustedInstaller - ok
18:10:16.0878 2308tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:10:16.0879 2308tssecsrv - ok
18:10:16.0889 2308TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:10:16.0890 2308TsUsbFlt - ok
18:10:16.0893 2308TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
18:10:16.0894 2308TsUsbGD - ok
18:10:16.0914 2308tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:10:16.0915 2308tunnel - ok
18:10:16.0920 2308uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
18:10:16.0921 2308uagp35 - ok
18:10:16.0937 2308udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:10:16.0939 2308udfs - ok
18:10:16.0956 2308UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:10:16.0959 2308UI0Detect - ok
18:10:16.0974 2308uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:10:16.0975 2308uliagpkx - ok
18:10:16.0984 2308umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
18:10:16.0985 2308umbus - ok
18:10:16.0999 2308UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
18:10:16.0999 2308UmPass - ok
18:10:17.0015 2308upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:10:17.0020 2308upnphost - ok
18:10:17.0037 2308usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
18:10:17.0038 2308usbccgp - ok
18:10:17.0053 2308usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:10:17.0055 2308usbcir - ok
18:10:17.0066 2308usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:10:17.0067 2308usbehci - ok
18:10:17.0079 2308usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
18:10:17.0080 2308usbfilter - ok
18:10:17.0093 2308usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:10:17.0096 2308usbhub - ok
18:10:17.0105 2308usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:10:17.0106 2308usbohci - ok
18:10:17.0122 2308usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
18:10:17.0123 2308usbprint - ok
18:10:17.0141 2308USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:10:17.0142 2308USBSTOR - ok
18:10:17.0153 2308usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:10:17.0154 2308usbuhci - ok
18:10:17.0170 2308UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:10:17.0173 2308UxSms - ok
18:10:17.0198 2308VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:10:17.0199 2308VaultSvc - ok
18:10:17.0212 2308vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:10:17.0213 2308vdrvroot - ok
18:10:17.0238 2308vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:10:17.0244 2308vds - ok
18:10:17.0247 2308vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:10:17.0248 2308vga - ok
18:10:17.0264 2308VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:10:17.0265 2308VgaSave - ok
18:10:17.0274 2308vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:10:17.0276 2308vhdmp - ok
18:10:17.0320 2308VIAHdAudAddService (dfdf7f9caa50ee72a633ea4bbd65a557) C:\Windows\system32\drivers\viahduaa.sys
18:10:17.0344 2308VIAHdAudAddService - ok
18:10:17.0348 2308viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:10:17.0349 2308viaide - ok
18:10:17.0364 2308volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:10:17.0365 2308volmgr - ok
18:10:17.0374 2308volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:10:17.0376 2308volmgrx - ok
18:10:17.0417 2308volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:10:17.0419 2308volsnap - ok
18:10:17.0442 2308vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
18:10:17.0444 2308vsmraid - ok
18:10:17.0488 2308VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:10:17.0519 2308VSS - ok
18:10:17.0590 2308vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:10:17.0591 2308vwifibus - ok
18:10:17.0610 2308W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:10:17.0615 2308W32Time - ok
18:10:17.0642 2308WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
18:10:17.0643 2308WacomPen - ok
18:10:17.0649 2308WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:10:17.0650 2308WANARP - ok
18:10:17.0652 2308Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:10:17.0653 2308Wanarpv6 - ok
18:10:17.0704 2308WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:10:17.0729 2308WatAdminSvc - ok
18:10:17.0769 2308wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:10:17.0810 2308wbengine - ok
18:10:17.0857 2308WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:10:17.0861 2308WbioSrvc - ok
18:10:17.0876 2308wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:10:17.0881 2308wcncsvc - ok
18:10:17.0892 2308WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:10:17.0895 2308WcsPlugInService - ok
18:10:17.0908 2308Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
18:10:17.0908 2308Wd - ok
18:10:17.0943 2308Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:10:17.0959 2308Wdf01000 - ok
18:10:17.0969 2308WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:10:17.0973 2308WdiServiceHost - ok
18:10:17.0975 2308WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:10:17.0977 2308WdiSystemHost - ok
18:10:17.0999 2308WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:10:18.0003 2308WebClient - ok
18:10:18.0016 2308Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:10:18.0021 2308Wecsvc - ok
18:10:18.0034 2308wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:10:18.0038 2308wercplsupport - ok
18:10:18.0058 2308WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:10:18.0061 2308WerSvc - ok
18:10:18.0068 2308WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:10:18.0069 2308WfpLwf - ok
18:10:18.0081 2308WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:10:18.0082 2308WIMMount - ok
18:10:18.0124 2308WinDefend - ok
18:10:18.0129 2308WinHttpAutoProxySvc - ok
18:10:18.0179 2308Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:10:18.0182 2308Winmgmt - ok
18:10:18.0239 2308WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:10:18.0274 2308WinRM - ok
18:10:18.0349 2308WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:10:18.0350 2308WinUsb - ok
18:10:18.0382 2308Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:10:18.0391 2308Wlansvc - ok
18:10:18.0503 2308wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:10:18.0529 2308wlidsvc - ok
18:10:18.0567 2308WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:10:18.0568 2308WmiAcpi - ok
18:10:18.0588 2308wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:10:18.0590 2308wmiApSrv - ok
18:10:18.0614 2308WMPNetworkSvc - ok
18:10:18.0642 2308WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:10:18.0645 2308WPCSvc - ok
18:10:18.0658 2308WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:10:18.0662 2308WPDBusEnum - ok
18:10:18.0672 2308ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:10:18.0673 2308ws2ifsl - ok
18:10:18.0692 2308wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
18:10:18.0696 2308wscsvc - ok
18:10:18.0698 2308WSearch - ok
18:10:18.0774 2308wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
18:10:18.0811 2308wuauserv - ok
18:10:18.0857 2308WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:10:18.0858 2308WudfPf - ok
18:10:18.0886 2308WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:10:18.0888 2308WUDFRd - ok
18:10:18.0895 2308wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:10:18.0898 2308wudfsvc - ok
18:10:18.0916 2308WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:10:18.0920 2308WwanSvc - ok
18:10:18.0946 2308yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
18:10:18.0949 2308yukonw7 - ok
18:10:18.0958 2308MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:10:18.0987 2308\Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
18:10:18.0987 2308\Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
18:10:19.0015 2308Boot (0x1200) (d305ef3018d1b1a4db1921fcc48d2733) \Device\Harddisk0\DR0\Partition0
18:10:19.0018 2308\Device\Harddisk0\DR0\Partition0 - ok
18:10:19.0035 2308Boot (0x1200) (db8b4b9afafbcece5bbd5cc542c1ce06) \Device\Harddisk0\DR0\Partition1
18:10:19.0037 2308\Device\Harddisk0\DR0\Partition1 - ok
18:10:19.0038 2308============================================================
18:10:19.0038 2308Scan finished
18:10:19.0038 2308============================================================
18:10:19.0044 0956Detected object count: 2
18:10:19.0044 0956Actual detected object count: 2
18:10:44.0278 0956Akamai ( HiddenFile.Multi.Generic ) - skipped by user
18:10:44.0279 0956Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
18:10:44.0587 0956\Device\Harddisk0\DR0\# - copied to quarantine
18:10:44.0767 0956\Device\Harddisk0\DR0 - copied to quarantine
18:10:45.0730 0956\Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
18:10:45.0772 0956\Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
18:10:45.0774 0956\Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
18:10:45.0776 0956\Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
18:10:45.0778 0956\Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
18:10:45.0781 0956\Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
18:10:48.0121 0956\Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
18:10:48.0170 0956\Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
18:10:48.0223 0956\Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
18:10:48.0374 0956\Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
18:10:48.0579 0956\Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
18:10:48.0644 0956\Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
18:10:48.0685 0956\Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
18:10:48.0751 0956\Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
18:10:48.0754 0956\Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
18:10:48.0757 0956\Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
18:10:48.0795 0956\Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
18:10:48.0847 0956\Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
18:10:51.0205 0956\Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine
18:10:51.0440 0956\Device\Harddisk0\DR0\TDLFS\sant64 - copied to quarantine
18:10:51.0663 0956\Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
18:10:51.0666 0956\Device\Harddisk0\DR0\TDLFS\time.txt - copied to quarantine
18:10:51.0669 0956\Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
18:10:51.0674 0956\Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
18:10:51.0817 0956\Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
18:10:52.0040 0956\Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
18:10:52.0081 0956\Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
18:10:52.0082 0956\Device\Harddisk0\DR0 - ok
18:10:52.0233 0956\Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
18:11:23.0904 4756Deinitialize success
 
