Jump to content

Help with various Trojans (Agent, Ransom, Cridex, Dropper.BCMiner)

PackALunch
 Share

Recommended Posts

PackALunch

PackALunch

Posted
Posted

Hi,

I've been having some strange issues lately. Some of them are still outstanding, while some seem to be fixed now.

Currently, I am having the following issues:

1. Somehow my current application is being forced into the background (i.e. Games will minimize. When browsing the internet, my browser will suddenly go to the background until I type / click on it again). I know this is happening since I was playing a game where sound gets disabled if it is not the "front" application. I would have to click the screen in order for sound to turn on again.

2. My desktop icons are all being re-arranged on startup.

3. Some system processes are very slow (sometimes opening task manager takes a long time)

4. HiJack This log shows several files are missing. Not sure if this is good/bad and how I can resolve it.

I believe the following issues have been fixed:

1. Getting security warning messages in google chrome when visiting normal websites such as Google. I haven't noticed this since running a few virus scans and Malwarebytes.

2. Firefox would give "Firefox had an error during startup" message or something like that. Firefox now opens and runs fine.

3. Several instances of iexplorer.exe would open. No windows would open, but I could see processes constantly opening in task manager. There were generally 2 and if I closed them, they would just re-open seconds later. I have not noticed this recently.

According to my MalwareBytes Quarantine, I have the following trojans: Trojan.Agent, Trojan.Ransom, Trojan.Cridex, Trojan.Dropper.BCMiner, and Rootkit.0Access.

I've attached all of the logs I felt were appropriate. Please help me clean up my computer!

Thanks

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.10.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Alan :: ALANS_COMPUTER [administrator]

Protection: Enabled

8/11/2012 12:14:42 AM

mbam-log-2012-08-11 (00-20-14).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 206604

Time elapsed: 5 minute(s), 18 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|9365 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\msverov.bat -> No action taken.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

C:\Windows\Installer\{c32a4258-bbee-3148-b360-01fd4a19d043}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.

C:\Windows\Installer\{c32a4258-bbee-3148-b360-01fd4a19d043}\U\000000cb.@ (Rootkit.0Access) -> No action taken.

C:\Windows\Installer\{c32a4258-bbee-3148-b360-01fd4a19d043}\U\80000032.@ (Rootkit.0Access) -> No action taken.

(end)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:16:46 AM, on 8/11/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Users\Alan\Local Settings\Apps\F.lux\flux.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

C:\PROGRA~2\AD-AWA~1\AdAware.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\Alan\Downloads\dds.scr

C:\Windows\SysWOW64\cmd.exe

C:\Users\Alan\AppData\Local\Temp\nsg4146.tmp\PEV.DAT

C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={641185E0-4645-4D34-A074-4B50DB319E5D}&mid=b770532ed54947d098ced1542655810e-40d0caceb6da94f855a39c37c30e55dd5585daab〈=en&ds=gl011&pr=sa&d=2012-08-10 18:26:55&v=11.1.0.7&sap=hp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: 66.185.88.137 a1284.g.akamai.net

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run

O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [F.lux] "C:\Users\Alan\Local Settings\Apps\F.lux\flux.exe" /noshow

O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

O4 - HKLM\..\Policies\Explorer\Run: [9365] C:\PROGRA~3\LOCALS~1\Temp\msverov.bat

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe -update activex (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe -update activex (User 'Default user')

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Realtek87B - Realtek - C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10949 bytes

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 11/16/2011 8:20:01 PM

System Uptime: 8/10/2012 11:17:45 PM (1 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P5K Premium

Processor: Intel® Core2 Duo CPU E8400 @ 3.00GHz | LGA775 | 2997/333mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 466 GiB total, 46.495 GiB free.

D: is CDROM (CDFS)

E: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}

Description: Standard PS/2 Keyboard

Device ID: ACPI\PNP0303\4&23F9C1E3&0

Manufacturer: (Standard keyboards)

Name: Standard PS/2 Keyboard

PNP Device ID: ACPI\PNP0303\4&23F9C1E3&0

Service: i8042prt

.

==== System Restore Points ===================

.

RP146: 8/2/2012 7:40:55 PM - Scheduled Checkpoint

RP147: 8/10/2012 7:17:09 PM - Installed Magic Online

RP148: 8/10/2012 8:00:25 PM - Installed HiJackThis

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

Ad-Aware Antivirus

Ad-Aware Browsing Protection

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

Apple Application Support

Apple Software Update

Bastion

Batman: Arkham Asylum GOTY Edition

Bunch Of Heroes

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Cisco Connect

Cockatrice

Counter-Strike: Global Offensive Beta

Counter-Strike: Source

Day of Defeat: Source

Demigod

Diablo III

DivX Setup

Dota 2

Dungeon Siege III

Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.17.01.801

F.lux

Free Window Registry Repair

Frozen Synapse

Google Chrome

HiJackThis

Host OpenAL (ADI)

HydraVision

Java Auto Updater

Java 6 Update 29

Killing Floor

Left 4 Dead 2

Legend of Grimrock

Magic Online

Magicka

Malwarebytes Anti-Malware version 1.62.0.1300

McAfee Security Scan Plus

Microsoft .NET Framework 1.1

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Ultimate 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft XNA Framework Redistributable 3.1

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

Napoleon: Total War

Nuclear Dawn

NVIDIA PhysX

OpenAL

Orcs Must Die!

OSU-gt RC9

Pando Media Booster

Pdf995

Plants vs. Zombies: Game of the Year

Python 2.6.2

Realtek High Definition Audio Driver

REALTEK Wireless LAN Driver and Utility

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

SEGA Genesis & Mega Drive Classics

Sins of a Solar Empire: Trinity

Skype™ 5.5

SoundMAX

Space Pirates and Zombies

SpeedFan (remove only)

Spybot - Search & Destroy

StarCraft II

Steam

Street Fighter IV

Super Meat Boy

Team Fortress 2

The Sims 3

Total War: SHOGUN 2

Trine

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VC80CRTRedist - 8.0.50727.6195

VLC media player 1.1.11

VVVVVV

Warhammer 40,000 Space Marine

Warhammer® 40,000™: Dawn of War® II – Chaos Rising™

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Upload Tool

wxPython 2.8.10.1 (unicode) for Python 2.6

.

==== Event Viewer Messages From Past Week ========

.

8/9/2012 10:54:42 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.

8/10/2012 7:38:05 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

8/10/2012 7:38:05 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

8/10/2012 11:19:47 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

8/10/2012 11:19:47 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

8/10/2012 11:18:09 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

8/10/2012 11:18:09 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

8/10/2012 11:18:09 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

8/10/2012 1:56:21 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error: An instance of the service is already running.

8/10/2012 1:55:21 AM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

8/10/2012 1:55:21 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

8/10/2012 1:55:21 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

8/10/2012 1:55:21 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

8/10/2012 1:55:21 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

8/10/2012 1:55:21 AM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

8/10/2012 1:55:21 AM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

8/10/2012 1:55:21 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

8/10/2012 1:55:21 AM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

8/10/2012 1:55:21 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

8/10/2012 1:55:21 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

.

==== End Of File ===========================

Link to post
Share on other sites
TheDarkKnight

TheDarkKnight

Posted
Posted

Welcome PackALunch to Malwarebytes. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. :)

HiJack This log shows several files are missing. Not sure if this is good/bad and how I can resolve it.

HJT is not reliable for Windows 7 so some of the things shown in the log may be inaccurate.

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

==========

Next, please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.

===========

In your reply please post the following:

  • ComboFix.txt.
  • TDSSKiller log.

How is your computer currently running?

Link to post
Share on other sites
PackALunch

PackALunch

Posted
  • Author
Posted

Hi,

I ran combofix and TDSSKiller. Combofix did not leave a file in the path you specified (C:\ComboFix.txt).

Here is the TDSSKiller log. I will restart and use my computer for a bit to let you know how it is running.

11:48:16.0168 2328 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

11:48:16.0558 2328 ============================================================

11:48:16.0558 2328 Current date / time: 2012/08/11 11:48:16.0558

11:48:16.0558 2328 SystemInfo:

11:48:16.0558 2328

11:48:16.0558 2328 OS Version: 6.1.7601 ServicePack: 1.0

11:48:16.0558 2328 Product type: Workstation

11:48:16.0558 2328 ComputerName: ALANS_COMPUTER

11:48:16.0558 2328 UserName: Alan

11:48:16.0558 2328 Windows directory: C:\Windows

11:48:16.0558 2328 System windows directory: C:\Windows

11:48:16.0558 2328 Running under WOW64

11:48:16.0558 2328 Processor architecture: Intel x64

11:48:16.0558 2328 Number of processors: 2

11:48:16.0558 2328 Page size: 0x1000

11:48:16.0558 2328 Boot type: Normal boot

11:48:16.0558 2328 ============================================================

11:48:17.0603 2328 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

11:48:17.0619 2328 Drive \Device\Harddisk1\DR1 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

11:48:17.0619 2328 ============================================================

11:48:17.0619 2328 \Device\Harddisk0\DR0:

11:48:17.0619 2328 MBR partitions:

11:48:17.0619 2328 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000

11:48:17.0619 2328 \Device\Harddisk1\DR1:

11:48:17.0619 2328 MBR partitions:

11:48:17.0619 2328 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x777FE0

11:48:17.0619 2328 ============================================================

11:48:17.0634 2328 C: <-> \Device\Harddisk0\DR0\Partition0

11:48:17.0634 2328 ============================================================

11:48:17.0634 2328 Initialize success

11:48:17.0634 2328 ============================================================

11:48:22.0158 4320 ============================================================

11:48:22.0158 4320 Scan started

11:48:22.0158 4320 Mode: Manual;

11:48:22.0158 4320 ============================================================

11:48:23.0968 4320 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

11:48:23.0983 4320 1394ohci - ok

11:48:24.0030 4320 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

11:48:24.0030 4320 ACPI - ok

11:48:24.0061 4320 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

11:48:24.0061 4320 AcpiPmi - ok

11:48:24.0202 4320 Ad-Aware Service (af9658974154c3b6a333d86dc2e0aac8) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe

