Solved Svchost.exe Trojan

M

mGreen

Posts: 18   +0
Greetings.

I have been having some recent problems with my computer lately, and avast! is sending out all these alerts stating that there is a threat detected/trojan horse blocked/malicious url blocked, so on and so forth.

I have done a MalwareBytes scan, and it has detected that svchost.exe is the Trojan at work. I will provide a log of the mbam log that was completed roughly 20 minutes ago.

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.12.01

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Mike :: MIKE-PC [administrator]

Protection: Enabled

8/12/2012 9:17:19 AM
mbam-log-2012-08-12 (09-46-09).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 290235
Time elapsed: 21 minute(s), 48 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 3452 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)
I have some computer experience, and I have gone to the last resort of backing up uninfected personal files to an external storage, and wiping the hard drive and formatting it. After the format and reinstall of anti virus programs and such, it is still showing that the trojan is there.
If you require additional logs from Avast! or from another source, please let me know.
 
I have forgotten the gmer log and and the DDS logs, I will list them in order below.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-12 10:23:01
Windows 6.1.7600
Running: 4x4mq1zr.exe


---- Files - GMER 1.0.15 ----

File C:\Windows\Temp\TMP0000001851B87BA4BCABEB66 524288 bytes

---- EOF - GMER 1.0.15 ----

DDS.txt
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Mike at 10:23:58 on 2012-08-12
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6143.4301 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=userinit.exe,
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{25679FFA-D803-444A-BB00-D39C9704C05B} : DhcpNameServer = 192.168.1.1 71.243.0.12
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Support.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: Support.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-8-12 44808]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-12 655944]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-12 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-12 250056]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-12 136176]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-12 13:52:0020480----a-w-C:\Windows\svchost.exe
2012-08-12 13:17:08--------d-----w-C:\Users\Mike\AppData\Roaming\Malwarebytes
2012-08-12 13:16:28--------d-----w-C:\Users\Mike\AppData\Local\Google
2012-08-12 06:20:05--------d-----w-C:\Windows\Panther
2012-08-12 05:18:59--------d-----w-C:\ProgramData\Malwarebytes
2012-08-12 05:18:5824904----a-w-C:\Windows\System32\drivers\mbam.sys
2012-08-12 05:18:58--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-12 04:44:2470344----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-12 04:44:24426184----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-12 04:26:36--------d-----w-C:\Program Files (x86)\Ask.com
2012-08-12 04:26:36--------d-----w-C:\Program Files (x86)\ARO 2012
2012-08-12 04:25:4954072----a-w-C:\Windows\System32\drivers\aswRdr2.sys
2012-08-12 04:25:47958400----a-w-C:\Windows\System32\drivers\aswSnx.sys
2012-08-12 04:25:4571064----a-w-C:\Windows\System32\drivers\aswMonFlt.sys
2012-08-12 04:11:26230400----a-w-C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2012-08-12 04:05:21--------d-----w-C:\Windows\SysWow64\Wat
2012-08-12 04:05:21--------d-----w-C:\Windows\System32\Wat
2012-08-12 03:58:47--------d-----w-C:\ProgramData\NVIDIA Corporation
2012-08-12 03:58:45--------d-----w-C:\Program Files\NVIDIA Corporation
2012-08-12 03:58:45--------d-----w-C:\Program Files (x86)\NVIDIA Corporation
2012-08-12 03:57:49367104----a-w-C:\Windows\System32\wcncsvc.dll
2012-08-12 03:57:49276992----a-w-C:\Windows\SysWow64\wcncsvc.dll
2012-08-12 03:54:253147264----a-w-C:\Windows\System32\win32k.sys
2012-08-12 03:11:11--------d-sh--w-C:\Windows\Installer
2012-08-12 03:11:0141224----a-w-C:\Windows\avastSS.scr
2012-08-12 03:10:49--------d-----w-C:\ProgramData\AVAST Software
2012-08-12 03:10:49--------d-----w-C:\Program Files\AVAST Software
2012-08-12 03:08:34311808----a-w-C:\Windows\System32\msv1_0.dll
2012-08-12 03:08:34257024----a-w-C:\Windows\SysWow64\msv1_0.dll
2012-08-12 02:59:4114336----a-w-C:\Windows\System32\drivers\sffp_sd.sys
2012-08-12 02:55:5199176----a-w-C:\Windows\SysWow64\PresentationHostProxy.dll
2012-08-12 02:55:5149472----a-w-C:\Windows\SysWow64\netfxperf.dll
2012-08-12 02:55:5148960----a-w-C:\Windows\System32\netfxperf.dll
2012-08-12 02:55:51444752----a-w-C:\Windows\System32\mscoree.dll
2012-08-12 02:55:51320352----a-w-C:\Windows\System32\PresentationHost.exe
2012-08-12 02:55:51297808----a-w-C:\Windows\SysWow64\mscoree.dll
2012-08-12 02:55:51295264----a-w-C:\Windows\SysWow64\PresentationHost.exe
2012-08-12 02:55:511942856----a-w-C:\Windows\System32\dfshim.dll
2012-08-12 02:55:511130824----a-w-C:\Windows\SysWow64\dfshim.dll
2012-08-12 02:55:51109912----a-w-C:\Windows\System32\PresentationHostProxy.dll
2012-08-12 02:46:2980896----a-w-C:\Windows\System32\imagehlp.dll
2012-08-12 02:46:295120----a-w-C:\Windows\SysWow64\wmi.dll
2012-08-12 02:46:295120----a-w-C:\Windows\System32\wmi.dll
2012-08-12 02:46:2922896----a-w-C:\Windows\System32\drivers\fs_rec.sys
2012-08-12 02:46:29220672----a-w-C:\Windows\System32\wintrust.dll
2012-08-12 02:46:29172544----a-w-C:\Windows\SysWow64\wintrust.dll
2012-08-12 02:46:29158720----a-w-C:\Windows\SysWow64\imagehlp.dll
2012-08-12 02:44:41243712----a-w-C:\Windows\System32\drivers\ks.sys
2012-08-12 02:44:41184832----a-w-C:\Windows\System32\drivers\usbvideo.sys
2012-08-12 02:41:59182272----a-w-C:\Windows\System32\cryptsvc.dll
2012-08-12 02:40:34139264----a-w-C:\Windows\System32\cabview.dll
2012-08-12 02:40:34132608----a-w-C:\Windows\SysWow64\cabview.dll
2012-08-12 02:33:079728----a-w-C:\Windows\SysWow64\sscore.dll
2012-08-12 02:33:0777312----a-w-C:\Windows\System32\packager.dll
2012-08-12 02:33:0767072----a-w-C:\Windows\SysWow64\packager.dll
2012-08-12 02:33:07236032----a-w-C:\Windows\System32\srvsvc.dll
2012-08-12 02:32:58826368----a-w-C:\Windows\SysWow64\rdpcore.dll
2012-08-12 02:32:5823552----a-w-C:\Windows\System32\drivers\tdtcp.sys
2012-08-12 02:32:581031680----a-w-C:\Windows\System32\rdpcore.dll
2012-08-12 02:30:45--------d-----w-C:\Users\Mike\AppData\Local\Microsoft Games
2012-08-12 02:29:012622464----a-w-C:\Windows\System32\wucltux.dll
2012-08-12 02:28:5699840----a-w-C:\Windows\System32\wudriver.dll
2012-08-12 02:28:0736864----a-w-C:\Windows\System32\wuapp.exe
2012-08-12 02:28:07186752----a-w-C:\Windows\System32\wuwebv.dll
.
==================== Find3M ====================
.
2012-06-06 05:50:502003968----a-w-C:\Windows\System32\msxml6.dll
2012-06-06 05:50:501880064----a-w-C:\Windows\System32\msxml3.dll
2012-06-06 05:09:461389568----a-w-C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:09:461236992----a-w-C:\Windows\SysWow64\msxml3.dll
2012-06-02 05:38:2695088----a-w-C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24152432----a-w-C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45459216----a-w-C:\Windows\System32\drivers\cng.sys
2012-06-02 05:27:02340992----a-w-C:\Windows\System32\schannel.dll
2012-06-02 05:27:00307200----a-w-C:\Windows\System32\ncrypt.dll
2012-06-02 04:48:3922016----a-w-C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35225280----a-w-C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31219136----a-w-C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:5196768----a-w-C:\Windows\SysWow64\sspicli.dll
2012-05-31 16:25:12279656------w-C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 10:24:25.40 ===============
Attach.txt
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/11/2012 10:27:42 PM
System Uptime: 8/12/2012 10:04:43 AM (0 hours ago)
.
Motherboard: ASRock | | 880GXH/USB3
Processor: AMD Phenom(tm) II X2 555 Processor | CPUSocket | 3200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 902.174 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1B73&DEV_1000&SUBSYS_10001D5C&REV_01\4&18F1871F&0&0030
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1B73&DEV_1000&SUBSYS_10001D5C&REV_01\4&18F1871F&0&0030
Service:
.
==== System Restore Points ===================
.
RP1: 8/11/2012 10:27:53 PM - Windows Update
RP2: 8/11/2012 10:42:58 PM - Windows Update
RP3: 8/11/2012 10:44:05 PM - Windows Update
RP4: 8/12/2012 12:24:35 AM - avast! Free Antivirus Setup
RP5: 8/12/2012 12:26:29 AM - ARO 2012 - Before Installation
RP6: 8/12/2012 12:26:57 AM - ARO 2012 - FIRST RUN
RP7: 8/12/2012 12:33:33 AM - ARO 2012 Sun, Aug 12, 12 00:33
RP8: 8/12/2012 1:25:15 AM - ARO 2012- Before One Click
RP9: 8/12/2012 2:10:14 AM - Windows Update
RP10: 8/12/2012 9:34:25 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Ask Toolbar
avast! Free Antivirus
Google Chrome
Google Update Helper
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Support.com Toolbar Updater
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
.
==== Event Viewer Messages From Past Week ========
.
8/12/2012 9:55:22 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer JUDY-HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{25679FFA-D803-444A-BB00-D39C9704C05B}. The master browser is stopping or an election is being forced.
8/12/2012 12:10:18 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2703157).
8/12/2012 12:10:18 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845).
8/12/2012 12:10:18 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2544521).
8/12/2012 12:07:58 AM, Error: Service Control Manager [7023] -
8/12/2012 12:06:08 AM, Error: Service Control Manager [7034] - The UMVPFSrv service terminated unexpectedly. It has done this 1 time(s).
8/12/2012 10:05:22 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002fb1fea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081212-36828-01.
8/11/2012 10:59:15 PM, Error: Service Control Manager [7000] - The Infrared monitor service service failed to start due to the following error: A required privilege is not held by the client.
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Hello Broni, thank you for taking the time to respond. I have the scan from TDSSKiller completed, and the log is ready.
 