It worked fine without any problems, and I ran the scan as requested. And here is the log.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-16 18:31:03
-----------------------------
18:31:03.117 OS Version: Windows x64 6.1.7601 Service Pack 1
18:31:03.117 Number of processors: 3 586 0x403
18:31:03.118 ComputerName: JUSTIN-PC UserName: Justin
18:31:07.945 Initialize success
18:31:08.794 AVAST engine defs: 12061601
18:33:06.885 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:33:06.886 Disk 0 Vendor: ST31000524AS JC45 Size: 953869MB BusType: 3
18:33:06.911 Disk 0 MBR read successfully
18:33:06.912 Disk 0 MBR scan
18:33:06.914 Disk 0 Windows 7 default MBR code
18:33:06.921 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:33:06.933 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
18:33:06.942 Disk 0 scanning C:\Windows\system32\drivers
18:33:12.302 Service scanning
18:33:21.594 Modules scanning
18:33:21.598 Disk 0 trace - called modules:
18:33:21.614 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:33:21.616 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a2f060]
18:33:21.942 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8004a2b1b0]
18:33:21.945 5 ACPI.sys[fffff88000f017a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004a19060]
18:33:24.215 AVAST engine scan C:\Windows
18:33:26.620 AVAST engine scan C:\Windows\system32
18:35:01.660 AVAST engine scan C:\Windows\system32\drivers
18:35:10.667 AVAST engine scan C:\Users\Justin
18:40:40.410 AVAST engine scan C:\ProgramData
18:44:02.530 Scan finished successfully
18:45:33.689 Disk 0 MBR has been saved successfully to "C:\Users\Justin\Desktop\MBR.dat"
18:45:33.734 The log file has been saved successfully to "C:\Users\Justin\Desktop\aswMBR.txt"
 
Very well :)

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Ran combofix and received that registry key error, but after restarting everything worked fine again. Here are the logs.