11:48:24.0217 4320 Ad-Aware Service - ok

11:48:24.0295 4320 ADIHdAudAddService (1c090e86afd15231377ad37436c3c719) C:\Windows\system32\drivers\ADIHdAud.sys

11:48:24.0327 4320 ADIHdAudAddService - ok

11:48:24.0405 4320 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

11:48:24.0420 4320 AdobeARMservice - ok

11:48:24.0451 4320 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

11:48:24.0467 4320 adp94xx - ok

11:48:24.0514 4320 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

11:48:24.0529 4320 adpahci - ok

11:48:24.0561 4320 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

11:48:24.0561 4320 adpu320 - ok

11:48:24.0576 4320 AEADIFilters (3bdb13c79cc8c06e2f8182595903ed69) C:\Windows\system32\AEADISRV.EXE

11:48:24.0576 4320 AEADIFilters - ok

11:48:24.0607 4320 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

11:48:24.0607 4320 AeLookupSvc - ok

11:48:24.0654 4320 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

11:48:24.0670 4320 AFD - ok

11:48:24.0701 4320 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

11:48:24.0701 4320 agp440 - ok

11:48:24.0717 4320 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

11:48:24.0717 4320 ALG - ok

11:48:24.0717 4320 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

11:48:24.0732 4320 aliide - ok

11:48:24.0779 4320 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe

11:48:24.0779 4320 AMD External Events Utility - ok

11:48:24.0841 4320 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

11:48:24.0841 4320 amdide - ok

11:48:24.0857 4320 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

11:48:24.0873 4320 AmdK8 - ok

11:48:25.0497 4320 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys

11:48:25.0668 4320 amdkmdag - ok

11:48:25.0777 4320 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys

11:48:25.0793 4320 amdkmdap - ok

11:48:25.0871 4320 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

11:48:25.0871 4320 AmdPPM - ok

11:48:25.0902 4320 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

11:48:25.0918 4320 amdsata - ok

11:48:25.0933 4320 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

11:48:25.0933 4320 amdsbs - ok

11:48:25.0949 4320 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

11:48:25.0949 4320 amdxata - ok

11:48:25.0980 4320 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

11:48:25.0980 4320 AppID - ok

11:48:26.0011 4320 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

11:48:26.0011 4320 AppIDSvc - ok

11:48:26.0058 4320 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

11:48:26.0058 4320 Appinfo - ok

11:48:26.0152 4320 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

11:48:26.0152 4320 Apple Mobile Device - ok

11:48:26.0199 4320 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

11:48:26.0214 4320 AppMgmt - ok

11:48:26.0214 4320 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

11:48:26.0230 4320 arc - ok

11:48:26.0230 4320 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

11:48:26.0230 4320 arcsas - ok

11:48:26.0261 4320 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

11:48:26.0261 4320 AsyncMac - ok

11:48:26.0277 4320 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

11:48:26.0277 4320 atapi - ok

11:48:26.0323 4320 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys

11:48:26.0323 4320 AtiHDAudioService - ok

11:48:26.0791 4320 atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys

11:48:26.0838 4320 atikmdag - ok

11:48:26.0947 4320 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

11:48:26.0963 4320 AudioEndpointBuilder - ok

11:48:26.0963 4320 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

11:48:26.0963 4320 AudioSrv - ok

11:48:27.0010 4320 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

11:48:27.0010 4320 AxInstSV - ok

11:48:27.0057 4320 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

11:48:27.0103 4320 b06bdrv - ok

11:48:27.0119 4320 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

11:48:27.0135 4320 b57nd60a - ok

11:48:27.0166 4320 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

11:48:27.0166 4320 BDESVC - ok

11:48:27.0181 4320 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

11:48:27.0181 4320 Beep - ok

11:48:27.0244 4320 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

11:48:27.0259 4320 BFE - ok

11:48:27.0275 4320 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

11:48:27.0275 4320 blbdrive - ok

11:48:27.0337 4320 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

11:48:27.0337 4320 Bonjour Service - ok

11:48:27.0369 4320 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

11:48:27.0369 4320 bowser - ok

11:48:27.0369 4320 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

11:48:27.0369 4320 BrFiltLo - ok

11:48:27.0384 4320 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

11:48:27.0384 4320 BrFiltUp - ok

11:48:27.0400 4320 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

11:48:27.0400 4320 BridgeMP - ok

11:48:27.0431 4320 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

11:48:27.0431 4320 Browser - ok

11:48:27.0447 4320 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

11:48:27.0462 4320 Brserid - ok

11:48:27.0462 4320 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

11:48:27.0478 4320 BrSerWdm - ok

11:48:27.0478 4320 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

11:48:27.0478 4320 BrUsbMdm - ok

11:48:27.0493 4320 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

11:48:27.0493 4320 BrUsbSer - ok

11:48:27.0509 4320 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

11:48:27.0509 4320 BTHMODEM - ok

11:48:27.0525 4320 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

11:48:27.0525 4320 bthserv - ok

11:48:27.0540 4320 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

11:48:27.0540 4320 cdfs - ok

11:48:27.0571 4320 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

11:48:27.0587 4320 cdrom - ok

11:48:27.0618 4320 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

11:48:27.0618 4320 CertPropSvc - ok

11:48:27.0618 4320 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

11:48:27.0618 4320 circlass - ok

11:48:27.0649 4320 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

11:48:27.0649 4320 CLFS - ok

11:48:27.0696 4320 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

11:48:27.0696 4320 clr_optimization_v2.0.50727_32 - ok

11:48:27.0743 4320 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

11:48:27.0743 4320 clr_optimization_v2.0.50727_64 - ok

11:48:27.0821 4320 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

11:48:27.0821 4320 clr_optimization_v4.0.30319_32 - ok

11:48:27.0852 4320 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

11:48:27.0852 4320 clr_optimization_v4.0.30319_64 - ok

11:48:27.0930 4320 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

11:48:27.0930 4320 CmBatt - ok

11:48:27.0961 4320 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

11:48:27.0961 4320 cmdide - ok

11:48:28.0008 4320 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

11:48:28.0024 4320 CNG - ok

11:48:28.0039 4320 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

11:48:28.0039 4320 Compbatt - ok

11:48:28.0055 4320 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

11:48:28.0071 4320 CompositeBus - ok

11:48:28.0071 4320 COMSysApp - ok

11:48:28.0086 4320 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

11:48:28.0086 4320 crcdisk - ok

11:48:28.0117 4320 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

11:48:28.0133 4320 CryptSvc - ok

11:48:28.0180 4320 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

11:48:28.0195 4320 CSC - ok

11:48:28.0242 4320 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

11:48:28.0242 4320 CscService - ok

11:48:28.0289 4320 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys

11:48:28.0476 4320 dc3d - ok

11:48:28.0492 4320 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

11:48:28.0507 4320 DcomLaunch - ok

11:48:28.0539 4320 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

11:48:28.0554 4320 defragsvc - ok

11:48:28.0585 4320 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

11:48:28.0585 4320 DfsC - ok

11:48:28.0632 4320 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

11:48:28.0632 4320 Dhcp - ok

11:48:28.0648 4320 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

11:48:28.0648 4320 discache - ok

11:48:28.0679 4320 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

11:48:28.0679 4320 Disk - ok

11:48:28.0710 4320 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

11:48:28.0710 4320 Dnscache - ok

11:48:28.0757 4320 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

11:48:28.0773 4320 dot3svc - ok

11:48:28.0866 4320 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

11:48:28.0866 4320 DPS - ok

11:48:28.0913 4320 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

11:48:28.0960 4320 drmkaud - ok

11:48:29.0116 4320 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

11:48:29.0147 4320 DXGKrnl - ok

11:48:29.0163 4320 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

11:48:29.0178 4320 EapHost - ok

11:48:29.0319 4320 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

11:48:29.0381 4320 ebdrv - ok

11:48:29.0443 4320 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

11:48:29.0459 4320 EFS - ok

11:48:29.0537 4320 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

11:48:29.0553 4320 ehRecvr - ok

11:48:29.0599 4320 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

11:48:29.0599 4320 ehSched - ok

11:48:29.0646 4320 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

11:48:29.0677 4320 elxstor - ok

11:48:29.0709 4320 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

11:48:29.0724 4320 ErrDev - ok

11:48:29.0755 4320 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

11:48:29.0771 4320 EventSystem - ok

11:48:29.0787 4320 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

11:48:29.0802 4320 exfat - ok

11:48:29.0849 4320 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

11:48:29.0865 4320 fastfat - ok

11:48:29.0927 4320 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

11:48:29.0927 4320 Fax - ok

11:48:29.0943 4320 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

11:48:29.0943 4320 fdc - ok

11:48:29.0958 4320 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

11:48:29.0958 4320 fdPHost - ok

11:48:29.0974 4320 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

11:48:29.0974 4320 FDResPub - ok

11:48:29.0989 4320 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

11:48:29.0989 4320 FileInfo - ok

11:48:30.0005 4320 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

11:48:30.0005 4320 Filetrace - ok

11:48:30.0005 4320 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

11:48:30.0005 4320 flpydisk - ok

11:48:30.0036 4320 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

11:48:30.0052 4320 FltMgr - ok

11:48:30.0161 4320 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

11:48:30.0192 4320 FontCache - ok