Please observe forum rules:
All required logs have to be PASTED. Attached logs will NOT be reviewed.

If a log or logs exceed the limit for one reply, you may use more than one reply. The above rule will be strictly enforced.
Click to expand...
 
12:07:43.0298 2008TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
12:07:43.0695 2008============================================================
12:07:43.0695 2008Current date / time: 2012/08/12 12:07:43.0695
12:07:43.0695 2008SystemInfo:
12:07:43.0695 2008
12:07:43.0695 2008OS Version: 6.1.7600 ServicePack: 0.0
12:07:43.0695 2008Product type: Workstation
12:07:43.0695 2008ComputerName: MIKE-PC
12:07:43.0696 2008UserName: Mike
12:07:43.0696 2008Windows directory: C:\Windows
12:07:43.0696 2008System windows directory: C:\Windows
12:07:43.0696 2008Running under WOW64
12:07:43.0696 2008Processor architecture: Intel x64
12:07:43.0696 2008Number of processors: 2
12:07:43.0696 2008Page size: 0x1000
12:07:43.0696 2008Boot type: Normal boot
12:07:43.0696 2008============================================================
12:07:44.0522 2008Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:07:44.0549 2008============================================================
12:07:44.0549 2008\Device\Harddisk0\DR0:
12:07:44.0549 2008MBR partitions:
12:07:44.0549 2008\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:07:44.0549 2008\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
12:07:44.0549 2008============================================================
12:07:44.0586 2008C: <-> \Device\Harddisk0\DR0\Partition1
12:07:44.0586 2008============================================================
12:07:44.0586 2008Initialize success
12:07:44.0586 2008============================================================
12:08:16.0367 3600============================================================
12:08:16.0368 3600Scan started
12:08:16.0368 3600Mode: Manual;
12:08:16.0368 3600============================================================
12:08:16.0820 36001394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
12:08:16.0826 36001394ohci - ok
12:08:16.0848 3600ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
12:08:16.0852 3600ACPI - ok
12:08:16.0864 3600AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
12:08:16.0865 3600AcpiPmi - ok
12:08:17.0041 3600AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:08:17.0046 3600AdobeFlashPlayerUpdateSvc - ok
12:08:17.0088 3600adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:08:17.0099 3600adp94xx - ok
12:08:17.0113 3600adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:08:17.0117 3600adpahci - ok
12:08:17.0133 3600adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:08:17.0136 3600adpu320 - ok
12:08:17.0156 3600AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:08:17.0158 3600AeLookupSvc - ok
12:08:17.0204 3600AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
12:08:17.0219 3600AFD - ok
12:08:17.0234 3600agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
12:08:17.0236 3600agp440 - ok
12:08:17.0250 3600ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:08:17.0251 3600ALG - ok
12:08:17.0260 3600aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
12:08:17.0261 3600aliide - ok
12:08:17.0264 3600amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
12:08:17.0265 3600amdide - ok
12:08:17.0270 3600AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:08:17.0272 3600AmdK8 - ok
12:08:17.0276 3600AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:08:17.0277 3600AmdPPM - ok
12:08:17.0296 3600amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
12:08:17.0298 3600amdsata - ok
12:08:17.0308 3600amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:08:17.0311 3600amdsbs - ok
12:08:17.0315 3600amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
12:08:17.0316 3600amdxata - ok
12:08:17.0331 3600AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
12:08:17.0332 3600AppID - ok
12:08:17.0342 3600AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:08:17.0343 3600AppIDSvc - ok
12:08:17.0353 3600Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
12:08:17.0354 3600Appinfo - ok
12:08:17.0361 3600arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:08:17.0363 3600arc - ok
12:08:17.0380 3600arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:08:17.0382 3600arcsas - ok
12:08:17.0399 3600aswFsBlk (df59b8e8df0bd2e0e303778a3806a17d) C:\Windows\system32\drivers\aswFsBlk.sys
12:08:17.0400 3600aswFsBlk - ok
12:08:17.0423 3600aswMonFlt (f8e6ab4f876feff69250f2e0c29ef004) C:\Windows\system32\drivers\aswMonFlt.sys
12:08:17.0424 3600aswMonFlt - ok
12:08:17.0434 3600aswRdr (aa92bc4bcba40ca3aa3ffd1be24f0c09) C:\Windows\System32\Drivers\aswrdr2.sys
12:08:17.0435 3600aswRdr - ok
12:08:17.0480 3600aswSnx (f06e230e1e8ca9437a6474b7b551cd37) C:\Windows\system32\drivers\aswSnx.sys
12:08:17.0485 3600aswSnx - ok
12:08:17.0506 3600aswSP (3610ca74a69e380424f0452dec5c1317) C:\Windows\system32\drivers\aswSP.sys
12:08:17.0508 3600aswSP - ok
12:08:17.0522 3600aswTdi (87de3e31cb0091d22351349869324065) C:\Windows\system32\drivers\aswTdi.sys
12:08:17.0523 3600aswTdi - ok
12:08:17.0526 3600AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:08:17.0527 3600AsyncMac - ok
12:08:17.0529 3600atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
12:08:17.0530 3600atapi - ok
12:08:17.0562 3600AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
12:08:17.0575 3600AudioEndpointBuilder - ok
12:08:17.0580 3600AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
12:08:17.0583 3600AudioSrv - ok
12:08:17.0684 3600avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:08:17.0686 3600avast! Antivirus - ok
12:08:17.0720 3600AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
12:08:17.0724 3600AxInstSV - ok
12:08:17.0761 3600b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:08:17.0771 3600b06bdrv - ok
12:08:17.0784 3600b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:08:17.0787 3600b57nd60a - ok
12:08:17.0805 3600BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:08:17.0807 3600BDESVC - ok
12:08:17.0830 3600Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:08:17.0831 3600Beep - ok
12:08:17.0873 3600BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
12:08:17.0880 3600BFE - ok
12:08:17.0927 3600BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
12:08:17.0946 3600BITS - ok
12:08:18.0023 3600blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:08:18.0025 3600blbdrive - ok
12:08:18.0051 3600bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
12:08:18.0053 3600bowser - ok
12:08:18.0056 3600BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:08:18.0057 3600BrFiltLo - ok
12:08:18.0067 3600BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:08:18.0068 3600BrFiltUp - ok
12:08:18.0081 3600Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
12:08:18.0083 3600Browser - ok
12:08:18.0102 3600Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:08:18.0106 3600Brserid - ok
12:08:18.0112 3600BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:08:18.0113 3600BrSerWdm - ok
12:08:18.0117 3600BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:08:18.0118 3600BrUsbMdm - ok
12:08:18.0121 3600BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:08:18.0122 3600BrUsbSer - ok
12:08:18.0126 3600BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:08:18.0127 3600BTHMODEM - ok
12:08:18.0135 3600bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:08:18.0137 3600bthserv - ok
12:08:18.0142 3600cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:08:18.0143 3600cdfs - ok
12:08:18.0149 3600cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
12:08:18.0151 3600cdrom - ok
12:08:18.0163 3600CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
12:08:18.0164 3600CertPropSvc - ok
12:08:18.0166 3600circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:08:18.0167 3600circlass - ok
12:08:18.0190 3600CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:08:18.0193 3600CLFS - ok
12:08:18.0282 3600clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:08:18.0286 3600clr_optimization_v2.0.50727_32 - ok
12:08:18.0367 3600clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:08:18.0371 3600clr_optimization_v2.0.50727_64 - ok
12:08:18.0514 3600clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:08:18.0519 3600clr_optimization_v4.0.30319_32 - ok
12:08:18.0622 3600clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:08:18.0625 3600clr_optimization_v4.0.30319_64 - ok
12:08:18.0635 3600CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:08:18.0637 3600CmBatt - ok
12:08:18.0644 3600cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
12:08:18.0647 3600cmdide - ok
12:08:18.0686 3600CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
12:08:18.0692 3600CNG - ok
12:08:18.0695 3600Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:08:18.0696 3600Compbatt - ok
12:08:18.0701 3600CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:08:18.0702 3600CompositeBus - ok
12:08:18.0714 3600COMSysApp - ok
12:08:18.0728 3600crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:08:18.0729 3600crcdisk - ok
12:08:18.0760 3600CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
12:08:18.0763 3600CryptSvc - ok
12:08:18.0797 3600DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
12:08:18.0805 3600DcomLaunch - ok
12:08:18.0825 3600defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:08:18.0830 3600defragsvc - ok
12:08:18.0854 3600DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
12:08:18.0856 3600DfsC - ok
12:08:18.0880 3600Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
12:08:18.0884 3600Dhcp - ok
12:08:18.0889 3600discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:08:18.0890 3600discache - ok
12:08:18.0895 3600Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:08:18.0897 3600Disk - ok
12:08:18.0915 3600Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
12:08:18.0917 3600Dnscache - ok
12:08:18.0937 3600dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
12:08:18.0941 3600dot3svc - ok
12:08:18.0950 3600DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
12:08:18.0954 3600DPS - ok
12:08:18.0977 3600drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:08:18.0978 3600drmkaud - ok
12:08:19.0028 3600DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
12:08:19.0034 3600DXGKrnl - ok
12:08:19.0054 3600EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:08:19.0056 3600EapHost - ok
12:08:19.0182 3600ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:08:19.0229 3600ebdrv - ok
12:08:19.0413 3600EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
12:08:19.0418 3600EFS - ok
12:08:19.0507 3600ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
12:08:19.0526 3600ehRecvr - ok
12:08:19.0553 3600ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:08:19.0557 3600ehSched - ok
12:08:19.0667 3600elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:08:19.0691 3600elxstor - ok
12:08:19.0698 3600ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
12:08:19.0699 3600ErrDev - ok
12:08:19.0725 3600EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:08:19.0728 3600EventSystem - ok
12:08:19.0749 3600exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:08:19.0751 3600exfat - ok
12:08:19.0760 3600fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:08:19.0763 3600fastfat - ok
12:08:19.0799 3600Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
12:08:19.0805 3600Fax - ok
12:08:19.0809 3600fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:08:19.0810 3600fdc - ok
12:08:19.0822 3600fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:08:19.0823 3600fdPHost - ok
12:08:19.0827 3600FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:08:19.0829 3600FDResPub - ok
12:08:19.0833 3600FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:08:19.0834 3600FileInfo - ok
12:08:19.0838 3600Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:08:19.0839 3600Filetrace - ok
12:08:19.0843 3600flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:08:19.0844 3600flpydisk - ok
12:08:19.0856 3600FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
12:08:19.0859 3600FltMgr - ok
12:08:19.0922 3600FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
12:08:19.0935 3600FontCache - ok
12:08:19.0972 3600FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:08:19.0975 3600FontCache3.0.0.0 - ok
12:08:19.0987 3600FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:08:19.0991 3600FsDepends - ok
12:08:20.0011 3600Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
12:08:20.0012 3600Fs_Rec - ok
12:08:20.0040 3600fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:08:20.0042 3600fvevol - ok
12:08:20.0058 3600gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:08:20.0059 3600gagp30kx - ok
12:08:20.0104 3600gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
12:08:20.0114 3600gpsvc - ok
12:08:20.0168 3600gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:08:20.0172 3600gupdate - ok
12:08:20.0180 3600gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:08:20.0183 3600gupdatem - ok
12:08:20.0203 3600hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:08:20.0206 3600hcw85cir - ok
12:08:20.0243 3600HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
12:08:20.0247 3600HdAudAddService - ok
12:08:20.0254 3600HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:08:20.0255 3600HDAudBus - ok
12:08:20.0259 3600HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:08:20.0260 3600HidBatt - ok
12:08:20.0266 3600HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:08:20.0268 3600HidBth - ok
12:08:20.0277 3600HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:08:20.0279 3600HidIr - ok
12:08:20.0286 3600hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
12:08:20.0288 3600hidserv - ok
12:08:20.0299 3600HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
12:08:20.0300 3600HidUsb - ok
12:08:20.0330 3600hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
12:08:20.0333 3600hkmsvc - ok
12:08:20.0353 3600HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
12:08:20.0358 3600HomeGroupListener - ok
12:08:20.0372 3600HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
12:08:20.0375 3600HomeGroupProvider - ok
12:08:20.0382 3600HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
12:08:20.0383 3600HpSAMD - ok
12:08:20.0416 3600HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
12:08:20.0427 3600HTTP - ok
12:08:20.0430 3600hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
12:08:20.0430 3600hwpolicy - ok
12:08:20.0436 3600i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:08:20.0437 3600i8042prt - ok
 