ComboFix 12-06-15.06 - Justin 06/16/2012 19:39:05.4.3 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2359 [GMT -4:00]
Running from: c:\users\Justin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-16 to 2012-06-16 )))))))))))))))))))))))))))))))
.
.
2012-06-16 23:47 . 2012-06-16 23:479310----a-w-c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-06-16 23:47 . 2012-06-16 23:478646----a-w-c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-06-16 23:47 . 2012-06-16 23:476429----a-w-c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-06-16 23:47 . 2012-06-16 23:4763115----a-w-c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-06-16 23:47 . 2012-06-16 23:475927----a-w-c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-06-16 23:47 . 2012-06-16 23:474599----a-w-c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-06-16 22:14 . 2012-06-16 22:14116016----a-w-c:\windows\system32\drivers\66027724.sys
2012-06-16 22:10 . 2012-06-16 22:10--------d-----w-C:\TDSSKiller_Quarantine
2012-06-16 05:36 . 2012-06-16 05:38--------d-----w-c:\program files (x86)\Google
2012-06-16 05:36 . 2012-03-06 23:0124408----a-w-c:\windows\system32\drivers\aswFsBlk.sys
2012-06-16 05:36 . 2012-03-06 23:04337240----a-w-c:\windows\system32\drivers\aswSP.sys
2012-06-16 05:36 . 2012-03-06 23:0253080----a-w-c:\windows\system32\drivers\aswRdr2.sys
2012-06-16 05:36 . 2012-03-06 23:0159224----a-w-c:\windows\system32\drivers\aswTdi.sys
2012-06-16 05:35 . 2012-03-06 23:04819032----a-w-c:\windows\system32\drivers\aswSnx.sys
2012-06-16 05:35 . 2012-03-06 23:15258520----a-w-c:\windows\system32\aswBoot.exe
2012-06-16 05:35 . 2012-03-06 23:0169976----a-w-c:\windows\system32\drivers\aswMonFlt.sys
2012-06-16 05:35 . 2012-03-06 23:1541184----a-w-c:\windows\avastSS.scr
2012-06-16 05:35 . 2012-03-06 23:15201352----a-w-c:\windows\SysWow64\aswBoot.exe
2012-06-16 05:35 . 2012-06-16 05:35--------d-----w-c:\programdata\AVAST Software
2012-06-16 05:35 . 2012-06-16 05:35--------d-----w-c:\program files\AVAST Software
2012-06-16 05:01 . 2012-05-08 14:028955792----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{79801836-08E0-4822-8348-5B3512B410D2}\mpengine.dll
2012-06-16 04:25 . 2012-06-16 04:25--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-15 02:24 . 2012-05-04 23:29772504----a-w-c:\windows\SysWow64\npDeployJava1.dll
2012-06-15 01:59 . 2012-06-15 01:59927800------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9D94BE4-A55B-4AAA-A449-3C18F16896D4}\gapaengine.dll
2012-06-15 01:59 . 2012-05-08 14:028955792----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-15 01:57 . 2012-06-15 01:57--------d-----w-c:\program files (x86)\Microsoft Security Client
2012-06-15 01:57 . 2012-06-15 01:57--------d-----w-c:\program files\Microsoft Security Client
2012-06-15 01:50 . 2012-05-04 11:00366592----a-w-c:\windows\system32\qdvd.dll
2012-06-15 01:50 . 2012-05-04 09:59514560----a-w-c:\windows\SysWow64\qdvd.dll
2012-06-14 21:45 . 2011-05-12 18:036144------w-c:\windows\system32\C3DB.tmp
2012-06-14 21:37 . 2011-05-12 18:036144------w-c:\windows\system32\1219.tmp
2012-06-14 21:24 . 2011-05-12 18:036144------w-c:\windows\system32\926.tmp
2012-06-14 21:22 . 2011-05-12 18:036144------w-c:\windows\system32\53EA.tmp
2012-06-14 21:22 . 2012-06-14 21:22--------d-----w-c:\program files (x86)\Sophos
2012-06-14 21:11 . 2012-06-14 21:1112872----a-w-c:\windows\system32\bootdelete.exe
2012-06-14 21:07 . 2012-06-14 21:11--------d-----w-c:\programdata\HitmanPro
2012-06-14 06:12 . 2012-05-15 05:418955792----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{FBB33B4E-1854-4332-AFF3-29671E7927D1}\mpengine.dll
2012-06-13 15:33 . 2012-04-26 05:4177312----a-w-c:\windows\system32\rdpwsx.dll
2012-06-13 15:33 . 2012-04-26 05:41149504----a-w-c:\windows\system32\rdpcorekmts.dll
2012-06-13 15:33 . 2012-04-26 05:349216----a-w-c:\windows\system32\rdrmemptylst.exe
2012-06-13 15:33 . 2012-05-01 05:40209920----a-w-c:\windows\system32\profsvc.dll
2012-06-13 15:33 . 2012-05-04 11:065559664----a-w-c:\windows\system32\ntoskrnl.exe
2012-06-13 15:33 . 2012-05-04 10:033968368----a-w-c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 15:33 . 2012-05-04 10:033913072----a-w-c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 15:33 . 2012-05-15 01:323146752----a-w-c:\windows\system32\win32k.sys
2012-06-13 15:32 . 2012-04-28 03:55210944----a-w-c:\windows\system32\drivers\rdpwd.sys
2012-06-13 15:32 . 2012-04-07 12:313216384----a-w-c:\windows\system32\msi.dll
2012-06-13 15:32 . 2012-04-07 11:262342400----a-w-c:\windows\SysWow64\msi.dll
2012-06-13 15:32 . 2012-04-24 05:371462272----a-w-c:\windows\system32\crypt32.dll
2012-06-13 15:32 . 2012-04-24 04:361158656----a-w-c:\windows\SysWow64\crypt32.dll
2012-06-13 15:32 . 2012-04-24 05:37184320----a-w-c:\windows\system32\cryptsvc.dll
2012-06-13 15:32 . 2012-04-24 05:37140288----a-w-c:\windows\system32\cryptnet.dll
2012-06-13 15:32 . 2012-04-24 04:36140288----a-w-c:\windows\SysWow64\cryptsvc.dll
2012-06-13 15:32 . 2012-04-24 04:36103936----a-w-c:\windows\SysWow64\cryptnet.dll
2012-06-09 14:04 . 2012-06-09 14:04--------d-----w-C:\temp
2012-05-25 02:32 . 2012-05-25 02:32--------d-----w-c:\users\Justin\AppData\Roaming\LolClient2
2012-05-18 17:02 . 2012-05-18 17:02--------d-----w-c:\programdata\ATI
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 23:29 . 2011-06-29 17:03687504----a-w-c:\windows\SysWow64\deployJava1.dll
2012-03-30 11:35 . 2012-05-10 15:211918320----a-w-c:\windows\system32\drivers\tcpip.sys
2012-03-29 07:21 . 2012-03-29 07:2174752----a-w-c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-29 07:21 . 2012-03-29 07:21161792----a-w-c:\windows\SysWow64\msls31.dll
2012-03-29 07:21 . 2012-03-29 07:21110592----a-w-c:\windows\SysWow64\IEAdvpack.dll
2012-03-29 07:21 . 2012-03-29 07:2186528----a-w-c:\windows\SysWow64\iesysprep.dll
2012-03-29 07:21 . 2012-03-29 07:2176800----a-w-c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-29 07:21 . 2012-03-29 07:2163488----a-w-c:\windows\SysWow64\tdc.ocx
2012-03-29 07:21 . 2012-03-29 07:2148640----a-w-c:\windows\SysWow64\mshtmler.dll
2012-03-29 07:21 . 2012-03-29 07:21367104----a-w-c:\windows\SysWow64\html.iec
2012-03-29 07:21 . 2012-03-29 07:2174752----a-w-c:\windows\SysWow64\iesetup.dll
2012-03-29 07:21 . 2012-03-29 07:21420864----a-w-c:\windows\SysWow64\vbscript.dll
2012-03-29 07:21 . 2012-03-29 07:2123552----a-w-c:\windows\SysWow64\licmgr10.dll
2012-03-29 07:21 . 2012-03-29 07:21152064----a-w-c:\windows\SysWow64\wextract.exe
2012-03-29 07:21 . 2012-03-29 07:21150528----a-w-c:\windows\SysWow64\iexpress.exe
2012-03-29 07:21 . 2012-03-29 07:2135840----a-w-c:\windows\SysWow64\imgutil.dll
2012-03-29 07:21 . 2012-03-29 07:2111776----a-w-c:\windows\SysWow64\mshta.exe
2012-03-29 07:21 . 2012-03-29 07:21101888----a-w-c:\windows\SysWow64\admparse.dll
2012-03-29 07:21 . 2012-03-29 07:2189088----a-w-c:\windows\system32\RegisterIEPKEYs.exe
2012-03-29 07:21 . 2012-03-29 07:21222208----a-w-c:\windows\system32\msls31.dll
2012-03-29 07:21 . 2012-03-29 07:2149664----a-w-c:\windows\system32\imgutil.dll
2012-03-29 07:21 . 2012-03-29 07:21135168----a-w-c:\windows\system32\IEAdvpack.dll
2012-03-29 07:21 . 2012-03-29 07:2112288----a-w-c:\windows\system32\mshta.exe
2012-03-29 07:21 . 2012-03-29 07:21114176----a-w-c:\windows\system32\admparse.dll
2012-03-29 07:21 . 2012-03-29 07:2191648----a-w-c:\windows\system32\SetIEInstalledDate.exe
2012-03-29 07:21 . 2012-03-29 07:2176800----a-w-c:\windows\system32\tdc.ocx
2012-03-29 07:21 . 2012-03-29 07:2148640----a-w-c:\windows\system32\mshtmler.dll
2012-03-29 07:21 . 2012-03-29 07:21448512----a-w-c:\windows\system32\html.iec
2012-03-29 07:21 . 2012-03-29 07:21111616----a-w-c:\windows\system32\iesysprep.dll
2012-03-29 07:21 . 2012-03-29 07:2185504----a-w-c:\windows\system32\iesetup.dll
2012-03-29 07:21 . 2012-03-29 07:2130720----a-w-c:\windows\system32\licmgr10.dll
2012-03-29 07:21 . 2012-03-29 07:21160256----a-w-c:\windows\system32\wextract.exe
2012-03-29 07:21 . 2012-03-29 07:21603648----a-w-c:\windows\system32\vbscript.dll
2012-03-29 07:21 . 2012-03-29 07:21165888----a-w-c:\windows\system32\iexpress.exe
2012-03-21 00:44 . 2012-03-21 00:4498688----a-w-c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44 . 2012-03-21 00:44203888----a-w-c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-14_03.13.05 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-01-20 09:1716384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-16 23:4616384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-20 09:1732768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-16 23:4632768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-20 09:1716384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-16 23:4616384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-06-16 22:1456630 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-16 22:1453546 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-29 17:01 . 2012-06-16 22:1419806 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-342600129-2650440487-3029507804-1002_UserData.bin
+ 2011-01-07 19:02 . 2011-01-07 19:0257168 c:\windows\system64\vcomp100.dll
- 2010-03-18 16:36 . 2010-03-18 16:3657168 c:\windows\system64\vcomp100.dll
+ 2011-01-07 19:02 . 2011-01-07 19:0291472 c:\windows\system64\mfcm100u.dll
- 2010-03-18 16:36 . 2010-03-18 16:3691472 c:\windows\system64\mfcm100u.dll
+ 2011-01-07 19:02 . 2011-01-07 19:0291472 c:\windows\system64\mfcm100.dll
- 2010-03-18 16:36 . 2010-03-18 16:3691472 c:\windows\system64\mfcm100.dll
+ 2011-01-07 19:02 . 2011-01-07 19:0260752 c:\windows\system64\mfc100rus.dll
- 2010-03-18 16:36 . 2010-03-18 16:3660752 c:\windows\system64\mfc100rus.dll
+ 2011-01-07 19:02 . 2011-01-07 19:0243344 c:\windows\system64\mfc100kor.dll
- 2010-03-18 16:36 . 2010-03-18 16:3643344 c:\windows\system64\mfc100kor.dll
+ 2011-01-07 19:02 . 2011-01-07 19:0243856 c:\windows\system64\mfc100jpn.dll
- 2010-03-18 16:36 . 2010-03-18 16:3643856 c:\windows\system64\mfc100jpn.dll
- 2010-03-18 16:36 . 2010-03-18 16:3662288 c:\windows\system64\mfc100ita.dll
+ 2011-01-07 19:02 . 2011-01-07 19:0262288 c:\windows\system64\mfc100ita.dll
- 2010-03-18 16:36 . 2010-03-18 16:3664336 c:\windows\system64\mfc100fra.dll
+ 2011-01-07 19:02 . 2011-01-07 19:0264336 c:\windows\system64\mfc100fra.dll
+ 2011-01-07 19:02 . 2011-01-07 19:0263824 c:\windows\system64\mfc100esn.dll
- 2010-03-18 16:36 . 2010-03-18 16:3663824 c:\windows\system64\mfc100esn.dll
+ 2011-01-07 19:02 . 2011-01-07 19:0255120 c:\windows\system64\mfc100enu.dll
- 2010-03-18 16:36 . 2010-03-18 16:3655120 c:\windows\system64\mfc100enu.dll
+ 2011-01-07 19:02 . 2011-01-07 19:0264336 c:\windows\system64\mfc100deu.dll
- 2010-03-18 16:36 . 2010-03-18 16:3664336 c:\windows\system64\mfc100deu.dll
- 2010-03-18 16:36 . 2010-03-18 16:3636176 c:\windows\system64\mfc100cht.dll
+ 2011-01-07 19:02 . 2011-01-07 19:0236176 c:\windows\system64\mfc100cht.dll
+ 2011-01-07 19:02 . 2011-01-07 19:0236176 c:\windows\system64\mfc100chs.dll