11:48:30.0239 4320 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

11:48:30.0255 4320 FontCache3.0.0.0 - ok

11:48:30.0270 4320 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

11:48:30.0270 4320 FsDepends - ok

11:48:30.0286 4320 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

11:48:30.0301 4320 Fs_Rec - ok

11:48:30.0333 4320 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

11:48:30.0348 4320 fvevol - ok

11:48:30.0364 4320 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

11:48:30.0364 4320 gagp30kx - ok

11:48:30.0395 4320 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

11:48:30.0395 4320 GEARAspiWDM - ok

11:48:30.0457 4320 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

11:48:30.0473 4320 gpsvc - ok

11:48:30.0489 4320 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

11:48:30.0489 4320 hcw85cir - ok

11:48:30.0535 4320 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

11:48:30.0535 4320 HdAudAddService - ok

11:48:30.0582 4320 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

11:48:30.0582 4320 HDAudBus - ok

11:48:30.0582 4320 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

11:48:30.0598 4320 HidBatt - ok

11:48:30.0598 4320 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

11:48:30.0613 4320 HidBth - ok

11:48:30.0629 4320 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

11:48:30.0629 4320 HidIr - ok

11:48:30.0645 4320 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

11:48:30.0645 4320 hidserv - ok

11:48:30.0660 4320 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

11:48:30.0676 4320 HidUsb - ok

11:48:30.0691 4320 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

11:48:30.0707 4320 hkmsvc - ok

11:48:30.0738 4320 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

11:48:30.0754 4320 HomeGroupListener - ok

11:48:30.0785 4320 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

11:48:30.0785 4320 HomeGroupProvider - ok

11:48:30.0863 4320 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

11:48:30.0879 4320 HpSAMD - ok

11:48:30.0925 4320 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

11:48:30.0941 4320 HTTP - ok

11:48:30.0972 4320 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

11:48:30.0972 4320 hwpolicy - ok

11:48:30.0988 4320 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

11:48:31.0003 4320 i8042prt - ok

11:48:31.0019 4320 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

11:48:31.0035 4320 iaStorV - ok

11:48:31.0128 4320 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

11:48:31.0144 4320 idsvc - ok

11:48:31.0159 4320 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

11:48:31.0159 4320 iirsp - ok

11:48:31.0222 4320 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

11:48:31.0222 4320 IKEEXT - ok

11:48:31.0237 4320 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

11:48:31.0237 4320 intelide - ok

11:48:31.0253 4320 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

11:48:31.0253 4320 intelppm - ok

11:48:31.0284 4320 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

11:48:31.0284 4320 IPBusEnum - ok

11:48:31.0315 4320 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

11:48:31.0315 4320 IpFilterDriver - ok

11:48:31.0378 4320 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

11:48:31.0378 4320 iphlpsvc - ok

11:48:31.0409 4320 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

11:48:31.0409 4320 IPMIDRV - ok

11:48:31.0425 4320 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

11:48:31.0425 4320 IPNAT - ok

11:48:31.0518 4320 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

11:48:31.0534 4320 iPod Service - ok

11:48:31.0565 4320 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

11:48:31.0565 4320 IRENUM - ok

11:48:31.0581 4320 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

11:48:31.0581 4320 isapnp - ok

11:48:31.0627 4320 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

11:48:31.0627 4320 iScsiPrt - ok

11:48:31.0643 4320 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

11:48:31.0643 4320 kbdclass - ok

11:48:31.0690 4320 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

11:48:31.0690 4320 kbdhid - ok

11:48:31.0705 4320 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:48:31.0705 4320 KeyIso - ok

11:48:31.0737 4320 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys

11:48:31.0737 4320 KSecDD - ok

11:48:31.0783 4320 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys

11:48:31.0783 4320 KSecPkg - ok

11:48:31.0783 4320 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

11:48:31.0799 4320 ksthunk - ok

11:48:31.0815 4320 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

11:48:31.0877 4320 KtmRm - ok

11:48:31.0955 4320 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

11:48:31.0955 4320 LanmanServer - ok

11:48:31.0986 4320 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

11:48:31.0986 4320 LanmanWorkstation - ok

11:48:32.0017 4320 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys

11:48:32.0017 4320 LGBusEnum - ok

11:48:32.0033 4320 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys

11:48:32.0033 4320 LGVirHid - ok

11:48:32.0049 4320 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

11:48:32.0049 4320 lltdio - ok

11:48:32.0080 4320 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

11:48:32.0080 4320 lltdsvc - ok

11:48:32.0095 4320 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

11:48:32.0095 4320 lmhosts - ok

11:48:32.0127 4320 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

11:48:32.0142 4320 LSI_FC - ok

11:48:32.0142 4320 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

11:48:32.0158 4320 LSI_SAS - ok

11:48:32.0173 4320 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

11:48:32.0173 4320 LSI_SAS2 - ok

11:48:32.0189 4320 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

11:48:32.0189 4320 LSI_SCSI - ok

11:48:32.0205 4320 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

11:48:32.0205 4320 luafv - ok

11:48:32.0251 4320 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys

11:48:32.0579 4320 MBAMProtector - ok

11:48:32.0657 4320 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

11:48:32.0673 4320 MBAMService - ok

11:48:32.0704 4320 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe

11:48:32.0704 4320 McComponentHostService - ok

11:48:32.0735 4320 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

11:48:32.0735 4320 Mcx2Svc - ok

11:48:32.0751 4320 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

11:48:32.0766 4320 megasas - ok

11:48:32.0844 4320 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

11:48:32.0860 4320 MegaSR - ok

11:48:32.0907 4320 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe

11:48:32.0907 4320 Microsoft Office Groove Audit Service - ok

11:48:32.0938 4320 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

11:48:32.0938 4320 MMCSS - ok

11:48:32.0953 4320 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

11:48:32.0953 4320 Modem - ok

11:48:32.0985 4320 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

11:48:33.0000 4320 monitor - ok

11:48:33.0031 4320 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

11:48:33.0031 4320 mouclass - ok

11:48:33.0047 4320 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

11:48:33.0063 4320 mouhid - ok

11:48:33.0094 4320 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

11:48:33.0094 4320 mountmgr - ok

11:48:33.0172 4320 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

11:48:33.0172 4320 MozillaMaintenance - ok

11:48:33.0203 4320 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

11:48:33.0219 4320 mpio - ok

11:48:33.0219 4320 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

11:48:33.0219 4320 mpsdrv - ok

11:48:33.0250 4320 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

11:48:33.0250 4320 MRxDAV - ok

11:48:33.0297 4320 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

11:48:33.0312 4320 mrxsmb - ok

11:48:33.0328 4320 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

11:48:33.0328 4320 mrxsmb10 - ok

11:48:33.0359 4320 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

11:48:33.0375 4320 mrxsmb20 - ok

11:48:33.0375 4320 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

11:48:33.0390 4320 msahci - ok

11:48:33.0406 4320 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

11:48:33.0421 4320 msdsm - ok

11:48:33.0437 4320 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

11:48:33.0453 4320 MSDTC - ok

11:48:33.0468 4320 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

11:48:33.0468 4320 Msfs - ok

11:48:33.0468 4320 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

11:48:33.0468 4320 mshidkmdf - ok

11:48:33.0499 4320 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

11:48:33.0499 4320 msisadrv - ok

11:48:33.0531 4320 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

11:48:33.0546 4320 MSiSCSI - ok

11:48:33.0562 4320 msiserver - ok

11:48:33.0609 4320 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

11:48:33.0624 4320 MSKSSRV - ok

11:48:33.0640 4320 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

11:48:33.0640 4320 MSPCLOCK - ok

11:48:33.0640 4320 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

11:48:33.0640 4320 MSPQM - ok

11:48:33.0687 4320 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

11:48:33.0702 4320 MsRPC - ok

11:48:33.0733 4320 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

11:48:33.0733 4320 mssmbios - ok

11:48:33.0733 4320 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

11:48:33.0733 4320 MSTEE - ok

11:48:33.0765 4320 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

11:48:33.0765 4320 MTConfig - ok

11:48:33.0796 4320 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys

11:48:33.0796 4320 MTsensor - ok

11:48:33.0811 4320 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

11:48:33.0811 4320 Mup - ok

11:48:33.0858 4320 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

11:48:33.0858 4320 napagent - ok

11:48:33.0921 4320 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

11:48:33.0952 4320 NativeWifiP - ok

11:48:34.0045 4320 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

11:48:34.0061 4320 NDIS - ok

11:48:34.0217 4320 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

11:48:34.0233 4320 NdisCap - ok

11:48:34.0389 4320 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

11:48:34.0420 4320 NdisTapi - ok

11:48:34.0451 4320 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

11:48:34.0451 4320 Ndisuio - ok

11:48:34.0498 4320 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

11:48:34.0513 4320 NdisWan - ok

11:48:34.0545 4320 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

11:48:34.0545 4320 NDProxy - ok

11:48:34.0560 4320 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

11:48:34.0560 4320 NetBIOS - ok

11:48:34.0607 4320 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

11:48:34.0607 4320 NetBT - ok

11:48:34.0638 4320 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:48:34.0638 4320 Netlogon - ok