12:08:20.0473 3600iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
12:08:20.0486 3600iaStorV - ok
12:08:20.0541 3600idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:08:20.0554 3600idsvc - ok
12:08:20.0561 3600iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:08:20.0563 3600iirsp - ok
12:08:20.0599 3600IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
12:08:20.0610 3600IKEEXT - ok
12:08:20.0615 3600intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
12:08:20.0616 3600intelide - ok
12:08:20.0623 3600intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:08:20.0624 3600intelppm - ok
12:08:20.0631 3600IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:08:20.0633 3600IPBusEnum - ok
12:08:20.0638 3600IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:08:20.0639 3600IpFilterDriver - ok
12:08:20.0667 3600iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
12:08:20.0673 3600iphlpsvc - ok
12:08:20.0678 3600IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:08:20.0679 3600IPMIDRV - ok
12:08:20.0685 3600IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:08:20.0687 3600IPNAT - ok
12:08:20.0706 3600irda (05360b1ea5a2abf620d1d96ebd8bd8f1) C:\Windows\system32\DRIVERS\irda.sys
12:08:20.0708 3600irda - ok
12:08:20.0709 3600IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:08:20.0710 3600IRENUM - ok
12:08:20.0732 3600Irmon (3848384ab383f0a8f506c4370635c1f9) C:\Windows\System32\irmon.dll
12:08:20.0733 3600Irmon - ok
12:08:20.0788 3600irsir (d2ca12736624ba636f8357dc3ef0757e) C:\Windows\system32\DRIVERS\irsir.sys
12:08:20.0820 3600irsir - ok
12:08:20.0869 3600isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
12:08:20.0881 3600isapnp - ok
12:08:20.0905 3600iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
12:08:20.0912 3600iScsiPrt - ok
12:08:20.0925 3600kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:08:20.0927 3600kbdclass - ok
12:08:20.0935 3600kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
12:08:20.0937 3600kbdhid - ok
12:08:20.0955 3600KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
12:08:20.0958 3600KeyIso - ok
12:08:20.0966 3600KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
12:08:20.0967 3600KSecDD - ok
12:08:20.0979 3600KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
12:08:20.0981 3600KSecPkg - ok
12:08:20.0985 3600ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:08:20.0986 3600ksthunk - ok
12:08:21.0008 3600KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:08:21.0014 3600KtmRm - ok
12:08:21.0047 3600LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
12:08:21.0066 3600LanmanServer - ok
12:08:21.0097 3600LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
12:08:21.0109 3600LanmanWorkstation - ok
12:08:21.0131 3600lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:08:21.0134 3600lltdio - ok
12:08:21.0149 3600lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:08:21.0154 3600lltdsvc - ok
12:08:21.0159 3600lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:08:21.0161 3600lmhosts - ok
12:08:21.0168 3600LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:08:21.0170 3600LSI_FC - ok
12:08:21.0175 3600LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:08:21.0177 3600LSI_SAS - ok
12:08:21.0181 3600LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:08:21.0182 3600LSI_SAS2 - ok
12:08:21.0188 3600LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:08:21.0189 3600LSI_SCSI - ok
12:08:21.0195 3600luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:08:21.0197 3600luafv - ok
12:08:21.0242 3600LVRS64 (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
12:08:21.0248 3600LVRS64 - ok
12:08:21.0498 3600LVUVC64 (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
12:08:21.0518 3600LVUVC64 - ok
12:08:21.0787 3600MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
12:08:21.0790 3600MBAMProtector - ok
12:08:21.0870 3600MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:08:21.0880 3600MBAMService - ok
12:08:21.0914 3600Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
12:08:21.0917 3600Mcx2Svc - ok
12:08:21.0925 3600megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:08:21.0929 3600megasas - ok
12:08:21.0957 3600MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:08:21.0960 3600MegaSR - ok
12:08:21.0974 3600MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:08:21.0977 3600MMCSS - ok
12:08:21.0982 3600Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:08:21.0983 3600Modem - ok
12:08:22.0001 3600monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:08:22.0001 3600monitor - ok
12:08:22.0006 3600mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:08:22.0007 3600mouclass - ok
12:08:22.0010 3600mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:08:22.0011 3600mouhid - ok
12:08:22.0018 3600mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
12:08:22.0020 3600mountmgr - ok
12:08:22.0028 3600mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
12:08:22.0030 3600mpio - ok
12:08:22.0036 3600mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:08:22.0037 3600mpsdrv - ok
12:08:22.0079 3600MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
12:08:22.0090 3600MpsSvc - ok
12:08:22.0105 3600MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
12:08:22.0106 3600MRxDAV - ok
12:08:22.0125 3600mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:08:22.0127 3600mrxsmb - ok
12:08:22.0150 3600mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:08:22.0153 3600mrxsmb10 - ok
12:08:22.0170 3600mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:08:22.0171 3600mrxsmb20 - ok
12:08:22.0175 3600msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
12:08:22.0176 3600msahci - ok
12:08:22.0182 3600msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
12:08:22.0184 3600msdsm - ok
12:08:22.0197 3600MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:08:22.0200 3600MSDTC - ok
12:08:22.0216 3600Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:08:22.0217 3600Msfs - ok
12:08:22.0219 3600mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:08:22.0220 3600mshidkmdf - ok
12:08:22.0223 3600msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
12:08:22.0223 3600msisadrv - ok
12:08:22.0239 3600MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:08:22.0241 3600MSiSCSI - ok
12:08:22.0243 3600msiserver - ok
12:08:22.0255 3600MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:08:22.0256 3600MSKSSRV - ok
12:08:22.0258 3600MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:08:22.0259 3600MSPCLOCK - ok
12:08:22.0262 3600MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:08:22.0263 3600MSPQM - ok
12:08:22.0277 3600MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
12:08:22.0281 3600MsRPC - ok
12:08:22.0285 3600mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:08:22.0286 3600mssmbios - ok
12:08:22.0289 3600MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:08:22.0289 3600MSTEE - ok
12:08:22.0291 3600MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:08:22.0292 3600MTConfig - ok
12:08:22.0302 3600Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:08:22.0303 3600Mup - ok
12:08:22.0330 3600napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
12:08:22.0340 3600napagent - ok
12:08:22.0364 3600NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:08:22.0367 3600NativeWifiP - ok
12:08:22.0414 3600NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
12:08:22.0422 3600NDIS - ok
12:08:22.0426 3600NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:08:22.0427 3600NdisCap - ok
12:08:22.0437 3600NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:08:22.0437 3600NdisTapi - ok
12:08:22.0442 3600Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
12:08:22.0443 3600Ndisuio - ok
12:08:22.0450 3600NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:08:22.0452 3600NdisWan - ok
12:08:22.0455 3600NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
12:08:22.0457 3600NDProxy - ok
12:08:22.0459 3600NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:08:22.0460 3600NetBIOS - ok
12:08:22.0470 3600NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
12:08:22.0473 3600NetBT - ok
12:08:22.0487 3600Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
12:08:22.0489 3600Netlogon - ok
12:08:22.0515 3600Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:08:22.0520 3600Netman - ok
12:08:22.0537 3600netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:08:22.0540 3600netprofm - ok
12:08:22.0607 3600NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:08:22.0611 3600NetTcpPortSharing - ok
12:08:22.0621 3600nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:08:22.0624 3600nfrd960 - ok
12:08:22.0654 3600NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
12:08:22.0659 3600NlaSvc - ok
12:08:22.0664 3600Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:08:22.0665 3600Npfs - ok
12:08:22.0676 3600nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:08:22.0679 3600nsi - ok
12:08:22.0682 3600nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:08:22.0683 3600nsiproxy - ok
12:08:22.0763 3600Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
12:08:22.0789 3600Ntfs - ok
12:08:23.0029 3600Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:08:23.0032 3600Null - ok
12:08:23.0516 3600nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:08:23.0578 3600nvlddmkm - ok
12:08:23.0631 3600nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
12:08:23.0634 3600nvraid - ok
12:08:23.0648 3600nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
12:08:23.0650 3600nvstor - ok
12:08:23.0664 3600nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
12:08:23.0666 3600nv_agp - ok
12:08:23.0670 3600ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
12:08:23.0672 3600ohci1394 - ok
12:08:23.0694 3600p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:08:23.0698 3600p2pimsvc - ok
12:08:23.0722 3600p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:08:23.0734 3600p2psvc - ok
12:08:23.0773 3600Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:08:23.0775 3600Parport - ok
12:08:23.0810 3600partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
12:08:23.0814 3600partmgr - ok
12:08:23.0831 3600PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:08:23.0839 3600PcaSvc - ok
12:08:23.0848 3600pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
12:08:23.0852 3600pci - ok
12:08:23.0855 3600pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
12:08:23.0856 3600pciide - ok
12:08:23.0867 3600pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:08:23.0871 3600pcmcia - ok
12:08:23.0884 3600pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:08:23.0886 3600pcw - ok
12:08:23.0915 3600PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:08:23.0920 3600PEAUTH - ok
12:08:24.0040 3600PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:08:24.0041 3600PerfHost - ok
12:08:24.0105 3600pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
12:08:24.0136 3600pla - ok
12:08:24.0177 3600PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
12:08:24.0183 3600PlugPlay - ok
12:08:24.0197 3600PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:08:24.0200 3600PNRPAutoReg - ok
12:08:24.0212 3600PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:08:24.0215 3600PNRPsvc - ok
12:08:24.0248 3600PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
12:08:24.0257 3600PolicyAgent - ok