- 2010-03-18 16:36 . 2010-03-18 16:3636176 c:\windows\system64\mfc100chs.dll
+ 2012-03-21 00:44 . 2012-03-21 00:4498688 c:\windows\system64\drivers\NisDrvWFP.sys
+ 2012-06-16 05:36 . 2012-03-06 23:0159224 c:\windows\system64\drivers\aswTdi.sys
+ 2012-06-16 05:36 . 2012-03-06 23:0253080 c:\windows\system64\drivers\aswRdr2.sys
+ 2012-06-16 05:35 . 2012-03-06 23:0169976 c:\windows\system64\drivers\aswMonFlt.sys
+ 2012-06-16 05:36 . 2012-03-06 23:0124408 c:\windows\system64\drivers\aswFsBlk.sys
+ 2011-06-29 19:51 . 2012-06-16 05:2116384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-29 19:51 . 2012-06-14 02:1916384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-29 19:51 . 2012-06-16 05:2132768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-29 19:51 . 2012-06-14 02:1932768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-16 05:2116384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-14 02:1916384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-14 21:11 . 2012-06-14 21:1112872 c:\windows\system64\bootdelete.exe
+ 2010-11-21 03:09 . 2012-06-16 22:1456630 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-16 22:1453546 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-29 17:01 . 2012-06-16 22:1419806 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-342600129-2650440487-3029507804-1002_UserData.bin
- 2010-03-18 16:36 . 2010-03-18 16:3657168 c:\windows\system32\vcomp100.dll
+ 2011-01-07 19:02 . 2011-01-07 19:0257168 c:\windows\system32\vcomp100.dll
+ 2011-01-07 19:02 . 2011-01-07 19:0291472 c:\windows\system32\mfcm100u.dll
- 2010-03-18 16:36 . 2010-03-18 16:3691472 c:\windows\system32\mfcm100u.dll
- 2010-03-18 16:36 . 2010-03-18 16:3691472 c:\windows\system32\mfcm100.dll
+ 2011-01-07 19:02 . 2011-01-07 19:0291472 c:\windows\system32\mfcm100.dll
+ 2011-01-07 19:02 . 2011-01-07 19:0260752 c:\windows\system32\mfc100rus.dll
- 2010-03-18 16:36 . 2010-03-18 16:3660752 c:\windows\system32\mfc100rus.dll
+ 2011-01-07 19:02 . 2011-01-07 19:0243344 c:\windows\system32\mfc100kor.dll
- 2010-03-18 16:36 . 2010-03-18 16:3643344 c:\windows\system32\mfc100kor.dll
- 2010-03-18 16:36 . 2010-03-18 16:3643856 c:\windows\system32\mfc100jpn.dll
+ 2011-01-07 19:02 . 2011-01-07 19:0243856 c:\windows\system32\mfc100jpn.dll
- 2010-03-18 16:36 . 2010-03-18 16:3662288 c:\windows\system32\mfc100ita.dll
+ 2011-01-07 19:02 . 2011-01-07 19:0262288 c:\windows\system32\mfc100ita.dll
+ 2011-01-07 19:02 . 2011-01-07 19:0264336 c:\windows\system32\mfc100fra.dll
- 2010-03-18 16:36 . 2010-03-18 16:3664336 c:\windows\system32\mfc100fra.dll
+ 2011-01-07 19:02 . 2011-01-07 19:0263824 c:\windows\system32\mfc100esn.dll
- 2010-03-18 16:36 . 2010-03-18 16:3663824 c:\windows\system32\mfc100esn.dll
- 2010-03-18 16:36 . 2010-03-18 16:3655120 c:\windows\system32\mfc100enu.dll
+ 2011-01-07 19:02 . 2011-01-07 19:0255120 c:\windows\system32\mfc100enu.dll
- 2010-03-18 16:36 . 2010-03-18 16:3664336 c:\windows\system32\mfc100deu.dll
+ 2011-01-07 19:02 . 2011-01-07 19:0264336 c:\windows\system32\mfc100deu.dll
+ 2011-01-07 19:02 . 2011-01-07 19:0236176 c:\windows\system32\mfc100cht.dll
- 2010-03-18 16:36 . 2010-03-18 16:3636176 c:\windows\system32\mfc100cht.dll
+ 2011-01-07 19:02 . 2011-01-07 19:0236176 c:\windows\system32\mfc100chs.dll
- 2010-03-18 16:36 . 2010-03-18 16:3636176 c:\windows\system32\mfc100chs.dll
- 2011-06-29 19:51 . 2012-06-14 02:1916384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-29 19:51 . 2012-06-16 05:2116384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-29 19:51 . 2012-06-14 02:1932768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-06-29 19:51 . 2012-06-16 05:2132768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-14 02:1916384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-16 05:2116384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-06-15 23:5892960 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2012-06-14 02:2392960 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-06-16 05:42 . 2012-06-16 05:4225600 c:\windows\Installer\44ce36.msi
+ 2011-07-06 05:38 . 2012-06-15 02:185104 c:\windows\system64\wdi\ERCQueuedResolutions.dat
- 2011-07-06 05:38 . 2012-06-10 09:045104 c:\windows\system64\wdi\ERCQueuedResolutions.dat
- 2011-07-06 05:38 . 2012-06-10 09:045104 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-07-06 05:38 . 2012-06-15 02:185104 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-06-14 03:11 . 2012-06-14 03:112048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-16 23:46 . 2012-06-16 23:462048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-16 23:46 . 2012-06-16 23:462048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-14 03:11 . 2012-06-14 03:112048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-20 01:15 . 2011-10-26 05:25366592 c:\windows\system64\qdvd.dll
+ 2012-06-15 01:50 . 2012-05-04 11:00366592 c:\windows\system64\qdvd.dll
+ 2011-01-07 19:02 . 2011-01-07 19:02827728 c:\windows\system64\msvcr100.dll
- 2010-03-18 16:36 . 2010-03-18 16:36827728 c:\windows\system64\msvcr100.dll
+ 2011-01-07 19:02 . 2011-01-07 19:02608080 c:\windows\system64\msvcp100.dll
- 2010-11-21 03:27 . 2012-01-31 12:44279656 c:\windows\system64\MpSigStub.exe
+ 2010-11-21 03:27 . 2012-02-23 14:18279656 c:\windows\system64\MpSigStub.exe
+ 2012-03-21 00:44 . 2012-03-21 00:44203888 c:\windows\system64\drivers\MpFilter.sys
+ 2012-06-16 05:36 . 2012-03-06 23:04337240 c:\windows\system64\drivers\aswSP.sys
+ 2012-06-16 05:35 . 2012-03-06 23:04819032 c:\windows\system64\drivers\aswSnx.sys
+ 2012-06-16 22:14 . 2012-06-16 22:14116016 c:\windows\system64\drivers\66027724.sys
+ 2011-01-07 19:02 . 2011-01-07 19:02158536 c:\windows\system64\atl100.dll
- 2010-03-18 16:36 . 2010-03-18 16:36158536 c:\windows\system64\atl100.dll
+ 2012-06-16 05:35 . 2012-03-06 23:15258520 c:\windows\system64\aswBoot.exe
- 2010-03-18 16:36 . 2010-03-18 16:36827728 c:\windows\system32\msvcr100.dll
+ 2011-01-07 19:02 . 2011-01-07 19:02827728 c:\windows\system32\msvcr100.dll
+ 2011-01-07 19:02 . 2011-01-07 19:02608080 c:\windows\system32\msvcp100.dll
- 2010-11-21 03:27 . 2012-01-31 12:44279656 c:\windows\system32\MpSigStub.exe
+ 2010-11-21 03:27 . 2012-02-23 14:18279656 c:\windows\system32\MpSigStub.exe
- 2010-03-18 16:36 . 2010-03-18 16:36158536 c:\windows\system32\atl100.dll
+ 2011-01-07 19:02 . 2011-01-07 19:02158536 c:\windows\system32\atl100.dll
- 2009-07-14 05:01 . 2012-06-14 03:10389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-16 23:45389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-05-01 07:01 . 2012-05-01 07:01109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
+ 2012-05-01 07:01 . 2012-06-15 01:57109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
+ 2012-06-15 01:57 . 2012-06-15 01:57123352 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\MSE.exe
- 2012-05-01 07:01 . 2012-05-01 07:01109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
+ 2012-05-01 07:01 . 2012-06-15 01:57109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
+ 2012-05-01 07:01 . 2012-06-15 01:57109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
- 2012-05-01 07:01 . 2012-05-01 07:01109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
+ 2012-05-01 07:01 . 2012-06-15 01:57109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
- 2012-05-01 07:01 . 2012-05-01 07:01109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
+ 2011-01-14 11:10 . 2011-01-14 11:10155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL
+ 2011-01-14 11:10 . 2011-01-14 11:10140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL
+ 2009-07-14 02:36 . 2012-06-16 22:164851446 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-16 22:161538826 c:\windows\system64\perfc009.dat
+ 2011-01-07 19:02 . 2011-01-07 19:025523280 c:\windows\system64\mfc100u.dll
- 2010-03-18 16:36 . 2010-03-18 16:365493576 c:\windows\system64\mfc100.dll
+ 2011-01-07 19:02 . 2011-01-07 19:025493576 c:\windows\system64\mfc100.dll
+ 2009-07-14 02:36 . 2012-06-16 22:164851446 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-16 22:161538826 c:\windows\system32\perfc009.dat
+ 2011-01-07 19:02 . 2011-01-07 19:025523280 c:\windows\system32\mfc100u.dll
+ 2011-01-07 19:02 . 2011-01-07 19:025493576 c:\windows\system32\mfc100.dll
- 2010-03-18 16:36 . 2010-03-18 16:365493576 c:\windows\system32\mfc100.dll
+ 2009-07-14 04:45 . 2012-06-15 02:217226345 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-06-13 23:287226345 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-01-20 02:43 . 2012-06-16 22:112248084 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-342600129-2650440487-3029507804-1002-12288.dat
+ 2012-03-26 23:21 . 2012-03-26 23:217622656 c:\windows\Installer\f067b0.msi
+ 2011-01-08 00:05 . 2011-01-08 00:054583936 c:\windows\Installer\eabe6e.msp
+ 2011-01-15 13:46 . 2011-01-15 13:462049536 c:\windows\Installer\eabe57.msi
+ 2011-07-21 16:34 . 2011-07-21 16:343456000 c:\windows\Installer\43d15c.msp
+ 2011-01-14 11:10 . 2011-01-14 11:102395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL
+ 2011-01-14 11:10 . 2011-01-14 11:102180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL
+ 2011-01-14 11:10 . 2011-01-14 11:103443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL
+ 2011-06-30 09:03 . 2012-06-16 22:1115608172 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-342600129-2650440487-3029507804-1002-8192.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22176936----a-w-c:\program files (x86)\ConduitEngine\prxConduitEngin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-15 2369536]
"Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-03-17 5309056]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-16 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-16 136176]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\C3DB.tmp [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-15 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
AkamaiREG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-16 05:36]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-16 05:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15135408----a-w-c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-Locked - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Wow6432Node-HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
AddRemove-NCsoft-Aion - c:\program files (x86)\NCSoft\Launcher\NCLauncher.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\C3DB.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\DAODx.exe
.
**************************************************************************
.
Completion time: 2012-06-16 19:52:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-16 23:52
ComboFix2.txt 2012-06-14 20:47
ComboFix3.txt 2012-06-14 19:35
ComboFix4.txt 2012-06-14 03:31
.
Pre-Run: 886,003,773,440 bytes free
Post-Run: 885,917,589,504 bytes free
.
- - End Of File - - FBFDD37AFE363627BB4338789A3D9D52
 