11:48:34.0669 4320 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

11:48:34.0685 4320 Netman - ok

11:48:34.0716 4320 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

11:48:34.0716 4320 netprofm - ok

11:48:34.0779 4320 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

11:48:34.0794 4320 NetTcpPortSharing - ok

11:48:34.0810 4320 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

11:48:34.0810 4320 nfrd960 - ok

11:48:34.0857 4320 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

11:48:34.0872 4320 NlaSvc - ok

11:48:34.0919 4320 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

11:48:34.0919 4320 Npfs - ok

11:48:34.0935 4320 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

11:48:34.0935 4320 nsi - ok

11:48:34.0950 4320 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

11:48:34.0950 4320 nsiproxy - ok

11:48:35.0044 4320 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

11:48:35.0075 4320 Ntfs - ok

11:48:35.0137 4320 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

11:48:35.0137 4320 Null - ok

11:48:35.0184 4320 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

11:48:35.0184 4320 nvraid - ok

11:48:35.0231 4320 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

11:48:35.0247 4320 nvstor - ok

11:48:35.0262 4320 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

11:48:35.0262 4320 nv_agp - ok

11:48:35.0371 4320 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

11:48:35.0387 4320 odserv - ok

11:48:35.0418 4320 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

11:48:35.0434 4320 ohci1394 - ok

11:48:35.0449 4320 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

11:48:35.0449 4320 ose - ok

11:48:35.0496 4320 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

11:48:35.0496 4320 p2pimsvc - ok

11:48:35.0527 4320 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

11:48:35.0543 4320 p2psvc - ok

11:48:35.0559 4320 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

11:48:35.0559 4320 Parport - ok

11:48:35.0590 4320 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

11:48:35.0590 4320 partmgr - ok

11:48:35.0605 4320 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

11:48:35.0621 4320 PcaSvc - ok

11:48:35.0652 4320 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

11:48:35.0652 4320 pci - ok

11:48:35.0668 4320 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

11:48:35.0668 4320 pciide - ok

11:48:35.0683 4320 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

11:48:35.0699 4320 pcmcia - ok

11:48:35.0715 4320 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

11:48:35.0715 4320 pcw - ok

11:48:35.0746 4320 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

11:48:35.0746 4320 PEAUTH - ok

11:48:35.0839 4320 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

11:48:35.0855 4320 PeerDistSvc - ok

11:48:35.0949 4320 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

11:48:35.0964 4320 PerfHost - ok

11:48:36.0073 4320 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

11:48:36.0105 4320 pla - ok

11:48:36.0151 4320 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

11:48:36.0167 4320 PlugPlay - ok

11:48:36.0167 4320 PnkBstrA - ok

11:48:36.0183 4320 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

11:48:36.0183 4320 PNRPAutoReg - ok

11:48:36.0198 4320 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

11:48:36.0214 4320 PNRPsvc - ok

11:48:36.0245 4320 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

11:48:36.0261 4320 PolicyAgent - ok

11:48:36.0292 4320 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

11:48:36.0292 4320 Power - ok

11:48:36.0339 4320 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

11:48:36.0339 4320 PptpMiniport - ok

11:48:36.0354 4320 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

11:48:36.0354 4320 Processor - ok

11:48:36.0401 4320 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

11:48:36.0401 4320 ProfSvc - ok

11:48:36.0432 4320 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:48:36.0432 4320 ProtectedStorage - ok

11:48:36.0463 4320 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

11:48:36.0463 4320 Psched - ok

11:48:36.0541 4320 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

11:48:36.0573 4320 ql2300 - ok

11:48:36.0635 4320 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

11:48:36.0635 4320 ql40xx - ok

11:48:36.0651 4320 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

11:48:36.0666 4320 QWAVE - ok

11:48:36.0666 4320 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

11:48:36.0682 4320 QWAVEdrv - ok

11:48:36.0682 4320 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

11:48:36.0697 4320 RasAcd - ok

11:48:36.0713 4320 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

11:48:36.0713 4320 RasAgileVpn - ok

11:48:36.0729 4320 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

11:48:36.0729 4320 RasAuto - ok

11:48:36.0775 4320 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

11:48:36.0775 4320 Rasl2tp - ok

11:48:36.0869 4320 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

11:48:36.0885 4320 RasMan - ok

11:48:36.0900 4320 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

11:48:36.0900 4320 RasPppoe - ok

11:48:36.0916 4320 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

11:48:36.0916 4320 RasSstp - ok

11:48:36.0963 4320 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

11:48:36.0978 4320 rdbss - ok

11:48:36.0978 4320 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

11:48:36.0978 4320 rdpbus - ok

11:48:36.0994 4320 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

11:48:36.0994 4320 RDPCDD - ok

11:48:37.0025 4320 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

11:48:37.0041 4320 RDPDR - ok

11:48:37.0056 4320 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

11:48:37.0056 4320 RDPENCDD - ok

11:48:37.0072 4320 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

11:48:37.0072 4320 RDPREFMP - ok

11:48:37.0103 4320 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

11:48:37.0119 4320 RDPWD - ok

11:48:37.0150 4320 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

11:48:37.0165 4320 rdyboost - ok

11:48:37.0243 4320 Realtek87B (bbfcac1c23b867ae5d7ef96df40680c5) C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe

11:48:37.0446 4320 Realtek87B - ok

11:48:37.0477 4320 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

11:48:37.0477 4320 RemoteAccess - ok

11:48:37.0493 4320 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

11:48:37.0509 4320 RemoteRegistry - ok

11:48:37.0524 4320 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

11:48:37.0524 4320 RpcEptMapper - ok

11:48:37.0540 4320 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

11:48:37.0540 4320 RpcLocator - ok

11:48:37.0587 4320 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

11:48:37.0587 4320 RpcSs - ok

11:48:37.0633 4320 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

11:48:37.0633 4320 rspndr - ok

11:48:37.0680 4320 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys

11:48:37.0696 4320 RTL8167 - ok

11:48:37.0711 4320 RTL8187 (333224d4d25f9bcca488e08345083e1c) C:\Windows\system32\DRIVERS\rtl8187.sys

11:48:37.0727 4320 RTL8187 - ok

11:48:37.0774 4320 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

11:48:37.0774 4320 s3cap - ok

11:48:37.0852 4320 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:48:37.0852 4320 SamSs - ok

11:48:38.0039 4320 SBAMSvc (bce943896289a91ad75cc5652620b1c6) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe

11:48:38.0055 4320 SBAMSvc - ok

11:48:38.0133 4320 sbapifs (6e342316e72f4b6fa39c99e06373a1a3) C:\Windows\system32\DRIVERS\sbapifs.sys

11:48:38.0148 4320 sbapifs - ok

11:48:38.0257 4320 sbhips (b671eef468d13016b9286f5835a06ae1) C:\Windows\system32\drivers\sbhips.sys

11:48:38.0257 4320 sbhips - ok

11:48:38.0289 4320 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

11:48:38.0289 4320 sbp2port - ok

11:48:38.0367 4320 SBRE (9aceb2a2362fc87a3825963e61ba9076) C:\Windows\system32\drivers\SBREdrv.sys

11:48:38.0382 4320 SBRE - ok

11:48:38.0554 4320 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

11:48:38.0569 4320 SCardSvr - ok

11:48:38.0632 4320 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

11:48:38.0632 4320 scfilter - ok

11:48:39.0412 4320 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

11:48:39.0427 4320 Schedule - ok

11:48:40.0254 4320 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

11:48:40.0254 4320 SCPolicySvc - ok

11:48:40.0519 4320 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

11:48:40.0519 4320 SDRSVC - ok

11:48:40.0597 4320 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

11:48:40.0613 4320 secdrv - ok

11:48:40.0675 4320 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

11:48:40.0691 4320 seclogon - ok

11:48:40.0738 4320 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

11:48:40.0753 4320 SENS - ok

11:48:40.0753 4320 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

11:48:40.0769 4320 SensrSvc - ok

11:48:40.0785 4320 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

11:48:40.0800 4320 Serenum - ok

11:48:40.0816 4320 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

11:48:40.0816 4320 Serial - ok

11:48:40.0863 4320 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

11:48:40.0863 4320 sermouse - ok

11:48:40.0909 4320 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

11:48:40.0909 4320 SessionEnv - ok

11:48:40.0956 4320 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

11:48:40.0956 4320 sffdisk - ok

11:48:40.0956 4320 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

11:48:40.0956 4320 sffp_mmc - ok

11:48:40.0972 4320 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

11:48:40.0972 4320 sffp_sd - ok

11:48:40.0972 4320 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

11:48:41.0003 4320 sfloppy - ok

11:48:41.0034 4320 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

11:48:41.0050 4320 ShellHWDetection - ok

11:48:41.0097 4320 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

11:48:41.0097 4320 SiSRaid2 - ok

11:48:41.0112 4320 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

11:48:41.0112 4320 SiSRaid4 - ok

11:48:41.0128 4320 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

11:48:41.0128 4320 Smb - ok

11:48:41.0143 4320 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

11:48:41.0143 4320 SNMPTRAP - ok

11:48:41.0237 4320 speedfan (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys

11:48:41.0237 4320 speedfan - ok

11:48:41.0253 4320 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

11:48:41.0253 4320 spldr - ok

11:48:41.0299 4320 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

11:48:41.0299 4320 Spooler - ok

11:48:41.0487 4320 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

11:48:41.0549 4320 sppsvc - ok

11:48:41.0752 4320 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

11:48:41.0752 4320 sppuinotify - ok

11:48:41.0908 4320 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

11:48:41.0939 4320 srv - ok

11:48:42.0001 4320 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

11:48:42.0017 4320 srv2 - ok

11:48:42.0064 4320 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

11:48:42.0079 4320 srvnet - ok

11:48:42.0111 4320 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

11:48:42.0111 4320 SSDPSRV - ok

11:48:42.0157 4320 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

11:48:42.0157 4320 SstpSvc - ok

11:48:42.0220 4320 Steam Client Service - ok

11:48:42.0251 4320 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

11:48:42.0251 4320 stexstor - ok

11:48:42.0313 4320 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

11:48:42.0313 4320 stisvc - ok

11:48:42.0376 4320 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

11:48:42.0391 4320 storflt - ok

11:48:42.0407 4320 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll

11:48:42.0423 4320 StorSvc - ok

11:48:42.0423 4320 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

11:48:42.0438 4320 storvsc - ok

11:48:42.0454 4320 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

11:48:42.0454 4320 swenum - ok

11:48:42.0485 4320 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

11:48:42.0501 4320 swprv - ok

11:48:42.0610 4320 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

11:48:42.0610 4320 SysMain - ok

11:48:42.0703 4320 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

11:48:42.0703 4320 TabletInputService - ok

11:48:42.0750 4320 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

11:48:42.0828 4320 TapiSrv - ok

11:48:42.0844 4320 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

11:48:42.0844 4320 TBS - ok

11:48:42.0953 4320 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

11:48:42.0969 4320 Tcpip - ok

11:48:43.0078 4320 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

11:48:43.0093 4320 TCPIP6 - ok

11:48:43.0125 4320 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

11:48:43.0140 4320 tcpipreg - ok

11:48:43.0156 4320 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

11:48:43.0156 4320 TDPIPE - ok

11:48:43.0171 4320 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

11:48:43.0171 4320 TDTCP - ok

11:48:43.0218 4320 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

11:48:43.0218 4320 tdx - ok

11:48:43.0249 4320 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

11:48:43.0249 4320 TermDD - ok

11:48:43.0312 4320 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

11:48:43.0312 4320 TermService - ok

11:48:43.0327 4320 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

11:48:43.0327 4320 Themes - ok

11:48:43.0359 4320 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

11:48:43.0359 4320 THREADORDER - ok

11:48:43.0374 4320 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

11:48:43.0374 4320 TrkWks - ok

11:48:43.0421 4320 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

11:48:43.0421 4320 TrustedInstaller - ok

11:48:43.0468 4320 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

11:48:43.0468 4320 tssecsrv - ok

11:48:43.0499 4320 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

11:48:43.0499 4320 TsUsbFlt - ok

11:48:43.0546 4320 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

11:48:43.0546 4320 tunnel - ok

11:48:43.0593 4320 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

11:48:43.0593 4320 uagp35 - ok

11:48:43.0655 4320 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

11:48:43.0671 4320 udfs - ok

11:48:43.0702 4320 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

11:48:43.0702 4320 UI0Detect - ok

11:48:43.0733 4320 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

11:48:43.0733 4320 uliagpkx - ok

11:48:43.0764 4320 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

11:48:43.0780 4320 umbus - ok

11:48:43.0780 4320 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

11:48:43.0780 4320 UmPass - ok

11:48:43.0827 4320 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll

11:48:43.0827 4320 UmRdpService - ok

11:48:43.0858 4320 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

11:48:43.0858 4320 upnphost - ok

11:48:43.0936 4320 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

11:48:43.0936 4320 USBAAPL64 - ok

11:48:43.0983 4320 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

11:48:43.0983 4320 usbaudio - ok

11:48:43.0998 4320 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

11:48:43.0998 4320 usbccgp - ok

11:48:44.0045 4320 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

11:48:44.0045 4320 usbcir - ok

11:48:44.0061 4320 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

11:48:44.0061 4320 usbehci - ok

11:48:44.0092 4320 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

11:48:44.0154 4320 usbhub - ok

11:48:44.0185 4320 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

11:48:44.0201 4320 usbohci - ok

11:48:44.0201 4320 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

11:48:44.0201 4320 usbprint - ok

11:48:44.0217 4320 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

11:48:44.0217 4320 USBSTOR - ok

11:48:44.0232 4320 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

11:48:44.0232 4320 usbuhci - ok

11:48:44.0248 4320 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

11:48:44.0248 4320 UxSms - ok

11:48:44.0279 4320 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:48:44.0279 4320 VaultSvc - ok

11:48:44.0295 4320 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

11:48:44.0310 4320 vdrvroot - ok

11:48:44.0341 4320 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

11:48:44.0388 4320 vds - ok

11:48:44.0419 4320 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

11:48:44.0419 4320 vga - ok

11:48:44.0435 4320 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

11:48:44.0435 4320 VgaSave - ok

11:48:44.0451 4320 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

11:48:44.0451 4320 vhdmp - ok

11:48:44.0513 4320 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

11:48:44.0513 4320 viaide - ok

11:48:44.0529 4320 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

11:48:44.0544 4320 vmbus - ok

11:48:44.0575 4320 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

11:48:44.0591 4320 VMBusHID - ok

11:48:44.0591 4320 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

11:48:44.0591 4320 volmgr - ok

11:48:44.0638 4320 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

11:48:44.0638 4320 volmgrx - ok

11:48:44.0747 4320 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

11:48:44.0747 4320 volsnap - ok

11:48:44.0778 4320 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

11:48:44.0794 4320 vsmraid - ok

11:48:44.0903 4320 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

11:48:44.0934 4320 VSS - ok

11:48:44.0997 4320 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

11:48:45.0012 4320 vwifibus - ok

11:48:45.0028 4320 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

11:48:45.0028 4320 vwififlt - ok

11:48:45.0043 4320 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

11:48:45.0059 4320 vwifimp - ok

11:48:45.0090 4320 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

11:48:45.0090 4320 W32Time - ok

11:48:45.0090 4320 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

11:48:45.0106 4320 WacomPen - ok

11:48:45.0137 4320 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

11:48:45.0153 4320 WANARP - ok

11:48:45.0153 4320 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

11:48:45.0153 4320 Wanarpv6 - ok

11:48:45.0246 4320 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

11:48:45.0277 4320 WatAdminSvc - ok

11:48:45.0371 4320 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

11:48:45.0387 4320 wbengine - ok

11:48:45.0449 4320 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

11:48:45.0465 4320 WbioSrvc - ok

11:48:45.0511 4320 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

11:48:45.0527 4320 wcncsvc - ok

11:48:45.0527 4320 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

11:48:45.0543 4320 WcsPlugInService - ok

11:48:45.0558 4320 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

11:48:45.0558 4320 Wd - ok

11:48:45.0699 4320 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

11:48:45.0839 4320 Wdf01000 - ok

11:48:45.0855 4320 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

11:48:45.0855 4320 WdiServiceHost - ok

11:48:45.0870 4320 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

11:48:45.0870 4320 WdiSystemHost - ok

11:48:45.0933 4320 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

11:48:46.0026 4320 WebClient - ok

11:48:46.0042 4320 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

11:48:46.0057 4320 Wecsvc - ok

11:48:46.0073 4320 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

11:48:46.0073 4320 wercplsupport - ok

11:48:46.0089 4320 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

11:48:46.0104 4320 WerSvc - ok

11:48:46.0120 4320 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

11:48:46.0120 4320 WfpLwf - ok

11:48:46.0135 4320 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

11:48:46.0135 4320 WIMMount - ok

11:48:46.0182 4320 WinDefend - ok

11:48:46.0198 4320 WinHttpAutoProxySvc - ok

11:48:46.0245 4320 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

11:48:46.0260 4320 Winmgmt - ok

11:48:46.0354 4320 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

11:48:46.0401 4320 WinRM - ok

11:48:46.0494 4320 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

11:48:46.0494 4320 WinUsb - ok

11:48:46.0541 4320 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

11:48:46.0541 4320 Wlansvc - ok

11:48:46.0557 4320 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

11:48:46.0557 4320 WmiAcpi - ok

11:48:46.0603 4320 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

11:48:46.0619 4320 wmiApSrv - ok

11:48:46.0650 4320 WMPNetworkSvc - ok

11:48:46.0681 4320 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

11:48:46.0681 4320 WPCSvc - ok

11:48:46.0713 4320 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

11:48:46.0728 4320 WPDBusEnum - ok

11:48:46.0744 4320 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

11:48:46.0744 4320 ws2ifsl - ok

11:48:46.0775 4320 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

11:48:46.0775 4320 wscsvc - ok

11:48:46.0775 4320 WSearch - ok

11:48:46.0947 4320 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

11:48:46.0993 4320 wuauserv - ok

11:48:47.0087 4320 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

11:48:47.0103 4320 WudfPf - ok

11:48:47.0118 4320 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

11:48:47.0134 4320 WUDFRd - ok

11:48:47.0165 4320 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

11:48:47.0165 4320 wudfsvc - ok

11:48:47.0181 4320 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

11:48:47.0181 4320 WwanSvc - ok

11:48:47.0227 4320 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

11:48:47.0243 4320 yukonw7 - ok

11:48:47.0274 4320 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

11:48:47.0415 4320 \Device\Harddisk0\DR0 - ok

11:48:47.0415 4320 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

11:48:49.0365 4320 \Device\Harddisk1\DR1 - ok

11:48:49.0380 4320 Boot (0x1200) (d773c07edb6052ae78062bb2da03cf11) \Device\Harddisk0\DR0\Partition0

11:48:49.0380 4320 \Device\Harddisk0\DR0\Partition0 - ok

11:48:49.0380 4320 Boot (0x1200) (555622fc2ecc7bae86161d20e2a0e30a) \Device\Harddisk1\DR1\Partition0

11:48:49.0380 4320 \Device\Harddisk1\DR1\Partition0 - ok

11:48:49.0380 4320 ============================================================

11:48:49.0380 4320 Scan finished

11:48:49.0380 4320 ============================================================

11:48:49.0380 4936 Detected object count: 0

11:48:49.0380 4936 Actual detected object count: 0

11:48:56.0637 5804 Deinitialize success

Link to post
Share on other sites
PackALunch

PackALunch

Posted
  • Author
Posted

Just restarted and during windows startup, I got a few RunDLL messages popping up that said:

"There was a problem starting C:\Users\Alan\AppData\Roaming\hcfxvc.dll

There specified module could not be found."

"There was a problem starting C:\Users\Alan\AppData\Roaming\hntmc.dll

There specified module could not be found."

Desktop icons stayed where I moved them though, which is good.

Link to post
Share on other sites
TheDarkKnight

TheDarkKnight

Posted
Posted

Hey PackALunch. :)

I ran combofix and TDSSKiller. Combofix did not leave a file in the path you specified (C:\ComboFix.txt).

Please go to Start and in the box at the bottom of the menu type in ComboFix.txt Does anything appear?

Also, my google chrome homepage is set to http://isearch.avg.com and I can't remove it. I looked it up and it seems like it gives fake warnings about infected sites.

Thank you for letting me know. After I have seen the report from the below tool that can be fixed.

Please download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Link to post
Share on other sites
PackALunch

PackALunch

Posted
  • Author
Posted

Just checked and there was no ComboFix.txt on my computer. I'll try to run it again tomorrow and see if the log appears.