12:08:24.0278 3600Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:08:24.0283 3600Power - ok
12:08:24.0291 3600PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
12:08:24.0292 3600PptpMiniport - ok
12:08:24.0296 3600Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:08:24.0298 3600Processor - ok
12:08:24.0316 3600ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
12:08:24.0320 3600ProfSvc - ok
12:08:24.0337 3600ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
12:08:24.0338 3600ProtectedStorage - ok
12:08:24.0346 3600Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
12:08:24.0348 3600Psched - ok
12:08:24.0432 3600ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:08:24.0464 3600ql2300 - ok
12:08:24.0626 3600ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:08:24.0630 3600ql40xx - ok
12:08:24.0670 3600QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:08:24.0675 3600QWAVE - ok
12:08:24.0680 3600QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:08:24.0681 3600QWAVEdrv - ok
12:08:24.0684 3600RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:08:24.0685 3600RasAcd - ok
12:08:24.0700 3600RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:08:24.0701 3600RasAgileVpn - ok
12:08:24.0718 3600RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:08:24.0723 3600RasAuto - ok
12:08:24.0733 3600Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:08:24.0735 3600Rasl2tp - ok
12:08:24.0766 3600RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
12:08:24.0773 3600RasMan - ok
12:08:24.0779 3600RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:08:24.0781 3600RasPppoe - ok
12:08:24.0787 3600RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:08:24.0789 3600RasSstp - ok
12:08:24.0806 3600rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
12:08:24.0809 3600rdbss - ok
12:08:24.0812 3600rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:08:24.0813 3600rdpbus - ok
12:08:24.0817 3600RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:08:24.0818 3600RDPCDD - ok
12:08:24.0827 3600RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:08:24.0828 3600RDPENCDD - ok
12:08:24.0832 3600RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:08:24.0833 3600RDPREFMP - ok
12:08:24.0850 3600RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
12:08:24.0853 3600RDPWD - ok
12:08:24.0863 3600rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
12:08:24.0865 3600rdyboost - ok
12:08:24.0877 3600RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:08:24.0879 3600RemoteAccess - ok
12:08:24.0892 3600RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:08:24.0896 3600RemoteRegistry - ok
12:08:24.0902 3600RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:08:24.0904 3600RpcEptMapper - ok
12:08:24.0916 3600RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:08:24.0916 3600RpcLocator - ok
12:08:24.0946 3600RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
12:08:24.0950 3600RpcSs - ok
12:08:24.0963 3600rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:08:24.0964 3600rspndr - ok
12:08:25.0006 3600RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:08:25.0010 3600RTL8167 - ok
12:08:25.0038 3600SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
12:08:25.0043 3600SamSs - ok
12:08:25.0057 3600sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
12:08:25.0062 3600sbp2port - ok
12:08:25.0085 3600SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:08:25.0090 3600SCardSvr - ok
12:08:25.0094 3600scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
12:08:25.0095 3600scfilter - ok
12:08:25.0160 3600Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
12:08:25.0174 3600Schedule - ok
12:08:25.0196 3600SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
12:08:25.0197 3600SCPolicySvc - ok
12:08:25.0214 3600SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
12:08:25.0219 3600SDRSVC - ok
12:08:25.0230 3600secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:08:25.0231 3600secdrv - ok
12:08:25.0247 3600seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
12:08:25.0250 3600seclogon - ok
12:08:25.0259 3600SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
12:08:25.0262 3600SENS - ok
12:08:25.0270 3600SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:08:25.0274 3600SensrSvc - ok
12:08:25.0277 3600Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:08:25.0278 3600Serenum - ok
12:08:25.0288 3600Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:08:25.0290 3600Serial - ok
12:08:25.0291 3600sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:08:25.0292 3600sermouse - ok
12:08:25.0302 3600SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
12:08:25.0305 3600SessionEnv - ok
12:08:25.0323 3600sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
12:08:25.0324 3600sffdisk - ok
12:08:25.0331 3600sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:08:25.0333 3600sffp_mmc - ok
12:08:25.0341 3600sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:08:25.0342 3600sffp_sd - ok
12:08:25.0344 3600sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:08:25.0345 3600sfloppy - ok
12:08:25.0373 3600SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:08:25.0376 3600SharedAccess - ok
12:08:25.0399 3600ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
12:08:25.0404 3600ShellHWDetection - ok
12:08:25.0408 3600SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:08:25.0409 3600SiSRaid2 - ok
12:08:25.0422 3600SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:08:25.0424 3600SiSRaid4 - ok
12:08:25.0429 3600Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:08:25.0431 3600Smb - ok
12:08:25.0448 3600SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:08:25.0450 3600SNMPTRAP - ok
12:08:25.0457 3600spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:08:25.0458 3600spldr - ok
12:08:25.0494 3600Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
12:08:25.0503 3600Spooler - ok
12:08:25.0624 3600sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
12:08:25.0676 3600sppsvc - ok
12:08:25.0835 3600sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:08:25.0846 3600sppuinotify - ok
12:08:26.0006 3600srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
12:08:26.0017 3600srv - ok
12:08:26.0053 3600srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
12:08:26.0058 3600srv2 - ok
12:08:26.0079 3600srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
12:08:26.0081 3600srvnet - ok
12:08:26.0109 3600SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:08:26.0114 3600SSDPSRV - ok
12:08:26.0120 3600SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:08:26.0124 3600SstpSvc - ok
12:08:26.0131 3600stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:08:26.0133 3600stexstor - ok
12:08:26.0179 3600stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
12:08:26.0196 3600stisvc - ok
12:08:26.0199 3600swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:08:26.0201 3600swenum - ok
12:08:26.0228 3600swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:08:26.0247 3600swprv - ok
12:08:26.0322 3600SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
12:08:26.0351 3600SysMain - ok
12:08:26.0428 3600TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
12:08:26.0431 3600TabletInputService - ok
12:08:26.0451 3600TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
12:08:26.0456 3600TapiSrv - ok
12:08:26.0463 3600TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:08:26.0467 3600TBS - ok
12:08:26.0554 3600Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
12:08:26.0573 3600Tcpip - ok
12:08:26.0691 3600TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
12:08:26.0699 3600TCPIP6 - ok
12:08:26.0731 3600tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
12:08:26.0732 3600tcpipreg - ok
12:08:26.0736 3600TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:08:26.0737 3600TDPIPE - ok
12:08:26.0750 3600TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
12:08:26.0750 3600TDTCP - ok
12:08:26.0758 3600tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
12:08:26.0759 3600tdx - ok
12:08:26.0765 3600TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
12:08:26.0765 3600TermDD - ok
12:08:26.0798 3600TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
12:08:26.0812 3600TermService - ok
12:08:26.0826 3600Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:08:26.0829 3600Themes - ok
12:08:26.0840 3600THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:08:26.0842 3600THREADORDER - ok
12:08:26.0855 3600TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:08:26.0858 3600TrkWks - ok
12:08:26.0883 3600TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
12:08:26.0885 3600TrustedInstaller - ok
12:08:26.0891 3600tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:08:26.0892 3600tssecsrv - ok
12:08:26.0909 3600tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
12:08:26.0911 3600tunnel - ok
12:08:26.0915 3600uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:08:26.0916 3600uagp35 - ok
12:08:26.0934 3600udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
12:08:26.0937 3600udfs - ok
12:08:26.0957 3600UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:08:26.0959 3600UI0Detect - ok
12:08:26.0964 3600uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
12:08:26.0965 3600uliagpkx - ok
12:08:26.0979 3600umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
12:08:26.0980 3600umbus - ok
12:08:26.0983 3600UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:08:26.0984 3600UmPass - ok
12:08:27.0085 3600UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
12:08:27.0094 3600UMVPFSrv - ok
12:08:27.0126 3600upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:08:27.0141 3600upnphost - ok
12:08:27.0176 3600usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
12:08:27.0177 3600usbaudio - ok
12:08:27.0200 3600usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
12:08:27.0202 3600usbccgp - ok
12:08:27.0208 3600usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
12:08:27.0209 3600usbcir - ok
12:08:27.0224 3600usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
12:08:27.0225 3600usbehci - ok
12:08:27.0245 3600usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
12:08:27.0249 3600usbhub - ok
12:08:27.0256 3600usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
12:08:27.0258 3600usbohci - ok
12:08:27.0278 3600usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:08:27.0279 3600usbprint - ok
12:08:27.0299 3600usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:08:27.0300 3600usbscan - ok
12:08:27.0316 3600USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
12:08:27.0317 3600USBSTOR - ok
12:08:27.0321 3600usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
12:08:27.0322 3600usbuhci - ok
12:08:27.0350 3600usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
12:08:27.0352 3600usbvideo - ok
12:08:27.0364 3600UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:08:27.0367 3600UxSms - ok
12:08:27.0378 3600VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
12:08:27.0380 3600VaultSvc - ok
12:08:27.0383 3600vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
12:08:27.0384 3600vdrvroot - ok
12:08:27.0415 3600vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
12:08:27.0426 3600vds - ok
12:08:27.0430 3600vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:08:27.0431 3600vga - ok
 