How is redirection?

How come do you have two AV programs running now, Avast and MSE?
You must uninstall one of them.

Combofix log looks good.

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 6/16/2012 10:48:13 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Justin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 69.30% Memory free
7.99 Gb Paging File | 6.73 Gb Available in Paging File | 84.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 825.23 Gb Free Space | 88.60% Space Free | Partition Type: NTFS

Computer Name: JUSTIN-PC | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/16 21:40:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/07/22 02:57:30 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/06/24 02:19:50 | 000,109,056 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
PRC - [2010/04/26 22:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/03/16 21:22:40 | 005,309,056 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU\EPU.exe
PRC - [2009/10/26 16:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/10/26 16:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/03/30 02:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe


========== Modules (No Company Name) ==========

MOD - [2010/01/08 20:17:24 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\pngio.dll
MOD - [2010/01/08 20:17:24 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll
MOD - [2009/09/29 23:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009/06/27 13:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009/04/22 23:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsusService.dll
MOD - [2009/03/30 02:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/02/14 23:16:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/04/19 22:04:18 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/05/29 19:16:19 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012/05/09 19:36:28 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/07/22 02:57:30 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/01/19 01:40:00 | 004,225,592 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/06/24 02:19:50 | 000,109,056 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/26 16:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
DRV:64bit: - [2012/03/06 19:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/03/06 19:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/03/06 19:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/06 19:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/03/06 19:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/03/06 19:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/03 23:22:54 | 000,055,936 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2011/12/08 00:22:28 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/12/08 00:22:28 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/12/08 00:22:28 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/12/05 15:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/12 14:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\C3DB.tmp -- (MEMSWEEP2)
DRV:64bit: - [2011/04/19 22:44:48 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/19 21:22:32 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/04/26 21:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/26 21:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/03/02 07:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010/02/18 12:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/11 07:28:35 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/15 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/04 21:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/04 14:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {21A51130-7285-49FE-B3F6-2385CC71CDEA}
IE:64bit: - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {21A51130-7285-49FE-B3F6-2385CC71CDEA}
IE - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-342600129-2650440487-3029507804-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-342600129-2650440487-3029507804-1002\..\SearchScopes,DefaultScope = {65E8C3A6-53D0-47ba-9000-63E2077867BE}
IE - HKU\S-1-5-21-342600129-2650440487-3029507804-1002\..\SearchScopes\{54762E6D-7573-4bd0-9C31-2402712B01A1}: "URL" = http://www.google.com/cse?cx=partne...me?cx=partner-pub-3794288947762788:4067623346
IE - HKU\S-1-5-21-342600129-2650440487-3029507804-1002\..\SearchScopes\{65E8C3A6-53D0-47ba-9000-63E2077867BE}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM
IE - HKU\S-1-5-21-342600129-2650440487-3029507804-1002\..\SearchScopes\{703B5B95-CB18-414c-8F76-BF0FE9F328FA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH
IE - HKU\S-1-5-21-342600129-2650440487-3029507804-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-342600129-2650440487-3029507804-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Gmail = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/16 19:49:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-342600129-2650440487-3029507804-1002\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-342600129-2650440487-3029507804-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-342600129-2650440487-3029507804-1002\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-342600129-2650440487-3029507804-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A9E3075-1912-4E2B-B5F9-31FF1BCDDACB}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.bdmpeg - C:\Windows\SysWow64\bdmpega.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.mpeg - C:\Windows\SysWow64\bdmpegv.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/16 21:40:50 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe
[2012/06/16 19:52:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/16 19:49:46 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/06/16 19:34:46 | 004,559,503 | R--- | C] (Swearware) -- C:\Users\Justin\Desktop\ComboFix.exe
[2012/06/16 18:14:05 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\66027724.sys
[2012/06/16 18:10:44 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/16 18:08:57 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Justin\Desktop\TDSSKiller.exe
[2012/06/16 18:07:32 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/06/16 18:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/06/16 02:34:12 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Justin\Desktop\aswMBR.exe
[2012/06/16 01:38:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/06/16 01:36:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/06/16 01:36:08 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/06/16 01:36:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/06/16 01:36:07 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/06/16 01:36:01 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/06/16 01:36:00 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/06/16 01:35:58 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/06/16 01:35:54 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/06/16 01:35:54 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/06/16 01:35:30 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/06/16 01:35:29 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/06/16 01:35:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/06/16 01:35:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/06/16 01:27:09 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Justin\Desktop\boot_cleaner.exe
[2012/06/16 00:42:55 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Justin\Desktop\dds.scr
[2012/06/16 00:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/16 00:25:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/14 17:22:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012/06/14 17:11:52 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/06/14 17:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/06/13 22:32:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/13 22:32:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/13 22:32:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/13 22:31:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/06/13 22:07:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/09 10:04:43 | 000,000,000 | ---D | C] -- C:\temp
[2012/05/31 03:23:36 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Justin\Desktop\minecraft.exe
[2012/05/24 22:32:27 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\LolClient2
[2012/05/18 13:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/16 22:48:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/16 21:40:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe
[2012/06/16 21:39:03 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/16 20:47:10 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/16 20:47:10 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/16 20:44:34 | 004,888,592 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/16 20:44:34 | 001,551,384 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/16 20:44:34 | 000,006,402 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/16 20:40:15 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/16 20:39:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/16 20:39:52 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/16 19:49:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/16 19:34:44 | 004,559,503 | R--- | M] (Swearware) -- C:\Users\Justin\Desktop\ComboFix.exe
[2012/06/16 18:45:33 | 000,000,512 | ---- | M] () -- C:\Users\Justin\Desktop\MBR.dat
[2012/06/16 18:14:05 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\66027724.sys
[2012/06/16 02:34:34 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Justin\Desktop\aswMBR.exe
[2012/06/16 01:38:12 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/06/16 01:38:12 | 000,002,239 | ---- | M] () -- C:\Users\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/16 01:36:08 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/06/16 01:35:54 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/06/16 00:42:55 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Justin\Desktop\dds.scr
[2012/06/16 00:35:51 | 000,302,592 | ---- | M] () -- C:\Users\Justin\Desktop\t9sm08gw.exe
[2012/06/16 00:25:21 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/15 15:15:16 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Justin\Desktop\TDSSKiller.exe
[2012/06/14 21:57:28 | 000,006,368 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/14 17:11:52 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/06/13 19:25:53 | 000,413,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/01 00:01:16 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Justin\Desktop\minecraft.exe
[2012/05/18 14:31:58 | 000,000,024 | ---- | M] () -- C:\Users\Justin\random.dat
[2012/05/18 14:09:19 | 000,000,045 | ---- | M] () -- C:\Users\Justin\jagex_cl_runescape_LIVE.dat
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/16 18:45:33 | 000,000,512 | ---- | C] () -- C:\Users\Justin\Desktop\MBR.dat
[2012/06/16 01:38:12 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/06/16 01:38:12 | 000,002,239 | ---- | C] () -- C:\Users\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/16 01:36:20 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/16 01:36:18 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/16 01:36:08 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/06/16 01:35:54 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/06/16 00:35:51 | 000,302,592 | ---- | C] () -- C:\Users\Justin\Desktop\t9sm08gw.exe
[2012/06/16 00:25:21 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/13 22:32:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/13 22:32:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/13 22:32:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/13 22:32:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/13 22:32:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/30 16:03:29 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2012/02/19 03:29:45 | 000,007,605 | ---- | C] () -- C:\Users\Justin\AppData\Local\Resmon.ResmonCfg
[2012/02/14 23:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012/02/14 22:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 22:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/02 22:44:56 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2012/02/02 22:44:56 | 000,002,411 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/12/27 01:49:11 | 000,000,224 | -H-- | C] () -- C:\ProgramData\~5udwrCj7Ny6dnCr
[2011/12/27 01:49:10 | 000,000,312 | -H-- | C] () -- C:\ProgramData\~5udwrCj7Ny6dnC
[2011/12/27 01:49:07 | 000,000,456 | -H-- | C] () -- C:\ProgramData\5udwrCj7Ny6dnC
[2011/12/23 03:06:45 | 000,012,238 | -HS- | C] () -- C:\Users\Justin\AppData\Local\125513a6u583a638v131u6gte1t8
[2011/12/17 20:27:51 | 000,012,650 | -HS- | C] () -- C:\Users\Justin\AppData\Local\63770g56ne81shr88ulk37k8lq5j6
[2011/12/17 20:27:51 | 000,012,650 | -HS- | C] () -- C:\ProgramData\63770g56ne81shr88ulk37k8lq5j6
[2011/12/13 21:00:50 | 000,006,368 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/10/31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/10/31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/10/31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/10/09 00:27:52 | 000,000,272 | ---- | C] () -- C:\Windows\reimage.ini
[2011/10/08 19:10:25 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/08/30 13:40:49 | 000,000,032 | RH-- | C] () -- C:\ProgramData\hash.dat
[2011/07/22 02:57:32 | 000,281,656 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/07/22 02:57:30 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/06/18 04:08:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/06/18 04:04:15 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/06/18 04:04:15 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/06/18 04:00:53 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2011/06/18 04:00:30 | 000,043,709 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/06/18 03:59:57 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/06/18 03:59:53 | 000,030,223 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/03/17 13:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2011/12/27 03:52:31 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\.minecraft
[2012/02/10 02:28:40 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\AtomZombieData
[2012/02/10 21:07:08 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\BigHugeEngine
[2011/12/27 04:09:35 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\DAEMON Tools Pro
[2011/07/07 14:19:22 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\GetRightToGo
[2011/12/27 20:10:07 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\GlarySoft
[2011/12/27 03:43:35 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Kalypso Media
[2011/06/30 01:19:02 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\LolClient
[2012/05/24 22:32:27 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\LolClient2
[2011/09/16 15:37:46 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Mount&Blade Warband
[2012/05/29 17:09:14 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Natural Selection 2
[2012/02/06 19:30:18 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Samsung
[2012/03/05 02:43:02 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\UDP Software
[2012/04/16 19:15:23 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========
 