I ran OTL and here is the first file:

OTL logfile created on: 8/12/2012 2:07:37 AM - Run 1

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Alan\Downloads

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.88 Gb Available Physical Memory | 72.09% Memory free

8.00 Gb Paging File | 5.73 Gb Available in Paging File | 71.64% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.76 Gb Total Space | 45.32 Gb Free Space | 9.73% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Drive E: | 3.73 Gb Total Space | 3.72 Gb Free Space | 99.84% Space Free | Partition Type: FAT32

Computer Name: ALANS_COMPUTER | User Name: Alan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/12 02:06:46 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Alan\Downloads\OTL.exe

PRC - [2012/08/03 20:15:15 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe

PRC - [2012/07/29 20:45:32 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe

PRC - [2012/07/21 14:55:31 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2012/07/12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe

PRC - [2012/07/12 18:32:18 | 018,832,264 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe

PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe

PRC - [2011/11/22 19:34:51 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2011/10/21 05:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

PRC - [2010/11/25 22:31:10 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe

PRC - [2010/11/20 08:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

PRC - [2010/08/03 10:43:02 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe

PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2010/01/08 15:15:24 | 001,118,208 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe

PRC - [2009/12/07 14:49:24 | 000,040,960 | ---- | M] (Realtek) -- C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe

PRC - [2009/08/29 02:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Alan\Local Settings\Apps\F.lux\flux.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/01 19:13:51 | 020,316,496 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll

MOD - [2012/08/01 19:13:48 | 000,900,944 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll

MOD - [2012/08/01 19:13:46 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll

MOD - [2012/08/01 19:13:44 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll

MOD - [2012/08/01 19:13:42 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll

MOD - [2012/07/29 20:45:31 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll

MOD - [2012/07/21 14:55:31 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

MOD - [2010/11/20 08:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL

MOD - [2009/08/29 02:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Alan\Local Settings\Apps\F.lux\flux.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/05 22:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2011/11/18 03:06:47 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012/07/21 14:55:31 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/07/12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)

SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/06/19 18:38:51 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)

SRV - [2011/11/22 19:34:51 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/12/07 14:49:24 | 000,040,960 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe -- (Realtek87B)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2012/04/05 21:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/12/19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)

DRV:64bit: - [2011/11/29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)

DRV:64bit: - [2011/11/18 03:06:47 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)

DRV:64bit: - [2011/10/26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)

DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/01/07 07:20:22 | 000,448,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8187.sys -- (RTL8187)

DRV:64bit: - [2009/11/23 18:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)

DRV:64bit: - [2009/11/23 18:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2005/03/29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={641185E0-4645-4D34-A074-4B50DB319E5D}&mid=b770532ed54947d098ced1542655810e-40d0caceb6da94f855a39c37c30e55dd5585daab〈=en&ds=gl011&pr=sa&d=2012-08-10 18:26:55&v=11.1.0.7&sap=hp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 36 7A 93 42 77 CD 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={641185E0-4645-4D34-A074-4B50DB319E5D}&mid=b770532ed54947d098ced1542655810e-40d0caceb6da94f855a39c37c30e55dd5585daab〈=en&ds=gl011&pr=sa&d=2012-08-10 18:26:55&v=11.1.0.7&sap=dsp&q={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "www.reddit.com"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/28 04:16:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/21 14:55:32 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 01:09:16 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{46150052-DA02-11E1-8270-B8AC6F996F26}: C:\Users\Alan\AppData\Local\{46150052-DA02-11E1-8270-B8AC6F996F26}\ [2012/07/30 00:51:57 | 000,000,000 | ---D | M]

[2011/11/16 22:50:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Extensions

[2012/06/29 18:25:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\dcc8hm3o.default\extensions

[2012/06/29 18:25:44 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\dcc8hm3o.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

[2012/01/06 04:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/07/30 00:51:57 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\ALAN\APPDATA\LOCAL\{46150052-DA02-11E1-8270-B8AC6F996F26}

[2011/11/16 22:57:47 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\ALAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DCC8HM3O.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI

[2011/12/28 04:11:52 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\ALAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DCC8HM3O.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI

[2012/07/21 14:55:32 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/08/10 18:26:45 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

[2012/07/21 14:55:30 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/07/21 14:55:30 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.ca/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://www.google.ca/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Alan\AppData\Local\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Alan\AppData\Local\Google\Chrome\Application\21.0.1180.75\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Alan\AppData\Local\Google\Chrome\Application\21.0.1180.75\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll

CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Alan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

CHR - Extension: Gmail = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/25 00:45:02 | 000,000,857 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 66.185.88.137 a1284.g.akamai.net

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

O4:64bit: - HKLM..\Run: [hcfxvc] rundll32.exe "C:\Users\Alan\AppData\Roaming\hcfxvc.dll",HrIndexOfMonth File not found

O4:64bit: - HKLM..\Run: [hntmc] "C:\Windows\System32\rundll32.exe" "C:\Users\Alan\AppData\Roaming\hntmc.dll",State_Next File not found

O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [sBRegRebootCleaner] C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe (GFI Software)

O4:64bit: - HKLM..\Run: [soundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)

O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [F.lux] C:\Users\Alan\Local Settings\Apps\F.lux\flux.exe ()

O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)

O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 9365 = C:\PROGRA~3\LOCALS~1\Temp\msverov.bat

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5050E6B5-C2EC-4839-9514-AC096653B7AE}: DhcpNameServer = 192.168.254.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{684966C1-FE82-46F9-B7A1-E299E7AC9A31}: DhcpNameServer = 192.168.254.254

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\SYSTEM32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: GinaDLL - (C:\Windows\SYSTEM32\RtlGina\RtlGina.DLL) - File not found

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (SBBD.exe /d \Device\HarddiskVolume1\Program Files (x86)\Ad-Aware Antivirus\Definitions)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: BITS - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)

Drivers32: vidc.VP60 - C:\Windows\system32\vp6vfw.dll File not found

Drivers32: vidc.VP61 - C:\Windows\system32\vp6vfw.dll File not found

Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/11 11:51:05 | 000,000,000 | ---D | C] -- C:\ComboFix

[2012/08/11 11:51:02 | 000,016,712 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\SysNative\drivers\PROCEXP113.SYS

[2012/08/11 11:47:25 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/08/11 11:47:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/08/11 11:47:18 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW

[2012/08/11 11:45:45 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Alan\Desktop\TDSSKiller.exe

[2012/08/10 20:16:34 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\adaware

[2012/08/10 20:16:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection

[2012/08/10 20:16:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus

[2012/08/10 20:16:26 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys

[2012/08/10 20:16:25 | 000,057,976 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbredrv.sys

[2012/08/10 20:16:25 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe

[2012/08/10 20:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft

[2012/08/10 20:16:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus

[2012/08/10 20:16:12 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\Downloaded Installations

[2012/08/10 20:14:16 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Ad-Aware Antivirus

[2012/08/10 20:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2012/08/10 20:01:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012/08/10 20:01:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2012/08/10 20:00:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2012/08/10 20:00:46 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

[2012/08/10 19:22:41 | 000,000,000 | ---D | C] -- C:\Temp

[2012/08/10 19:18:04 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Wizards of the Coast

[2012/08/10 19:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wizards of the Coast

[2012/08/10 19:17:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wizards of the Coast

[2012/08/10 19:07:55 | 000,244,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSFLXGRD.OCX

[2012/08/10 19:07:55 | 000,203,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\richtx32.ocx

[2012/08/10 19:07:55 | 000,140,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX

[2012/08/10 19:07:55 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSINET.OCX

[2012/08/10 18:26:16 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair

[2012/08/10 18:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair

[2012/08/10 18:26:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Window Registry Repair

[2012/08/10 18:26:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2012/08/10 18:16:38 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\WotC Games

[2012/08/10 18:06:12 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Malwarebytes

[2012/08/10 18:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/08/10 18:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/08/10 18:06:03 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/08/10 18:06:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/08/10 18:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2012/08/10 18:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012/08/10 18:03:32 | 002,406,064 | ---- | C] (Trend Micro Inc.) -- C:\Users\Alan\Desktop\HousecallLauncher64.exe

[2012/08/10 17:55:09 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\PC Utility Kit

[2012/08/10 17:55:09 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\DriverCure

[2012/08/10 17:55:00 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Utility Kit

[2012/08/10 17:54:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Utility Kit

[2012/08/10 01:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings

[2012/08/10 01:50:24 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Yqicc

[2012/08/10 01:50:24 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Salao

[2012/08/10 01:50:24 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Exve

[2012/07/30 01:06:14 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

[2012/07/30 00:51:57 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\{461531DE-DA02-11E1-8270-B8AC6F996F26}

[2012/07/30 00:51:57 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\{46150052-DA02-11E1-8270-B8AC6F996F26}

[2012/07/25 00:05:16 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\MinMaxGames

[2012/07/15 22:54:30 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\Cockatrice

[2012/07/14 15:09:35 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\BoH

[2012/07/14 15:09:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL

[2012/07/14 14:45:12 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

[2012/07/14 11:27:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP

[2012/07/13 23:22:34 | 000,000,000 | ---D | C] -- C:\Users\Alan\Documents\Almost Human

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Alan\Desktop\*.tmp files -> C:\Users\Alan\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/12 02:05:25 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1247984433-1651517782-1903060838-1000UA.job

[2012/08/12 02:05:25 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At27.job

[2012/08/12 02:05:25 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At26.job

[2012/08/12 02:05:25 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At3.job

[2012/08/12 02:05:24 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At48.job

[2012/08/12 02:05:24 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At47.job

[2012/08/12 02:05:24 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At25.job

[2012/08/12 02:05:24 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At24.job

[2012/08/12 02:05:24 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At23.job

[2012/08/12 02:05:24 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At2.job

[2012/08/12 02:05:24 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At1.job

[2012/08/12 02:05:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/11 21:00:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At46.job

[2012/08/11 21:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At22.job

[2012/08/11 20:10:07 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At45.job

[2012/08/11 20:10:07 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At21.job

[2012/08/11 19:00:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At44.job

[2012/08/11 19:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At20.job

[2012/08/11 18:00:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At43.job

[2012/08/11 18:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At19.job

[2012/08/11 17:00:01 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At42.job