12:08:27.0434 3600VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:08:27.0435 3600VgaSave - ok
12:08:27.0449 3600vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
12:08:27.0452 3600vhdmp - ok
12:08:27.0455 3600viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
12:08:27.0456 3600viaide - ok
12:08:27.0459 3600volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
12:08:27.0460 3600volmgr - ok
12:08:27.0479 3600volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
12:08:27.0483 3600volmgrx - ok
12:08:27.0494 3600volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
12:08:27.0497 3600volsnap - ok
12:08:27.0509 3600vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:08:27.0512 3600vsmraid - ok
12:08:27.0575 3600VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
12:08:27.0616 3600VSS - ok
12:08:27.0822 3600vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
12:08:27.0825 3600vwifibus - ok
12:08:27.0872 3600W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:08:27.0888 3600W32Time - ok
12:08:27.0893 3600WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:08:27.0895 3600WacomPen - ok
12:08:27.0910 3600WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:08:27.0912 3600WANARP - ok
12:08:27.0914 3600Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:08:27.0915 3600Wanarpv6 - ok
12:08:28.0022 3600WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:08:28.0041 3600WatAdminSvc - ok
12:08:28.0124 3600wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
12:08:28.0146 3600wbengine - ok
12:08:28.0184 3600WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:08:28.0188 3600WbioSrvc - ok
12:08:28.0226 3600wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
12:08:28.0232 3600wcncsvc - ok
12:08:28.0235 3600WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:08:28.0239 3600WcsPlugInService - ok
12:08:28.0244 3600Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:08:28.0245 3600Wd - ok
12:08:28.0278 3600Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:08:28.0284 3600Wdf01000 - ok
12:08:28.0289 3600WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:08:28.0291 3600WdiServiceHost - ok
12:08:28.0294 3600WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:08:28.0297 3600WdiSystemHost - ok
12:08:28.0317 3600WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
12:08:28.0322 3600WebClient - ok
12:08:28.0344 3600Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:08:28.0348 3600Wecsvc - ok
12:08:28.0358 3600wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:08:28.0361 3600wercplsupport - ok
12:08:28.0371 3600WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:08:28.0374 3600WerSvc - ok
12:08:28.0381 3600WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:08:28.0381 3600WfpLwf - ok
12:08:28.0386 3600WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:08:28.0387 3600WIMMount - ok
12:08:28.0403 3600WinDefend - ok
12:08:28.0407 3600WinHttpAutoProxySvc - ok
12:08:28.0476 3600Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:08:28.0482 3600Winmgmt - ok
12:08:28.0581 3600WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
12:08:28.0615 3600WinRM - ok
12:08:28.0751 3600Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:08:28.0772 3600Wlansvc - ok
12:08:28.0778 3600WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:08:28.0779 3600WmiAcpi - ok
12:08:28.0800 3600wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:08:28.0803 3600wmiApSrv - ok
12:08:28.0817 3600WMPNetworkSvc - ok
12:08:28.0829 3600WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:08:28.0833 3600WPCSvc - ok
12:08:28.0841 3600WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
12:08:28.0846 3600WPDBusEnum - ok
12:08:28.0850 3600ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:08:28.0851 3600ws2ifsl - ok
12:08:28.0862 3600wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
12:08:28.0867 3600wscsvc - ok
12:08:28.0870 3600WSearch - ok
12:08:29.0018 3600wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
12:08:29.0041 3600wuauserv - ok
12:08:29.0073 3600WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
12:08:29.0075 3600WudfPf - ok
12:08:29.0083 3600WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:08:29.0084 3600WUDFRd - ok
12:08:29.0093 3600wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
12:08:29.0097 3600wudfsvc - ok
12:08:29.0112 3600WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:08:29.0117 3600WwanSvc - ok
12:08:29.0141 3600MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:08:29.0183 3600\Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
12:08:29.0183 3600\Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
12:08:29.0190 3600Boot (0x1200) (ca7d5678360e1684185bd73a05e7d124) \Device\Harddisk0\DR0\Partition0
12:08:29.0193 3600\Device\Harddisk0\DR0\Partition0 - ok
12:08:29.0206 3600Boot (0x1200) (07aa2c00c277faa2491ebca82d7416af) \Device\Harddisk0\DR0\Partition1
12:08:29.0208 3600\Device\Harddisk0\DR0\Partition1 - ok
12:08:29.0208 3600============================================================
12:08:29.0208 3600Scan finished
12:08:29.0208 3600============================================================
12:08:29.0217 3440Detected object count: 1
12:08:29.0217 3440Actual detected object count: 1
12:08:50.0552 3440\Device\Harddisk0\DR0\# - copied to quarantine
12:08:50.0552 3440\Device\Harddisk0\DR0 - copied to quarantine
12:08:50.0578 3440\Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
12:08:52.0361 3440\Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
12:08:52.0367 3440\Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
12:08:52.0432 3440\Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
12:08:52.0468 3440\Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
12:08:52.0479 3440\Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
12:08:52.0495 3440\Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
12:08:52.0496 3440\Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
12:08:52.0497 3440\Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
12:08:52.0499 3440\Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
12:08:52.0511 3440\Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
12:08:52.0557 3440\Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
12:08:52.0629 3440\Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
12:08:52.0630 3440\Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
12:08:52.0677 3440\Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
12:08:52.0749 3440\Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
12:08:52.0750 3440\Device\Harddisk0\DR0 - ok
12:08:52.0779 3440\Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
12:09:05.0853 3596Deinitialize success
 