========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/06/16 19:52:47 | 000,038,809 | ---- | M] () -- C:\ComboFix.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012/06/16 20:39:52 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2005/09/23 00:39:38 | 000,894,976 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2012/06/16 20:39:57 | 4293,058,560 | -HS- | M] () -- C:\pagefile.sys
[2012/06/16 18:11:23 | 000,131,414 | ---- | M] () -- C:\TDSSKiller.2.7.40.0_16.06.2012_18.09.46_log.txt
[2012/06/16 18:14:11 | 000,003,642 | ---- | M] () -- C:\TDSSKiller.2.7.40.0_16.06.2012_18.14.05_log.txt
[2012/06/16 18:22:44 | 000,126,442 | ---- | M] () -- C:\TDSSKiller.2.7.40.0_16.06.2012_18.22.09_log.txt
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2012/03/06 19:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/04/17 04:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/03/29 12:47:10 | 000,000,221 | -HS- | M] () -- C:\Users\Justin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/06/16 02:34:34 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Justin\Desktop\aswMBR.exe
[2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Justin\Desktop\boot_cleaner.exe
[2012/06/16 19:34:44 | 004,559,503 | R--- | M] (Swearware) -- C:\Users\Justin\Desktop\ComboFix.exe
[2012/06/01 00:01:16 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Justin\Desktop\minecraft.exe
[2012/06/16 21:40:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe
[2011/01/25 01:48:50 | 001,400,832 | ---- | M] () -- C:\Users\Justin\Desktop\RelicAutoPatcher_1102_English.exe
[2012/06/16 00:35:51 | 000,302,592 | ---- | M] () -- C:\Users\Justin\Desktop\t9sm08gw.exe
[2012/06/15 15:15:16 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Justin\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/06/16 20:40:15 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/16 22:48:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/16 20:40:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/04/16 19:15:23 | 000,032,600 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2009/12/22 20:13:20 | 000,002,216 | ---- | M] () -- C:\Windows\AppPatch\Custom\{1745a178-4028-460a-902d-d37811a4fb1e}.sdb

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/02/15 09:27:33 | 000,000,402 | -HS- | M] () -- C:\Users\Justin\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >
[2011/12/23 07:58:24 | 000,143,360 | ---- | M] () -- C:\Windows\system32\system32\3DAudio.ax
[2011/12/23 07:58:24 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\system32\avrt.dll
[2011/12/23 07:58:24 | 000,974,848 | ---- | M] () -- C:\Windows\system32\system32\cis-2.4.dll
[2011/12/23 07:58:24 | 000,081,920 | ---- | M] () -- C:\Windows\system32\system32\issacapi_bs-2.3.dll
[2011/12/23 07:58:24 | 000,065,536 | ---- | M] () -- C:\Windows\system32\system32\issacapi_pe-2.3.dll
[2011/12/23 07:58:24 | 000,057,344 | ---- | M] () -- C:\Windows\system32\system32\issacapi_se-2.3.dll
[2011/12/23 07:58:24 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\system32\MACXMLProto.dll
[2011/12/23 07:58:24 | 000,118,784 | ---- | M] ((주)마크애니) -- C:\Windows\system32\system32\MaDRM.dll
[2011/12/23 07:58:24 | 000,049,152 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\system32\MaJGUILib.dll
[2011/12/23 07:58:24 | 000,040,960 | ---- | M] (마크애니연구소) -- C:\Windows\system32\system32\MAMACExtract.dll
[2011/12/23 07:58:24 | 000,024,576 | ---- | M] ((주)마크애니) -- C:\Windows\system32\system32\MASetupCleaner.exe
[2011/12/23 07:58:24 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\system32\MaXMLProto.dll
[2011/12/23 07:58:24 | 000,382,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\system32\mfplat.dll
[2011/12/23 07:58:24 | 000,057,344 | ---- | M] (Marktek) -- C:\Windows\system32\system32\MK_Lyric.dll
[2011/12/23 07:58:24 | 000,245,760 | ---- | M] (Teruten Inc.) -- C:\Windows\system32\system32\MSCLib.dll
[2011/12/23 07:58:24 | 000,155,648 | ---- | M] (Teruten Inc.) -- C:\Windows\system32\system32\MSFLib.dll
[2011/12/23 07:58:24 | 000,352,256 | ---- | M] (Sample Corporation) -- C:\Windows\system32\system32\MSLUR71.dll
[2011/12/23 07:58:24 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\system32\msvcp60.dll
[2011/12/23 07:58:24 | 000,040,960 | ---- | M] (Telechips Inc.,) -- C:\Windows\system32\system32\MTTELECHIP.dll
[2011/12/23 07:58:24 | 000,057,344 | ---- | M] (Marktek Inc.) -- C:\Windows\system32\system32\MTXSYNCICON.dll
[2011/12/23 07:58:24 | 000,135,168 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\system32\system32\muzaf1.dll
[2011/12/23 07:58:24 | 000,491,520 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\system32\system32\muzapp.dll
[2011/12/23 07:58:24 | 000,172,032 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\system32\system32\muzapp.exe
[2011/12/23 07:58:24 | 000,569,344 | ---- | M] ((c) MusicCity) -- C:\Windows\system32\system32\muzdecode.ax
[2011/12/23 07:58:24 | 000,122,880 | ---- | M] ((c) MUSICCITY) -- C:\Windows\system32\system32\muzeffect.ax
[2011/12/23 07:58:24 | 000,110,592 | ---- | M] ((c) MusicCity) -- C:\Windows\system32\system32\muzmp4sp.ax
[2011/12/23 07:58:24 | 000,131,072 | ---- | M] ((c) MusicCity) -- C:\Windows\system32\system32\muzmpgsp.ax
[2011/12/23 07:58:24 | 000,258,048 | ---- | M] ((c) PeeringPortal) -- C:\Windows\system32\system32\muzoggsp.ax
[2011/12/23 07:58:24 | 000,200,704 | ---- | M] ( (c) MusicCity) -- C:\Windows\system32\system32\muzwmts.dll
[2011/12/23 07:58:24 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\system32\psapi.dll

< %ALLUSERSPROFILE%\*.dat /x >
[2011/12/27 01:50:14 | 000,000,456 | -H-- | M] () -- C:\ProgramData\5udwrCj7Ny6dnC
[2011/12/17 21:20:54 | 000,012,650 | -HS- | M] () -- C:\ProgramData\63770g56ne81shr88ulk37k8lq5j6
[2011/12/27 01:49:11 | 000,000,312 | -H-- | M] () -- C:\ProgramData\~5udwrCj7Ny6dnC
[2011/12/27 01:49:11 | 000,000,224 | -H-- | M] () -- C:\ProgramData\~5udwrCj7Ny6dnCr

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

< End of report >
 
OTL Extras logfile created on: 6/16/2012 10:48:13 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Justin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 69.30% Memory free
7.99 Gb Paging File | 6.73 Gb Available in Paging File | 84.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 825.23 Gb Free Space | 88.60% Space Free | Partition Type: NTFS