[2012/08/11 17:00:01 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At18.job

[2012/08/11 16:00:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At41.job

[2012/08/11 16:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At17.job

[2012/08/11 15:00:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At40.job

[2012/08/11 15:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At16.job

[2012/08/11 14:00:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At39.job

[2012/08/11 14:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At15.job

[2012/08/11 13:00:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At38.job

[2012/08/11 13:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At14.job

[2012/08/11 12:18:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1247984433-1651517782-1903060838-1000Core.job

[2012/08/11 12:05:34 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/11 12:05:34 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/11 12:00:51 | 000,000,104 | ---- | M] () -- C:\Windows\SysNative\SBRC.dat

[2012/08/11 12:00:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At37.job

[2012/08/11 12:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At13.job

[2012/08/11 11:58:01 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk

[2012/08/11 11:56:08 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At9.job

[2012/08/11 11:56:02 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/11 11:51:05 | 000,000,332 | ---- | M] () -- C:\Start_.cmd

[2012/08/11 11:51:02 | 000,016,712 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Windows\SysNative\drivers\PROCEXP113.SYS

[2012/08/11 11:44:02 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At36.job

[2012/08/11 11:44:02 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At35.job

[2012/08/11 11:44:02 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At34.job

[2012/08/11 11:44:02 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At33.job

[2012/08/11 11:44:02 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At32.job

[2012/08/11 11:44:02 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At31.job

[2012/08/11 11:44:02 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At30.job

[2012/08/11 11:44:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At8.job

[2012/08/11 11:44:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At7.job

[2012/08/11 11:44:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At12.job

[2012/08/11 11:44:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At11.job

[2012/08/11 11:44:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At10.job

[2012/08/11 11:44:01 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At29.job

[2012/08/11 11:44:01 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At6.job

[2012/08/11 11:44:01 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At5.job

[2012/08/11 03:00:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At28.job

[2012/08/11 03:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At4.job

[2012/08/10 20:01:24 | 000,001,262 | ---- | M] () -- C:\Users\Alan\Desktop\Spybot - Search & Destroy.lnk

[2012/08/10 20:00:46 | 000,002,971 | ---- | M] () -- C:\Users\Alan\Desktop\HiJackThis.lnk

[2012/08/10 19:57:55 | 4272,030,993 | ---- | M] () -- C:\Users\Alan\Desktop\Gw2.dat

[2012/08/10 19:53:01 | 022,108,224 | ---- | M] (ArenaNet) -- C:\Users\Alan\Desktop\gw2.exe

[2012/08/10 19:23:14 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Magic Online.lnk

[2012/08/10 18:26:16 | 000,001,035 | ---- | M] () -- C:\Users\Alan\Desktop\Free Window Registry Repair.lnk

[2012/08/10 18:14:36 | 000,885,560 | ---- | M] () -- C:\Users\Alan\AppData\Local\census.cache

[2012/08/10 18:14:00 | 000,112,397 | ---- | M] () -- C:\Users\Alan\AppData\Local\ars.cache

[2012/08/10 18:06:04 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/10 18:05:40 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/08/10 18:03:39 | 000,000,036 | ---- | M] () -- C:\Users\Alan\AppData\Local\housecall.guid.cache

[2012/08/10 18:03:36 | 002,406,064 | ---- | M] (Trend Micro Inc.) -- C:\Users\Alan\Desktop\HousecallLauncher64.exe

[2012/08/10 01:57:52 | 000,001,441 | ---- | M] () -- C:\Users\Alan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/08/08 18:19:13 | 000,002,454 | ---- | M] () -- C:\Users\Alan\Desktop\Google Chrome.lnk

[2012/07/30 01:03:13 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/07/30 01:03:13 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/07/29 20:44:41 | 000,421,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/07/25 20:52:19 | 000,000,222 | ---- | M] () -- C:\Users\Alan\Desktop\Space Pirates and Zombies.url

[2012/07/25 00:05:08 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat

[2012/07/24 09:22:36 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Alan\Desktop\TDSSKiller.exe

[2012/07/14 15:09:21 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll

[2012/07/14 15:09:21 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll

[2012/07/14 15:09:21 | 000,122,904 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll

[2012/07/14 15:09:21 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll

[2012/07/14 12:38:31 | 000,000,222 | ---- | M] () -- C:\Users\Alan\Desktop\Legend of Grimrock.url

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Alan\Desktop\*.tmp files -> C:\Users\Alan\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/11 12:00:50 | 000,000,104 | ---- | C] () -- C:\Windows\SysNative\SBRC.dat

[2012/08/11 11:53:20 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{c32a4258-bbee-3148-b360-01fd4a19d043}\U\80000064.@

[2012/08/11 11:53:19 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{c32a4258-bbee-3148-b360-01fd4a19d043}\U\80000000.@

[2012/08/11 11:53:02 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{c32a4258-bbee-3148-b360-01fd4a19d043}\U\00000004.@

[2012/08/11 11:53:02 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{c32a4258-bbee-3148-b360-01fd4a19d043}\L\00000004.@

[2012/08/11 11:51:05 | 000,000,332 | ---- | C] () -- C:\Start_.cmd

[2012/08/10 20:16:29 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk

[2012/08/10 20:01:24 | 000,001,262 | ---- | C] () -- C:\Users\Alan\Desktop\Spybot - Search & Destroy.lnk

[2012/08/10 20:00:46 | 000,002,971 | ---- | C] () -- C:\Users\Alan\Desktop\HiJackThis.lnk

[2012/08/10 19:23:14 | 000,002,175 | ---- | C] () -- C:\Users\Public\Desktop\Magic Online.lnk

[2012/08/10 18:26:16 | 000,001,035 | ---- | C] () -- C:\Users\Alan\Desktop\Free Window Registry Repair.lnk

[2012/08/10 18:14:36 | 000,885,560 | ---- | C] () -- C:\Users\Alan\AppData\Local\census.cache

[2012/08/10 18:14:00 | 000,112,397 | ---- | C] () -- C:\Users\Alan\AppData\Local\ars.cache

[2012/08/10 18:06:04 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/10 18:05:40 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/08/10 18:03:39 | 000,000,036 | ---- | C] () -- C:\Users\Alan\AppData\Local\housecall.guid.cache

[2012/08/10 01:52:38 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At48.job

[2012/08/10 01:52:37 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At47.job

[2012/08/10 01:52:37 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At46.job

[2012/08/10 01:52:37 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At45.job

[2012/08/10 01:52:36 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At44.job

[2012/08/10 01:52:36 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At43.job

[2012/08/10 01:52:36 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At42.job

[2012/08/10 01:52:35 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At41.job

[2012/08/10 01:52:35 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At40.job

[2012/08/10 01:52:34 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At39.job

[2012/08/10 01:52:34 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At38.job

[2012/08/10 01:52:34 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At37.job

[2012/08/10 01:52:33 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At36.job

[2012/08/10 01:52:33 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At35.job

[2012/08/10 01:52:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At34.job

[2012/08/10 01:52:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At33.job

[2012/08/10 01:52:31 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At32.job

[2012/08/10 01:52:31 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At31.job

[2012/08/10 01:52:31 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At30.job

[2012/08/10 01:52:30 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At29.job

[2012/08/10 01:52:30 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At28.job

[2012/08/10 01:52:29 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At27.job

[2012/08/10 01:52:29 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At26.job

[2012/08/10 01:52:28 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At25.job

[2012/08/10 01:52:28 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At24.job

[2012/08/10 01:52:27 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At23.job

[2012/08/10 01:52:27 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At22.job

[2012/08/10 01:52:27 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At21.job

[2012/08/10 01:52:26 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At20.job

[2012/08/10 01:52:26 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At19.job

[2012/08/10 01:52:25 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At18.job

[2012/08/10 01:52:25 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At17.job

[2012/08/10 01:52:24 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At16.job

[2012/08/10 01:52:24 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At15.job

[2012/08/10 01:52:23 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At14.job

[2012/08/10 01:52:23 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At13.job

[2012/08/10 01:52:23 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At12.job

[2012/08/10 01:52:22 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At11.job

[2012/08/10 01:52:21 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At9.job

[2012/08/10 01:52:21 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At8.job

[2012/08/10 01:52:21 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At10.job

[2012/08/10 01:52:20 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At7.job

[2012/08/10 01:52:19 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At6.job

[2012/08/10 01:52:19 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At5.job

[2012/08/10 01:52:19 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At4.job

[2012/08/10 01:52:18 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At3.job

[2012/08/10 01:52:17 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At2.job

[2012/08/10 01:52:16 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At1.job

[2012/07/25 20:52:19 | 000,000,222 | ---- | C] () -- C:\Users\Alan\Desktop\Space Pirates and Zombies.url

[2012/07/25 00:05:08 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

[2012/07/14 12:38:31 | 000,000,222 | ---- | C] () -- C:\Users\Alan\Desktop\Legend of Grimrock.url

[2012/03/17 00:19:56 | 000,000,043 | ---- | C] () -- C:\Users\Alan\jagex_cl_runescape_LIVE.dat

[2012/03/17 00:19:56 | 000,000,024 | ---- | C] () -- C:\Users\Alan\random.dat

[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

[2012/03/06 15:21:06 | 000,000,092 | ---- | C] () -- C:\Users\Alan\AppData\Local\fusioncache.dat

[2012/02/14 22:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2012/02/14 22:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2012/01/11 00:29:23 | 000,002,048 | -HS- | C] () -- C:\Users\Alan\AppData\Local\{c32a4258-bbee-3148-b360-01fd4a19d043}\@

[2011/12/27 18:34:31 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini

[2011/12/27 18:33:21 | 000,000,060 | ---- | C] () -- C:\Windows\wpd99.drv

[2011/12/27 18:33:20 | 000,039,424 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll

[2011/12/10 23:30:33 | 000,007,598 | ---- | C] () -- C:\Users\Alan\AppData\Local\Resmon.ResmonCfg