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.12.04

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Mike :: MIKE-PC [administrator]

Protection: Enabled

8/12/2012 12:37:14 PM
mbam-log-2012-08-12 (12-37-14).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 310838
Time elapsed: 13 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)
 
I apologize for the late reply. Here is the log, it came up clean.

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.12.04

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Mike :: MIKE-PC [administrator]

Protection: Enabled

8/12/2012 9:26:13 PM
mbam-log-2012-08-12 (21-26-13).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 315606
Time elapsed: 16 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Excellent!

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

http://download.bleepingcomputer.com/grinler/beta/rkill.exe
http://download.bleepingcomputer.com/grinler/beta/iExplore.exe

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

Please post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 12-08-10.02 - Mike 08/12/2012 21:57:17.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6143.4375 [GMT -4:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))
.
.
2012-08-13 02:00 . 2012-08-13 02:0069000----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C29F088-B712-4267-BB63-7D4CFB9A9F4E}\offreg.dll
2012-08-13 02:00 . 2012-08-13 02:00--------d-----w-c:\users\Default\AppData\Local\temp
2012-08-12 19:06 . 2012-08-12 19:06--------d-----w-c:\windows\en
2012-08-12 19:05 . 2012-08-12 19:05--------d-----w-c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-08-12 19:05 . 2012-08-12 19:05--------d-----w-c:\program files\Windows Live
2012-08-12 19:04 . 2012-08-12 19:04--------d-----w-c:\windows\PCHEALTH
2012-08-12 19:04 . 2012-08-12 19:05--------d-----w-c:\program files (x86)\Windows Live
2012-08-12 19:03 . 2010-06-02 08:5577656----a-w-c:\windows\system32\XAPOFX1_5.dll
2012-08-12 19:03 . 2010-06-02 08:5574072----a-w-c:\windows\SysWow64\XAPOFX1_5.dll
2012-08-12 19:03 . 2010-06-02 08:55527192----a-w-c:\windows\SysWow64\XAudio2_7.dll
2012-08-12 19:03 . 2010-06-02 08:55518488----a-w-c:\windows\system32\XAudio2_7.dll
2012-08-12 19:03 . 2010-05-26 15:412526056----a-w-c:\windows\system32\D3DCompiler_43.dll
2012-08-12 19:03 . 2010-05-26 15:412106216----a-w-c:\windows\SysWow64\D3DCompiler_43.dll
2012-08-12 19:03 . 2010-05-26 15:41276832----a-w-c:\windows\system32\d3dx11_43.dll
2012-08-12 19:03 . 2010-05-26 15:41248672----a-w-c:\windows\SysWow64\d3dx11_43.dll
2012-08-12 19:02 . 2009-09-04 21:29453456----a-w-c:\windows\SysWow64\d3dx10_42.dll
2012-08-12 19:02 . 2009-09-04 21:29523088----a-w-c:\windows\system32\d3dx10_42.dll
2012-08-12 19:01 . 2006-11-29 17:064398360----a-w-c:\windows\system32\d3dx9_32.dll
2012-08-12 19:01 . 2006-11-29 17:063426072----a-w-c:\windows\SysWow64\d3dx9_32.dll
2012-08-12 19:01 . 2012-08-12 19:01--------d-----w-c:\program files (x86)\Microsoft SkyDrive
2012-08-12 19:00 . 2012-08-12 19:00--------d-----w-c:\programdata\Microsoft SkyDrive
2012-08-12 19:00 . 2010-08-11 05:193860992----a-w-c:\windows\system32\UIRibbon.dll
2012-08-12 19:00 . 2010-08-11 05:131164800----a-w-c:\windows\system32\UIRibbonRes.dll
2012-08-12 19:00 . 2010-08-11 04:442983424----a-w-c:\windows\SysWow64\UIRibbon.dll
2012-08-12 19:00 . 2010-08-11 04:351164800----a-w-c:\windows\SysWow64\UIRibbonRes.dll
2012-08-12 18:56 . 2012-08-12 18:56--------d-----w-c:\program files (x86)\Common Files\Windows Live
2012-08-12 16:08 . 2012-08-12 16:08--------d-----w-C:\TDSSKiller_Quarantine
2012-08-12 06:20 . 2012-08-12 02:27--------d-----w-c:\windows\Panther
2012-08-12 06:11 . 2012-08-12 06:11--------d-----w-c:\program files (x86)\Microsoft.NET
2012-08-12 05:18 . 2012-08-12 05:18--------d-----w-c:\programdata\Malwarebytes
2012-08-12 05:18 . 2012-08-12 05:19--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-12 05:18 . 2012-07-03 17:4624904----a-w-c:\windows\system32\drivers\mbam.sys
2012-08-12 04:44 . 2012-08-12 05:2870344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-12 04:44 . 2012-08-12 05:28426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-12 04:44 . 2012-08-12 04:44--------d-----w-c:\windows\SysWow64\Macromed
2012-08-12 04:44 . 2012-08-12 04:44--------d-----w-c:\windows\system32\Macromed
2012-08-12 04:26 . 2012-08-12 04:27--------d-----w-c:\program files (x86)\Ask.com
2012-08-12 04:25 . 2012-08-12 04:27--------d-----w-c:\program files (x86)\Google
2012-08-12 04:25 . 2012-07-03 16:21355856----a-w-c:\windows\system32\drivers\aswSP.sys
2012-08-12 04:25 . 2012-07-03 16:2125232----a-w-c:\windows\system32\drivers\aswFsBlk.sys
2012-08-12 04:25 . 2012-07-03 16:2154072----a-w-c:\windows\system32\drivers\aswRdr2.sys
2012-08-12 04:25 . 2012-07-03 16:2159728----a-w-c:\windows\system32\drivers\aswTdi.sys
2012-08-12 04:25 . 2012-07-03 16:21958400----a-w-c:\windows\system32\drivers\aswSnx.sys
2012-08-12 04:25 . 2012-07-03 16:2171064----a-w-c:\windows\system32\drivers\aswMonFlt.sys
2012-08-12 04:25 . 2012-07-03 16:21285328----a-w-c:\windows\system32\aswBoot.exe
2012-08-12 04:11 . 2012-08-12 04:11--------d-----w-c:\programdata\Hewlett-Packard
2012-08-12 04:11 . 2009-07-14 01:41230400----a-w-c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2012-08-12 04:08 . 2012-08-12 19:01--------d-----w-c:\users\Larry
2012-08-12 04:05 . 2012-08-12 04:05--------d-----w-c:\windows\SysWow64\Wat
2012-08-12 04:05 . 2012-08-12 04:05--------d-----w-c:\windows\system32\Wat
2012-08-12 03:58 . 2012-08-12 03:58--------d-----w-c:\programdata\NVIDIA Corporation
2012-08-12 03:58 . 2012-08-12 03:58--------d-----w-c:\program files\NVIDIA Corporation
2012-08-12 03:58 . 2012-08-12 03:58--------d-----w-c:\program files (x86)\NVIDIA Corporation
2012-08-12 03:57 . 2010-09-14 06:45367104----a-w-c:\windows\system32\wcncsvc.dll
2012-08-12 03:57 . 2010-09-14 06:07276992----a-w-c:\windows\SysWow64\wcncsvc.dll
2012-08-12 03:54 . 2012-06-12 03:023147264----a-w-c:\windows\system32\win32k.sys
2012-08-12 03:11 . 2012-08-13 01:10--------d-sh--w-c:\windows\Installer
2012-08-12 03:11 . 2012-07-03 16:2141224----a-w-c:\windows\avastSS.scr
2012-08-12 03:11 . 2012-07-03 16:21227648----a-w-c:\windows\SysWow64\aswBoot.exe
2012-08-12 03:10 . 2012-08-12 04:24--------d-----w-c:\programdata\AVAST Software
2012-08-12 03:10 . 2012-08-12 04:24--------d-----w-c:\program files\AVAST Software
2012-08-12 03:08 . 2009-09-10 06:28311808----a-w-c:\windows\system32\msv1_0.dll
2012-08-12 03:08 . 2009-09-10 05:52257024----a-w-c:\windows\SysWow64\msv1_0.dll
2012-08-12 02:59 . 2009-10-10 03:1714336----a-w-c:\windows\system32\drivers\sffp_sd.sys
2012-08-12 02:55 . 2009-11-25 16:4799176----a-w-c:\windows\SysWow64\PresentationHostProxy.dll
2012-08-12 02:55 . 2009-11-25 16:4749472----a-w-c:\windows\SysWow64\netfxperf.dll
2012-08-12 02:55 . 2009-11-25 16:4748960----a-w-c:\windows\system32\netfxperf.dll
2012-08-12 02:55 . 2009-11-25 16:47297808----a-w-c:\windows\SysWow64\mscoree.dll
2012-08-12 02:55 . 2009-11-25 16:47295264----a-w-c:\windows\SysWow64\PresentationHost.exe
2012-08-12 02:55 . 2009-11-25 16:471130824----a-w-c:\windows\SysWow64\dfshim.dll
2012-08-12 02:55 . 2009-11-25 16:47109912----a-w-c:\windows\system32\PresentationHostProxy.dll
2012-08-12 02:55 . 2009-11-25 16:47444752----a-w-c:\windows\system32\mscoree.dll
2012-08-12 02:55 . 2009-11-25 16:47320352----a-w-c:\windows\system32\PresentationHost.exe
2012-08-12 02:55 . 2009-11-25 16:471942856----a-w-c:\windows\system32\dfshim.dll
2012-08-12 02:51 . 2012-08-12 02:51--------d-----w-c:\program files (x86)\Common Files\logishrd
2012-08-12 02:51 . 2012-08-12 02:51--------d-----w-c:\program files\Common Files\logishrd
2012-08-12 02:50 . 2012-07-03 07:1959701280----a-w-c:\windows\system32\MRT.exe
2012-08-12 02:46 . 2012-03-01 06:5422896----a-w-c:\windows\system32\drivers\fs_rec.sys
2012-08-12 02:46 . 2012-03-01 06:45220672----a-w-c:\windows\system32\wintrust.dll
2012-08-12 02:46 . 2012-03-01 06:4080896----a-w-c:\windows\system32\imagehlp.dll
2012-08-12 02:46 . 2012-03-01 06:355120----a-w-c:\windows\system32\wmi.dll
2012-08-12 02:46 . 2012-03-01 05:49172544----a-w-c:\windows\SysWow64\wintrust.dll
2012-08-12 02:46 . 2012-03-01 05:45158720----a-w-c:\windows\SysWow64\imagehlp.dll
2012-08-12 02:46 . 2012-03-01 05:405120----a-w-c:\windows\SysWow64\wmi.dll
2012-08-12 02:44 . 2010-03-04 04:40184832----a-w-c:\windows\system32\drivers\usbvideo.sys
2012-08-12 02:44 . 2010-03-04 04:32243712----a-w-c:\windows\system32\drivers\ks.sys
2012-08-12 02:42 . 2012-06-09 05:3014165504----a-w-c:\windows\system32\shell32.dll
2012-08-12 02:41 . 2012-04-24 05:59182272----a-w-c:\windows\system32\cryptsvc.dll
2012-08-12 02:40 . 2010-01-09 07:19139264----a-w-c:\windows\system32\cabview.dll
2012-08-12 02:40 . 2010-01-09 06:52132608----a-w-c:\windows\SysWow64\cabview.dll
2012-08-12 02:33 . 2011-11-19 15:0777312----a-w-c:\windows\system32\packager.dll
2012-08-12 02:33 . 2011-11-19 14:0667072----a-w-c:\windows\SysWow64\packager.dll
2012-08-12 02:33 . 2010-08-27 06:14236032----a-w-c:\windows\system32\srvsvc.dll
2012-08-12 02:33 . 2010-08-27 05:469728----a-w-c:\windows\SysWow64\sscore.dll
2012-08-12 02:32 . 2012-02-15 06:271031680----a-w-c:\windows\system32\rdpcore.dll
2012-08-12 02:32 . 2012-02-15 05:44826368----a-w-c:\windows\SysWow64\rdpcore.dll
2012-08-12 02:32 . 2012-02-15 04:4623552----a-w-c:\windows\system32\drivers\tdtcp.sys
2012-08-12 02:29 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
2012-08-12 02:29 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
2012-08-12 02:29 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
2012-08-12 02:29 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
2012-08-12 02:28 . 2012-06-02 22:1938424----a-w-c:\windows\system32\wups.dll
2012-08-12 02:28 . 2012-06-02 22:19701976----a-w-c:\windows\system32\wuapi.dll
2012-08-12 02:28 . 2012-06-02 22:1599840----a-w-c:\windows\system32\wudriver.dll
2012-08-12 02:28 . 2012-06-02 19:19186752----a-w-c:\windows\system32\wuwebv.dll
2012-08-12 02:28 . 2012-06-02 19:1536864----a-w-c:\windows\system32\wuapp.exe
2012-08-12 02:27 . 2012-08-12 02:28--------d-----w-c:\users\Mike
2012-08-12 02:27 . 2012-08-12 02:27--------d-----w-C:\Recovery
2012-07-28 06:54 . 2012-07-28 06:54321472----a-w-c:\windows\WLXPGSS.SCR
2012-07-26 23:08 . 2012-07-26 23:08862664----a-w-c:\windows\SysWow64\msvcr110.dll
2012-07-26 23:08 . 2012-07-26 23:08534480----a-w-c:\windows\SysWow64\msvcp110.dll
2012-07-26 23:08 . 2012-07-26 23:08251864----a-w-c:\windows\SysWow64\vccorlib110.dll
2012-07-26 23:08 . 2012-07-26 23:08153536----a-w-c:\windows\SysWow64\atl110.dll
2012-07-26 23:08 . 2012-07-26 23:08115656----a-w-c:\windows\SysWow64\vcomp110.dll
2012-07-26 19:22 . 2012-07-26 19:22828872----a-w-c:\windows\system32\msvcr110.dll
2012-07-26 19:22 . 2012-07-26 19:22661448----a-w-c:\windows\system32\msvcp110.dll
2012-07-26 19:22 . 2012-07-26 19:22354264----a-w-c:\windows\system32\vccorlib110.dll
2012-07-26 19:22 . 2012-07-26 19:22177096----a-w-c:\windows\system32\atl110.dll
2012-07-26 19:22 . 2012-07-26 19:22124360----a-w-c:\windows\system32\vcomp110.dll
2012-07-17 19:20 . 2012-07-17 19:201178920----a-w-c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDRES.DLL
2012-07-17 19:17 . 2012-07-17 19:17529664----a-w-c:\program files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
2012-07-17 19:16 . 2012-07-17 19:1656072----a-w-c:\program files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll
2012-07-17 19:16 . 2012-07-17 19:161134856----a-w-c:\program files\Common Files\Microsoft Shared\Windows Live\wlidcli.dll
2012-07-17 19:14 . 2012-07-17 19:14420608----a-w-c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL
2012-07-17 19:14 . 2012-07-17 19:14290560----a-w-c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-07 01:331519304----a-w-c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-07 1564872]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-12 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-12 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-12 136176]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-12 1255736]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-12 05:28]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-12 04:25]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-12 04:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21133400----a-w-c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-12 22:01:53
ComboFix-quarantined-files.txt 2012-08-13 02:01
.
Pre-Run: 964,075,343,872 bytes free
Post-Run: 964,137,586,688 bytes free
.
- - End Of File - - 216B1E7687FDA122446BA820E915A195
 
Rkill 2.1.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 08/12/2012 10:16:16 PM in x64 mode.
Windows Version: Windows 7
Checking for Windows services to stop.
* No malware services found to stop.
Checking for processes to terminate.
* No malware processes found to kill.
Checking Registry for malware related settings.
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.com "@" has been changed to ComFile!
* HKLM\Software\Classes\.com "@" was reset to comfile!
Performing miscellaneous checks.
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Restarting Explorer.exe in order to apply changes.
Program finished at: 08/12/2012 10:16:24 PM
Execution time: 0 hours(s), 0 minute(s), and 8 seconds(s)
 