Computer Name: JUSTIN-PC | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-342600129-2650440487-3029507804-1002\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01636542-244E-47B1-A354-12989A50A5B3}" = lport=445 | protocol=6 | dir=in | app=system |
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{07BB1D89-1614-47E0-9964-52410DE234D4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{08DC0219-F1E8-4F6F-BE9C-84D6FAC46B82}" = lport=139 | protocol=6 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4214C395-E5EF-40A9-AE4F-5D508478F036}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4EFC1B71-A67C-4DF7-A77D-DA7FAFFAC2BE}" = rport=139 | protocol=6 | dir=out | app=system |
"{5358F1C6-4384-449C-9756-04A13BD2B6A2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{54057BC9-A610-4E4D-A03E-278B6A026C32}" = rport=138 | protocol=17 | dir=out | app=system |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6054BC5F-EC48-4027-8676-B10E63451B1A}" = lport=137 | protocol=17 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6ED5B206-A50F-4508-9A7B-030CF9DEB7E2}" = rport=137 | protocol=17 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{72D0A752-9C7E-4236-8C73-6BD3B1BA0915}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{73488E70-7EE8-4F4E-B343-5EBB26237CC1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A7D39D3A-D358-4537-910D-E8B9BDAFED8F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B68B5F43-C8B1-44C0-A9D5-C06437776AFC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B92BB471-453D-4101-A322-84CF4A37E3C1}" = lport=138 | protocol=17 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C786BE67-CB9C-424A-B305-0D8C6F6A57FB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C82D830F-6889-483E-9BB8-57F2C59F17AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CA1C0C48-CBB0-4A61-A510-BB55AB9471F2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D00E53CC-1FBA-4124-A373-86ED61E16B87}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D434F153-98F3-43B2-B490-73E9AC0D0108}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D7B1846C-88A0-4041-A589-0E5045B8D4B4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EA91D41B-D053-4240-8149-E2B249A55257}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F4313E37-335B-4419-B9E3-14A4A47356BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F4CCB40C-3EEF-4C2B-829D-D9B176A9F8F2}" = rport=445 | protocol=6 | dir=out | app=system |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC284A92-C3A4-4C06-B149-09795096FEEE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0A24B5DB-30E3-4A22-9944-0DB8194914C2}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{15285B35-802C-4016-8190-E3EDC021B72F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\launchpad.exe |
"{1788C47E-C0E7-4638-BAA7-CF09684E55F0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{18C317E8-0D58-4647-ABBE-2EE230594ADA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1BD1BFF1-866D-479C-B628-B6A7DA4323FD}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{330701A3-A352-4BB1-89E3-731418CEF79F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{338E6B28-7D45-426E-8A75-A878756ECBA2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{33A18AF9-12A9-4E55-BDF9-86F5AA9E8452}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{368F4C44-E21C-49BF-AB44-5C7ACD02ABFA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{37310D53-6FDD-4DE3-A47D-0C7FF66EF1FC}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3F8CDD59-1DCA-4F28-9BEE-F2D6428142E2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{446A64D1-6C38-4397-B415-E02FF45D6C16}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{45DD60AD-420F-4F34-904D-5D9BDF7D3F14}" = protocol=6 | dir=in | app=c:\users\justin\appdata\local\akamai\netsession_win.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{49371394-59C8-4586-B8A2-E3DE064D87EF}" = protocol=17 | dir=in | app=c:\users\justin\appdata\local\akamai\netsession_win.exe |
"{49B8DF04-7171-4EB0-A1BA-5A9FE124F2DA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4A8F17B4-E574-48BF-82A0-855662FEAB0C}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{4C1E7D8B-E6CB-4AC9-BD80-81B6D0301560}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{53AD2BA8-A0BB-4BD7-9BE7-53C94A8019AA}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{59925F6E-CC5D-43DA-9B4D-13BB162B4684}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5F57464E-20FB-4050-94C3-297F41584D0C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{646E13DD-E0CA-4CEE-83F1-A5569460056F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6A08DD07-74D0-4681-A09C-A033720E5C3E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe |
"{702D8959-1637-4658-91D4-F73E7C44B0A4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{70E44D6C-9487-45EB-80CA-296B94D0B0A2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{7409B76B-D7FB-4562-BBA9-948632CE444E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\launchpad.exe |
"{74B22BF0-FABF-448C-9AA8-90D984F87ACA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{757AF372-81EB-4C6B-88D9-F9E917265258}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{7A9CFC43-B088-4A2D-86E3-D4EA225E9602}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{806F3C11-6F75-447F-9EA4-9859453637B9}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{842D10B7-56BC-4674-8C7B-D24A441EF214}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
"{859DFB5B-59C6-4326-8A24-9E998E493B2A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{878FA855-9F6C-4D4C-8E69-B131AD44D970}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8A24CA5E-3B10-449B-91D3-32416BD33E1A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8E360702-6B87-496D-BB4E-AE3604A6A3C2}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{908FF2B6-3B33-4FA5-B098-94FBE5A7CC06}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{967F32C9-97F6-47FF-A414-76A94F4CE9A2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{97AC42F2-6B20-476D-AB4C-EC0EDFEC51C1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9B7599FB-F4E0-448E-BEDF-704421D71263}" = protocol=6 | dir=out | app=system |
"{9BFEF536-108C-48C4-8026-DBBDEC0720D9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AC84C737-74F7-40A2-A95F-444F22E8D166}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ADEB51D0-037E-40C6-8587-FBE0CE89143D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AEE035CE-48E7-4BF7-AAB2-8D0C60E4A128}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BB738745-9D78-430A-9E62-5075B19D0B65}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{BCCF5811-A4DE-4A77-8080-3A273DADC11F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe |
"{BDC19092-E467-415F-8352-3A93A6BFDCDE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C24CAA7D-B0D2-4DF5-9794-B48DCE76FC19}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
"{C86BD42E-B5CE-44A9-93CD-81200AD0C5B0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C8F9AC86-5F73-4E0D-BE4A-5893C193507E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D71A1ABB-27E6-4741-A917-E51A8F6F9BD5}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{DA2A17CD-A07D-4B79-9298-B60A0F0D7073}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DB409C55-9F87-40AD-9F89-0E66BBE92147}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{DC4CBBE7-A0AB-4DC7-9AB4-82331F59A1B5}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{DD626133-CB28-44E1-9CEB-1D16CE79C460}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EF65F343-D43C-4301-9FA9-E978136B655F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F42D7B18-C06E-45A0-8C4C-50411AC90857}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F49EFBEC-39C8-4911-B840-F8889CDC9A86}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{F5D5F710-CCA1-489D-8632-8F261C115F57}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{F66FDC2A-2A8B-4B27-AA5F-55F18FF6CD20}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F76E161C-CC88-4EDA-9B43-B696314B7BF6}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FD0A5A4E-44D0-4E5C-AEC0-A9C08F0D595E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FEEBE73C-525D-4077-AC0C-E0156CC559BC}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{0366BE48-9D27-41A8-A514-F6FB3D69932A}C:\users\justin\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\justin\appdata\local\akamai\netsession_win.exe |
"TCP Query User{0E5F5EC7-BE73-4F2B-9B46-5429D649CD08}C:\kag\kag.exe" = protocol=6 | dir=in | app=c:\kag\kag.exe |
"TCP Query User{1FF3CA52-1ED9-497D-A343-CBB72F439C42}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"TCP Query User{A05E0D30-6898-484B-87AB-711E0F1DB24D}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{13BE7F32-D89A-4FD5-8C60-91E7831ADAB4}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{1C575370-CC05-481D-BF50-1207242AC350}C:\users\justin\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\justin\appdata\local\akamai\netsession_win.exe |
"UDP Query User{24135335-A016-4826-BCFA-BD81FBE05FAC}C:\kag\kag.exe" = protocol=17 | dir=in | app=c:\kag\kag.exe |
"UDP Query User{73B215E1-2A1C-4AFD-9540-0EF3A85DDF58}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C818871-6337-17AC-CA8C-A3942F15D92A}" = AMD Accelerated Video Transcoding
"{1745a178-4028-460a-902d-d37811a4fb1e}.sdb" = X-Com
"{353D1262-B2D2-AD87-EB5E-6B1395AF9FAE}" = AMD Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{54FFD5AC-7350-52B9-FB8F-1A8A6CF1FB5B}" = AMD Media Foundation Decoders
"{551F4187-F029-4240-DEF9-836B5E43CB29}" = AMD Fuel
"{5DF57DB1-D971-3DA3-B4BB-F6FC7D73A997}" = AMD Drag and Drop Transcoding
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D6DDB606-CD15-98C7-AA65-6B617EE8CDA5}" = ccc-utility64
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{030C0401-52A9-BE86-D8A7-52C0DA203275}" = CCC Help Swedish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{283153BB-CEE6-EE9C-81E8-4350D73354BA}" = CCC Help Turkish
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{355FBF6C-31EB-C660-F07A-1CC93975A5CA}" = HydraVision
"{39445575-7D3A-52AA-152B-7F9423D1AE69}" = CCC Help German
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3C9A3282-9DAE-F492-13F4-6D4D664AC15F}" = CCC Help Spanish
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{5236FA8C-4B70-E30E-93EF-F7D3A5E468C7}" = CCC Help Greek
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{586F0E27-0BC5-34DE-AA0B-96D14397910E}" = CCC Help Russian
"{5AF7EA0B-F009-CC00-E446-C2286AF80471}" = CCC Help Czech
"{5FC116F2-4508-A6FC-15FB-C64F05AB0F26}" = CCC Help Chinese Traditional
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{685ACA56-004C-4F80-2BC0-951BF278C03F}" = CCC Help Chinese Standard
"{6D1AFFC2-AC60-BC3B-2DC9-0D80A1E9CB16}" = CCC Help Thai
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79CFDE3C-4602-85B2-ACF6-83D897B8B33A}" = CCC Help Korean
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8972B1C8-B899-0AA0-8596-BFC9AE3311F1}" = CCC Help Finnish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92BE4E1B-AEFD-DA72-B805-948290A4BB13}" = CCC Help Hungarian
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9526B61A-1C35-96D1-531B-C8DB1D36C336}" = CCC Help Danish
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A295F81-04C8-FB18-2D1C-A33AA8A442CA}" = CCC Help French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B3C8C8EF-77E0-1C0D-1CFA-A39E2E898311}" = CCC Help Italian
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B5AD9952-F716-9862-7ED7-734E0328CF7C}" = AMD VISION Engine Control Center
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0E69600-E8D1-784D-829C-788D91D65051}" = CCC Help Polish
"{C37B1C57-DD9B-D1E0-B933-8EA8D56E2222}" = CCC Help Norwegian
"{CA3A3F20-566B-ABB1-A541-3D93C0D09EE5}" = CCC Help Japanese
"{D4C4485B-16EB-31A8-C2DE-D778E8E4628B}" = Catalyst Control Center Localization All
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility
"{DAF650C8-AFE5-3460-E1C4-B9716D2DA5D2}" = Catalyst Control Center InstallProxy
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E0C6F271-FE15-B2D5-FF42-BCA40700DC51}" = CCC Help English
"{E1D0A4DC-97BD-CE37-3E89-87D3337E55CA}" = CCC Help Dutch
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E6FA341F-8840-6B18-5BCE-C7CCEBDFE516}" = Catalyst Control Center Graphics Previews Common
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{ED15763E-A6ED-56D2-B0B5-C7D22D4CE248}" = CCC Help Portuguese
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface Service
"avast" = avast! Free Antivirus
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Company of Heroes" = Company of Heroes
"conduitEngine" = Conduit Engine
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"King Arthur's Gold (Alpha)_is1" = KAG 0.95A
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mount&Blade Warband" = Mount&Blade Warband
"StarCraft II" = StarCraft II
"Steam App 280" = Half-Life: Source
"Steam App 4920" = Natural Selection 2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-342600129-2650440487-3029507804-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/14/2012 1:08:51 PM | Computer Name = Justin-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/14/2012 1:13:11 PM | Computer Name = Justin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 6/14/2012 1:13:11 PM | Computer Name = Justin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 6/14/2012 3:18:26 PM | Computer Name = Justin-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/14/2012 3:20:54 PM | Computer Name = Justin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 6/14/2012 3:20:54 PM | Computer Name = Justin-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 6/14/2012 3:48:31 PM | Computer Name = Justin-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/14/2012 3:52:02 PM | Computer Name = Justin-PC | Source = VSS | ID = 18
Description =

Error - 6/14/2012 3:52:02 PM | Computer Name = Justin-PC | Source = VSS | ID = 8193
Description =

Error - 6/14/2012 3:52:02 PM | Computer Name = Justin-PC | Source = System Restore | ID = 8193
Description =

[ System Events ]
Error - 6/16/2012 7:47:00 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 6/16/2012 7:47:04 PM | Computer Name = Justin-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 6/16/2012 7:47:05 PM | Computer Name = Justin-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 6/16/2012 7:47:08 PM | Computer Name = Justin-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 6/16/2012 8:08:32 PM | Computer Name = Justin-PC | Source = DCOM | ID = 10010
Description =

Error - 6/16/2012 8:09:29 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 6/16/2012 8:33:56 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 6/16/2012 8:34:26 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 6/16/2012 8:39:58 PM | Computer Name = Justin-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:38:24 PM on ?6/?16/?2012 was unexpected.

Error - 6/16/2012 8:40:07 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL


< End of report >
 
You didn't say:
How is redirection?
p4494882.gif


=============================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
    DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
    IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.
    O2 - BHO: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    [2011/12/27 01:49:11 | 000,000,224 | -H-- | C] () -- C:\ProgramData\~5udwrCj7Ny6dnCr
    [2011/12/27 01:49:10 | 000,000,312 | -H-- | C] () -- C:\ProgramData\~5udwrCj7Ny6dnC
    [2011/12/27 01:49:07 | 000,000,456 | -H-- | C] () -- C:\ProgramData\5udwrCj7Ny6dnC
    [2011/12/23 03:06:45 | 000,012,238 | -HS- | C] () -- C:\Users\Justin\AppData\Local\125513a6u583a638v131u6gte1t8
    [2011/12/17 20:27:51 | 000,012,650 | -HS- | C] () -- C:\Users\Justin\AppData\Local\63770g56ne81shr88ulk37k8lq5j6
    [2011/12/17 20:27:51 | 000,012,650 | -HS- | C] () -- C:\ProgramData\63770g56ne81shr88ulk37k8lq5j6
    [C:\Windows\system64] -> \systemroot\system32 -> Mount Point
    
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
After doing searches for a bit, the redirect problem seems to have disappeared. I have not noticed any of the symptoms I first mentioned upon creation of this thread. I've followed the above steps as requested and the logs are as follows. (No log produced from eset). The only concern I have is what should I do with the MBR.dat folder you advised I did not delete from my desktop?

All processes killed
========== OTL ==========
Service SASKUTIL stopped successfully!
Service SASKUTIL deleted successfully!
File C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS not found.
Service SASDIFSV stopped successfully!
Service SASDIFSV deleted successfully!
File C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\ProgramData\~5udwrCj7Ny6dnCr moved successfully.
C:\ProgramData\~5udwrCj7Ny6dnC moved successfully.
C:\ProgramData\5udwrCj7Ny6dnC moved successfully.
C:\Users\Justin\AppData\Local\125513a6u583a638v131u6gte1t8 moved successfully.
C:\Users\Justin\AppData\Local\63770g56ne81shr88ulk37k8lq5j6 moved successfully.
C:\ProgramData\63770g56ne81shr88ulk37k8lq5j6 moved successfully.
Mount Point C:\Windows\system64 removed successfully!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Justin
->Temp folder emptied: 1739902 bytes
->Temporary Internet Files folder emptied: 378817 bytes
->Java cache emptied: 259599050 bytes
->Google Chrome cache emptied: 13312081 bytes
->Flash cache emptied: 8215621 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 24576 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7158 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36097156 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 305.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Justin
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Justin
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.49.0 log created on 06162012_231533

Files\Folders moved on Reboot...
C:\Users\Justin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...






Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Adobe Reader X (10.1.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````






Farbar Service Scanner Version: 09-06-2012
Ran by Justin (administrator) on 16-06-2012 at 23:24:47
Running from "C:\Users\Justin\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-13 11:32] - [2012-04-24 01:37] - 0184320 ____A (Microsoft Corporation) 4F5414602E2544A4554D95517948B705

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
I performed the eset scan as requested but no log was produced. I apologize if I did not mention it in my previous post.
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
Here is the log from step 1. (I decided to post it before finishing step 2 to avoid the chance of it being deleted.) And I will now be going over the rest of the steps.


All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Justin
->Temp folder emptied: 164776 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 10206802 bytes
->Flash cache emptied: 587 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 512 bytes

Total Files Cleaned = 10.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Justin
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Justin
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.49.0 log created on 06172012_005957

Files\Folders moved on Reboot...
C:\Users\Justin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
 
And as a followup to my previous post I have downloaded all suggested applications. After being used to having this virus for so long, I can say I am amazed just how fast searching on google is now, and just about everything else seems to be faster. The redirect problem seems to be completely gone, and I have yet to notice any of the pop-ups or "leave this page?" requests. I can say that I greatly appreciate the time you've spent helping me with my problem, and that you continue to have this same success with everyone else.

If possible, could I request this thread be left open for another day or two incase any questions or problems arise?
 
Back