Looks good :)

Uninstall Ask Toolbar, typical foistware.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 8/12/2012 10:36:20 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Mike\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.71 Gb Available Physical Memory | 78.44% Memory free
12.00 Gb Paging File | 10.59 Gb Available in Paging File | 88.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 898.01 Gb Free Space | 96.41% Space Free | Partition Type: NTFS

Computer Name: MIKE-PC | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/12 22:34:48 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/12 01:28:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/03 12:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 12:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 12:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 12:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 12:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/03 12:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/01/19 13:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irsir.sys -- (irsir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-93952822-3381910838-1579628254-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-93952822-3381910838-1579628254-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-93952822-3381910838-1579628254-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A 33 00 93 32 78 CD 01 [binary data]
IE - HKU\S-1-5-21-93952822-3381910838-1579628254-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-93952822-3381910838-1579628254-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-93952822-3381910838-1579628254-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - Extension: avast! WebRep = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-93952822-3381910838-1579628254-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-93952822-3381910838-1579628254-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-93952822-3381910838-1579628254-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.243.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25679FFA-D803-444A-BB00-D39C9704C05B}: DhcpNameServer = 192.168.1.1 71.243.0.12
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/12 22:34:47 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
[2012/08/12 22:15:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/12 22:07:04 | 001,118,624 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Mike\Desktop\rkill.exe
[2012/08/12 21:56:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/12 21:56:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/12 21:56:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/12 21:56:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/12 21:56:13 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/12 21:50:33 | 004,729,547 | R--- | C] (Swearware) -- C:\Users\Mike\Desktop\ComboFix.exe
[2012/08/12 15:06:30 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/08/12 15:05:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012/08/12 15:05:05 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/08/12 15:04:59 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/08/12 15:04:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2012/08/12 15:01:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2012/08/12 15:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2012/08/12 14:56:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2012/08/12 12:08:50 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/12 10:15:22 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Macromedia
[2012/08/12 10:05:19 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/08/12 09:17:08 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Malwarebytes
[2012/08/12 09:16:28 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Google
[2012/08/12 09:15:09 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Adobe
[2012/08/12 02:20:05 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/08/12 02:11:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/08/12 01:21:09 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/08/12 01:20:45 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/08/12 01:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/12 01:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/12 01:18:58 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/12 01:18:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/12 00:44:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/08/12 00:44:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/08/12 00:27:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/08/12 00:26:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012/08/12 00:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/08/12 00:25:53 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/08/12 00:25:53 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/08/12 00:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/08/12 00:25:49 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/08/12 00:25:48 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/12 00:25:47 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/08/12 00:25:45 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/08/12 00:25:45 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/08/12 00:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2012/08/12 00:05:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/08/12 00:05:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/08/11 23:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/08/11 23:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/08/11 23:58:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/08/11 23:11:11 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/08/11 23:11:01 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/08/11 23:11:01 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/11 23:10:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/08/11 23:10:49 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/11 22:51:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd
[2012/08/11 22:51:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2012/08/11 22:30:45 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Microsoft Games
[2012/08/11 22:28:33 | 000,000,000 | R--D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/08/11 22:28:33 | 000,000,000 | R--D | C] -- C:\Users\Mike\Searches
[2012/08/11 22:28:33 | 000,000,000 | R--D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/08/11 22:28:33 | 000,000,000 | -H-D | C] -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/08/11 22:28:04 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Identities
[2012/08/11 22:27:58 | 000,000,000 | R--D | C] -- C:\Users\Mike\Contacts
[2012/08/11 22:27:56 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\VirtualStore
[2012/08/11 22:27:51 | 000,000,000 | --SD | C] -- C:\Users\Mike\AppData\Roaming\Microsoft
[2012/08/11 22:27:51 | 000,000,000 | R--D | C] -- C:\Users\Mike\Videos
[2012/08/11 22:27:51 | 000,000,000 | R--D | C] -- C:\Users\Mike\Saved Games
[2012/08/11 22:27:51 | 000,000,000 | R--D | C] -- C:\Users\Mike\Pictures
[2012/08/11 22:27:51 | 000,000,000 | R--D | C] -- C:\Users\Mike\Music
[2012/08/11 22:27:51 | 000,000,000 | R--D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/08/11 22:27:51 | 000,000,000 | R--D | C] -- C:\Users\Mike\Links
[2012/08/11 22:27:51 | 000,000,000 | R--D | C] -- C:\Users\Mike\Favorites
[2012/08/11 22:27:51 | 000,000,000 | R--D | C] -- C:\Users\Mike\Downloads
[2012/08/11 22:27:51 | 000,000,000 | R--D | C] -- C:\Users\Mike\Documents
[2012/08/11 22:27:51 | 000,000,000 | R--D | C] -- C:\Users\Mike\Desktop
[2012/08/11 22:27:51 | 000,000,000 | R--D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/08/11 22:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\AppData\Local\Temporary Internet Files
[2012/08/11 22:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Templates
[2012/08/11 22:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Start Menu
[2012/08/11 22:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\SendTo
[2012/08/11 22:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Recent
[2012/08/11 22:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\PrintHood
[2012/08/11 22:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\NetHood
[2012/08/11 22:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Documents\My Videos
[2012/08/11 22:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Documents\My Pictures
[2012/08/11 22:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Documents\My Music
[2012/08/11 22:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\My Documents
[2012/08/11 22:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Local Settings
[2012/08/11 22:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\AppData\Local\History
[2012/08/11 22:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Cookies
[2012/08/11 22:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Application Data
[2012/08/11 22:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Mike\AppData\Local\Application Data
[2012/08/11 22:27:51 | 000,000,000 | -H-D | C] -- C:\Users\Mike\AppData
[2012/08/11 22:27:51 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Temp
[2012/08/11 22:27:51 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Microsoft
[2012/08/11 22:27:51 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Media Center Programs
[2012/08/11 22:27:40 | 000,000,000 | ---D | C] -- C:\Recovery
[2012/08/11 22:27:35 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/07/24 13:22:36 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mike\Desktop\TDSSKiller.exe

========== Files - Modified Within 30 Days ==========

[2012/08/12 22:35:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/12 22:34:48 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
[2012/08/12 22:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/12 22:22:25 | 000,719,716 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/12 22:22:25 | 000,619,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/12 22:22:25 | 000,104,372 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/12 22:18:30 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/12 22:18:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/12 22:18:02 | 536,272,895 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/12 22:08:07 | 000,013,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/12 22:08:07 | 000,013,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/12 22:07:04 | 001,118,624 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Mike\Desktop\rkill.exe
[2012/08/12 21:50:43 | 004,729,547 | R--- | M] (Swearware) -- C:\Users\Mike\Desktop\ComboFix.exe
[2012/08/12 12:07:31 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mike\Desktop\TDSSKiller.exe
[2012/08/12 10:05:16 | 822,761,947 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/12 09:15:06 | 000,001,437 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/12 01:24:22 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/08/12 01:24:22 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/08/12 01:21:43 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/08/12 01:18:59 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/12 00:27:30 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/12 00:25:53 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/12 00:25:45 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/08/12 00:07:14 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/11 22:54:22 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/08/11 22:54:22 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/08/11 22:50:57 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI

========== Files Created - No Company Name ==========

[2012/08/12 21:56:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/12 21:56:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/12 21:56:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/12 21:56:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/12 21:56:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/12 15:06:15 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2012/08/12 15:06:08 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2012/08/12 15:05:37 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/08/12 10:05:16 | 822,761,947 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/08/12 01:24:18 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/08/12 01:24:15 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/08/12 01:21:43 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/08/12 01:20:45 | 536,272,895 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/12 01:18:59 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/12 00:44:25 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/12 00:27:30 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/12 00:25:59 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/12 00:25:58 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/12 00:25:53 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/12 00:25:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/08/11 22:54:22 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/08/11 22:54:22 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/08/11 22:50:57 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/08/11 22:31:23 | 000,001,437 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/11 22:29:02 | 000,001,443 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/08/11 22:29:02 | 000,001,409 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/08/11 22:27:51 | 000,000,290 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/08/11 22:27:51 | 000,000,272 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

========== LOP Check ==========

[2012/08/12 17:26:03 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Windows Live Writer
[2009/07/14 01:08:49 | 000,005,392 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
 
OTL Extras logfile created on: 8/12/2012 10:36:20 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Mike\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.71 Gb Available Physical Memory | 78.44% Memory free
12.00 Gb Paging File | 10.59 Gb Available in Paging File | 88.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 898.01 Gb Free Space | 96.41% Space Free | Partition Type: NTFS

Computer Name: MIKE-PC | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-93952822-3381910838-1579628254-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A981EA5-3D06-4A00-A2A2-58E155C48B04}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1BB55052-8A63-4DCA-9D13-1A66EAC960AD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{212C619A-362F-438A-A692-EFB89823C228}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{290B6B85-5DDF-4CBD-82D7-2B8A6B994471}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2D1B550D-74E4-47D8-B67D-CABDF3ABFB14}" = rport=139 | protocol=6 | dir=out | app=system |
"{2F204023-A67B-42CF-8FE1-322C10A705B2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2FE370F7-886F-4A1C-A95D-6CB8E46A804F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{33D51604-EE55-498C-B35A-F0A896E0F9BD}" = lport=139 | protocol=6 | dir=in | app=system |
"{4502CA5E-74FD-4164-8535-FF89CEE21BA4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{454A2CCA-FDBA-461A-AFB2-7476246AF4BF}" = lport=138 | protocol=17 | dir=in | app=system |
"{4A301F15-ECDB-4666-8263-9832A44A5035}" = lport=445 | protocol=6 | dir=in | app=system |
"{4C5331EB-6B7A-4E6D-86F9-C0FD86A98474}" = lport=10243 | protocol=6 | dir=in | app=system |
"{519331E8-E479-4AF5-A5F6-A33AEB8BC49A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5268EFBD-CDC7-4132-A34C-5842B2474F7B}" = rport=445 | protocol=6 | dir=out | app=system |
"{658FB287-51AC-4E3A-A2C4-8498552169EA}" = rport=138 | protocol=17 | dir=out | app=system |
"{67AF3215-361A-48CA-BF17-55F203258B1D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6D529486-57E9-4846-8B73-B7CDEF4E7D7C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A3A20030-AFB9-432E-8694-4352E9A6B2DC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B1DCC7B5-4680-4FC3-AD01-EE172A84F704}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B8E4D0AD-377B-490C-8524-0F0CBAC8D8FB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C937F2D5-5695-4DDB-8A55-484FE2BB6810}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D264D8F9-79A4-44A0-82F4-EC1B785D3BFA}" = rport=137 | protocol=17 | dir=out | app=system |
"{FA223B64-A891-4146-ABC3-0C659CB1764F}" = lport=137 | protocol=17 | dir=in | app=system |
"{FB7E2FE6-6C44-4FAA-95A2-6AB05A1C6C9B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FCD8E4FC-C39B-4F36-B368-041BC13B5D42}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3194D92E-4AAD-4399-B84C-3CA43F392BDC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{329510AD-D544-4839-88CC-B880AEACFBCC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3B347E55-7162-4D3C-8AC2-D5368DB2D739}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3E767DE1-8557-40F1-B513-8380624D5EE5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{714D0777-FE49-4BFD-82FD-F162A2F96F36}" = protocol=6 | dir=out | app=system |
"{72AB8970-EE32-46A1-9467-31F82ADBE105}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{75E8E56D-F43C-4DFA-8E5D-0BC261B1AD0A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7CF0662A-400C-42F5-B431-D1F6C2FE7B63}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{800CE447-8505-46AC-9B58-1C43B714B95E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8726BCC6-5B75-4161-A5BB-721792EE7DAE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{88D76C35-9690-480E-A335-CB5D1B280F40}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{89ADBC7C-FAC6-4A6F-A39F-4B6531B63B5C}" = dir=in | app=c:\users\larry\appdata\local\microsoft\skydrive\skydrive.exe |
"{8FE22660-3B5F-4880-971C-55022203CFB0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{939C1330-9BAC-4367-A73C-361CCCC45D24}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B60D21B4-E977-4104-86FF-E6E7A264C07E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C0C989E4-EB0C-4C37-9CBF-2561407E762F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CEC8935E-D376-497F-B828-AFFDE4430E7E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D88EF343-385C-4A2A-951A-6122BEA1F5BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E2B63CB8-175F-4D29-B1DA-C36AE2946C03}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E36D9A58-125D-48F0-BA37-01DAE212C9EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F6B83633-3BCF-49EB-9076-769135474C91}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4BA33BE3-20CF-4972-BD67-B44CEFA52DCB}" = Windows Live MIME IFilter
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack
"{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker
"{44E89CCA-BB20-4EA6-80EB-4126E886F83D}" = Windows Live Mail
"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common
"{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{CBB00A31-1E0F-458C-BA15-0BAFF0567772}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DA672E-15DB-4413-BE2D-887DD1513607}" = Windows Live Writer
"{FE58D81E-30CE-4C73-9A52-28E886B62B91}" = Windows Live Writer Resources
"{FECB76C1-1C1D-4A84-8D47-5754C74B5A5E}" = Junk Mail filter update
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"avast" = avast! Free Antivirus
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/11/2012 11:17:42 PM | Computer Name = Mike-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 124 Start
Time: 01cd7838b5b0b5d5 Termination Time: 62 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id: 3a930a08-e42c-11e1-a197-00252244f4d6

Error - 8/11/2012 11:19:10 PM | Computer Name = Mike-PC | Source = Application Hang | ID = 1002
Description = The program avast.setup version 7.0.1456.418 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 474 Start
Time: 01cd7837fa6d96ac Termination Time: 0 Application Path: C:\Users\Mike\AppData\Local\Temp\_av_sfx.tm~a03036\avast.setup
Report
Id:

Error - 8/12/2012 12:06:06 AM | Computer Name = Mike-PC | Source = Application Error | ID = 1000
Description = Faulting application name: UMVPFSrv.exe, version: 13.31.1044.0, time
stamp: 0x4f166843 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x75366a34 Faulting process id: 0x3c4 Faulting application
start time: 0x01cd783fa959e108 Faulting application path: C:\Program Files (x86)\Common
Files\logishrd\LVMVFM\UMVPFSrv.exe Faulting module path: unknown Report Id: 09e9bbfb-e433-11e1-a42c-00252244f4d6

Error - 8/12/2012 12:06:13 AM | Computer Name = Mike-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x75366a34 Faulting process id: 0x7b8 Faulting application
start time: 0x01cd783fcd2dfda3 Faulting application path: \\.\globalroot\systemroot\svchost.exe
Faulting
module path: unknown Report Id: 0d9ea3e7-e433-11e1-a42c-00252244f4d6

Error - 8/12/2012 12:25:45 AM | Computer Name = Mike-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\AVAST Software\Avast\asOutExt64.dll".
Dependent
Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/12/2012 1:25:03 AM | Computer Name = Mike-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ARO.exe, version: 8.0.12.0, time stamp:
0x4ff56973 Faulting module name: ARO.exe, version: 8.0.12.0, time stamp: 0x4ff56973
Exception
code: 0xc0000005 Fault offset: 0x0001ffaa Faulting process id: 0xc5c Faulting application
start time: 0x01cd784ad0c8cba7 Faulting application path: C:\Program Files (x86)\ARO
2012\ARO.exe Faulting module path: C:\Program Files (x86)\ARO 2012\ARO.exe Report
Id: 10e39d43-e43e-11e1-9951-00252244f4d6

Error - 8/12/2012 10:56:05 AM | Computer Name = Mike-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ARO.exe, version: 8.0.12.0, time stamp:
0x4ff56973 Faulting module name: ARO.exe, version: 8.0.12.0, time stamp: 0x4ff56973
Exception
code: 0xc0000005 Fault offset: 0x0001ffaa Faulting process id: 0x9a8 Faulting application
start time: 0x01cd789a9709efb1 Faulting application path: C:\Program Files (x86)\ARO
2012\ARO.exe Faulting module path: C:\Program Files (x86)\ARO 2012\ARO.exe Report
Id: d6aab6ef-e48d-11e1-a3da-00252244f4d6

Error - 8/12/2012 12:57:39 PM | Computer Name = Mike-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ARO.exe, version: 8.0.12.0, time stamp:
0x4ff56973 Faulting module name: ARO.exe, version: 8.0.12.0, time stamp: 0x4ff56973
Exception
code: 0xc0000005 Fault offset: 0x0001ffaa Faulting process id: 0x838 Faulting application
start time: 0x01cd78ab8e38d8df Faulting application path: C:\Program Files (x86)\ARO
2012\ARO.exe Faulting module path: C:\Program Files (x86)\ARO 2012\ARO.exe Report
Id: d2a25a14-e49e-11e1-a0c5-00252244f4d6

Error - 8/12/2012 2:57:51 PM | Computer Name = Mike-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'Windows Search' could not be shut down.

Error - 8/12/2012 6:43:20 PM | Computer Name = Mike-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ARO.exe, version: 8.0.12.0, time stamp:
0x4ff56973 Faulting module name: ARO.exe, version: 8.0.12.0, time stamp: 0x4ff56973
Exception
code: 0xc0000005 Fault offset: 0x0001ffaa Faulting process id: 0xb80 Faulting application
start time: 0x01cd78dbdb5cdf0e Faulting application path: C:\Program Files (x86)\ARO
2012\ARO.exe Faulting module path: C:\Program Files (x86)\ARO 2012\ARO.exe Report
Id: 1d0e319b-e4cf-11e1-9e7c-00252244f4d6

[ System Events ]
Error - 8/12/2012 10:15:25 PM | Computer Name = Mike-PC | Source = DCOM | ID = 10005
Description =

Error - 8/12/2012 10:15:25 PM | Computer Name = Mike-PC | Source = DCOM | ID = 10005
Description =

Error - 8/12/2012 10:15:25 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/12/2012 10:15:25 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/12/2012 10:15:25 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/12/2012 10:15:25 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/12/2012 10:15:25 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/12/2012 10:15:25 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/12/2012 10:15:25 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/12/2012 10:15:25 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O3 - HKU\S-1-5-21-93952822-3381910838-1579628254-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
[2012/08/12 00:26:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

==========================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-93952822-3381910838-1579628254-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
C:\Program Files (x86)\Ask.com\Updater folder moved successfully.
C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully.
C:\Program Files (x86)\Ask.com\assets folder moved successfully.
C:\Program Files (x86)\Ask.com folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Larry
->Temp folder emptied: 802 bytes
->Temporary Internet Files folder emptied: 263093965 bytes
->Google Chrome cache emptied: 14970218 bytes
->Flash cache emptied: 4520 bytes

User: Mike
->Temp folder emptied: 328008 bytes
->Temporary Internet Files folder emptied: 5945174 bytes
->Google Chrome cache emptied: 97503048 bytes
->Flash cache emptied: 492 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22479168 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 386.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Larry

User: Mike

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Larry
->Flash cache emptied: 0 bytes

User: Mike
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.57.0 log created on 08132012_091020

Files\Folders moved on Reboot...
C:\Users\Larry\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\Larry\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2012/08/13 09:11:53 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.43
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Google Chrome 21.0.1180.75
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 06-08-2012
Ran by Mike (administrator) on 13-08-2012 at 09:16:09
Running from "C:\Users\Mike\Downloads"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-08-11 22:41] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-08-11 22:42] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-08-11 22:41] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
 
C:\TDSSKiller_Quarantine\12.08.2012_12.07.43\mbr0000\tdlfs0000\tsk0000.dtaWin64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\12.08.2012_12.07.43\mbr0000\tdlfs0000\tsk0001.dtaa variant of Win32/Rootkit.Kryptik.NH trojan
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Larry
->Temp folder emptied: 15444878 bytes
->Temporary Internet Files folder emptied: 20521292 bytes
->Google Chrome cache emptied: 1905008 bytes
->Flash cache emptied: 598 bytes

User: Mike
->Temp folder emptied: 1389 bytes
->Temporary Internet Files folder emptied: 6625448 bytes
->Google Chrome cache emptied: 30515323 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22484594 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 93.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Larry
->Flash cache emptied: 0 bytes

User: Mike
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Larry

User: Mike

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.57.0 log created on 08132012_153919

Files\Folders moved on Reboot...
C:\Users\Mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\Mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2012/08/13 15:41:37 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5

Registry entries deleted on Reboot...
 
You must log in or register to reply here.

Similar threads

D
Mini PCs sold on Amazon contained factory-installed spyware
Replies
16
Views
406
Fastturtle
F
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni

Latest posts

Back