[2011/11/22 00:28:22 | 000,187,432 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2011/11/20 20:43:38 | 000,759,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/11/20 01:23:10 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011/11/20 01:23:09 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011/11/19 14:24:55 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

[2011/11/18 03:07:21 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2011/11/16 23:55:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011/11/16 22:44:31 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe

[2011/09/12 19:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2010/11/20 08:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr

[2011/11/16 23:50:36 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2012/02/24 12:50:37 | 000,000,057 | ---- | M] () -- C:\dotaItem.txt

[2012/08/11 11:56:02 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys

[2008/08/29 15:21:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2008/08/29 15:21:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2012/08/11 11:56:03 | 4294,041,600 | -HS- | M] () -- C:\pagefile.sys

[2011/11/25 14:27:43 | 000,128,800 | ---- | M] () -- C:\shared.log

[2012/08/11 11:51:05 | 000,000,332 | ---- | M] () -- C:\Start_.cmd

[2012/08/11 11:48:56 | 000,124,880 | ---- | M] () -- C:\TDSSKiller.2.7.48.0_11.08.2012_11.48.16_log.txt

[2012/06/10 16:53:06 | 000,001,633 | ---- | M] () -- C:\tracert.txt

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

Link to post
Share on other sites
PackALunch

PackALunch

Posted
  • Author
Posted

2nd file

OTL Extras logfile created on: 8/12/2012 2:07:38 AM - Run 1

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Alan\Downloads

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.88 Gb Available Physical Memory | 72.09% Memory free

8.00 Gb Paging File | 5.73 Gb Available in Paging File | 71.64% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.76 Gb Total Space | 45.32 Gb Free Space | 9.73% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Drive E: | 3.73 Gb Total Space | 3.72 Gb Free Space | 99.84% Space Free | Partition Type: FAT32

Computer Name: ALANS_COMPUTER | User Name: Alan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding

"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{401E03EC-1644-1B0A-B8D3-C40477ADCEC4}" = AMD Drag and Drop Transcoding

"{47F9B7C3-F172-940F-D0C4-203C7914E5D2}" = AMD Catalyst Install Manager

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{82D52DEB-4262-2846-07E5-2D5A6C3C9A01}" = ATI AVIVO64 Codecs

"{866FADAA-D878-8B7A-738D-E6659493108D}" = ATI Problem Report Wizard

"{872E469B-81D3-4A19-BE19-85B7B59EED30}" = StudioTax 2011

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109

"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support

"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"CCleaner" = CCleaner

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"WinRAR archiver" = WinRAR 4.10 beta 4 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0DF70CB6-553A-4C57-8E6D-87635EECFB78}" = REALTEK Wireless LAN Driver and Utility

"{16C426FC-B3A4-41B8-9BED-BDAB6836F54D}" = OSU-gt RC9

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian

"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{24aab420-4e30-4496-9739-3e216f3de6ae}" = Python 2.6.2

"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java 6 Update 29

"{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}" = Ad-Aware Antivirus

"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All

"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese

"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech

"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai

"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional

"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German

"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek

"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007

"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English

"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish

"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)

"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger

"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish

"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean

"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian

"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center

"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian

"{D8A8894A-B875-8206-E820-B27BCD72C5A0}" = HydraVision

"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call

"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"bc8a6440-918f-11dd-ad8b-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.17.01.801

"Cisco Connect" = Cisco Connect

"Cockatrice" = Cockatrice

"Diablo III" = Diablo III

"DivX Setup" = DivX Setup

"Free Window Registry Repair" = Free Window Registry Repair

"Host OpenAL (ADI)" = Host OpenAL (ADI)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"McAfee Security Scan" = McAfee Security Scan Plus

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"OpenAL" = OpenAL

"Pdf995" = Pdf995

"SpeedFan" = SpeedFan (remove only)

"StarCraft II" = StarCraft II

"Steam App 102600" = Orcs Must Die!

"Steam App 107100" = Bastion

"Steam App 107200" = Space Pirates and Zombies

"Steam App 111400" = Bunch Of Heroes

"Steam App 1250" = Killing Floor

"Steam App 17710" = Nuclear Dawn

"Steam App 201290" = Sins of a Solar Empire: Trinity

"Steam App 202710" = Demigod

"Steam App 20570" = Warhammer® 40,000™: Dawn of War® II – Chaos Rising™

"Steam App 207170" = Legend of Grimrock

"Steam App 21660" = Street Fighter IV

"Steam App 240" = Counter-Strike: Source

"Steam App 300" = Day of Defeat: Source

"Steam App 34030" = Napoleon: Total War

"Steam App 34270" = SEGA Genesis & Mega Drive Classics

"Steam App 34330" = Total War: SHOGUN 2

"Steam App 35140" = Batman: Arkham Asylum GOTY Edition

"Steam App 35700" = Trine

"Steam App 3590" = Plants vs. Zombies: Game of the Year

"Steam App 39160" = Dungeon Siege III

"Steam App 40800" = Super Meat Boy

"Steam App 42910" = Magicka

"Steam App 440" = Team Fortress 2

"Steam App 47890" = The Sims 3

"Steam App 550" = Left 4 Dead 2

"Steam App 55150" = Warhammer 40,000 Space Marine

"Steam App 570" = Dota 2

"Steam App 70300" = VVVVVV

"Steam App 730" = Counter-Strike: Global Offensive Beta

"Steam App 98200" = Frozen Synapse

"ULTIMATER" = Microsoft Office Ultimate 2007

"uTorrent" = µTorrent

"VLC media player" = VLC media player 1.1.11

"WinLiveSuite_Wave3" = Windows Live Essentials

"wxPython2.8-unicode-py26_is1" = wxPython 2.8.10.1 (unicode) for Python 2.6

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Flux" = F.lux

"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 8/12/2012 2:05:17 AM | Computer Name = Alans_Computer | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 18138237

Error - 8/12/2012 2:05:18 AM | Computer Name = Alans_Computer | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/12/2012 2:05:18 AM | Computer Name = Alans_Computer | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 18139235

Error - 8/12/2012 2:05:18 AM | Computer Name = Alans_Computer | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 18139235

Error - 8/12/2012 2:05:19 AM | Computer Name = Alans_Computer | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/12/2012 2:05:19 AM | Computer Name = Alans_Computer | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 18140233

Error - 8/12/2012 2:05:19 AM | Computer Name = Alans_Computer | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 18140233

Error - 8/12/2012 2:05:20 AM | Computer Name = Alans_Computer | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/12/2012 2:05:20 AM | Computer Name = Alans_Computer | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 18141232

Error - 8/12/2012 2:05:20 AM | Computer Name = Alans_Computer | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 18141232

[ System Events ]

Error - 7/1/2012 2:58:42 PM | Computer Name = Alans_Computer | Source = amdkmdag | ID = 6145

Description = System shutdown due to graphics card overheating

Error - 7/1/2012 2:58:42 PM | Computer Name = Alans_Computer | Source = amdkmdag | ID = 6145

Description = System shutdown due to graphics card overheating

Error - 7/1/2012 2:59:27 PM | Computer Name = Alans_Computer | Source = EventLog | ID = 6008

Description = The previous system shutdown at 2:58:11 PM on ?7/?1/?2012 was unexpected.

Error - 7/2/2012 9:40:12 PM | Computer Name = Alans_Computer | Source = EventLog | ID = 6008

Description = The previous system shutdown at 9:38:05 PM on ?7/?2/?2012 was unexpected.

Error - 7/4/2012 9:20:48 PM | Computer Name = Alans_Computer | Source = EventLog | ID = 6008

Description = The previous system shutdown at 9:19:09 PM on ?7/?4/?2012 was unexpected.

Error - 7/9/2012 10:42:55 PM | Computer Name = Alans_Computer | Source = EventLog | ID = 6008

Description = The previous system shutdown at 10:41:36 PM on ?7/?9/?2012 was unexpected.

Error - 7/9/2012 10:42:58 PM | Computer Name = ALANS_COMPUTER | Source = BugCheck | ID = 1001

Description =

Error - 7/9/2012 10:48:40 PM | Computer Name = Alans_Computer | Source = EventLog | ID = 6008

Description = The previous system shutdown at 10:46:47 PM on ?7/?9/?2012 was unexpected.

Error - 7/9/2012 10:48:43 PM | Computer Name = ALANS_COMPUTER | Source = BugCheck | ID = 1001

Description =

Error - 7/9/2012 10:51:19 PM | Computer Name = Alans_Computer | Source = WMPNetworkSvc | ID = 866300

Description =

< End of report >

Link to post
Share on other sites
TheDarkKnight

TheDarkKnight

Posted
Posted

Hey PackALunch. :)

Just checked and there was no ComboFix.txt on my computer. I'll try to run it again tomorrow and see if the log appears.

Please do not run ComboFix until after running OTL as instructed below.

Do you recognise this folder at all: C:\32788R22FWJFW

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :files
    C:\Users\Alan\AppData\Roaming\Exve
    C:\Users\Alan\AppData\Roaming\Salao
    C:\Users\Alan\AppData\Roaming\Yqicc
    C:\Windows\tasks\At*.job
    C:\Windows\Installer\{c32a4258-bbee-3148-b360-01fd4a19d043}
    C:\Users\Alan\AppData\Local\{c32a4258-bbee-3148-b360-01fd4a19d043}
    :OTL
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.c...sa&d=2012-08-10 18:26:55&v=11.1.0.7&sap=hp
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-08-10 18:26:55&v=11.1.0.7&sap=dsp&q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [hcfxvc] rundll32.exe "C:\Users\Alan\AppData\Roaming\hcfxvc.dll",HrIndexOfMonth File not found
    O4:64bit: - HKLM..\Run: [hntmc] "C:\Windows\System32\rundll32.exe" "C:\Users\Alan\AppData\Roaming\hntmc.dll",State_Next File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 9365 = C:\PROGRA~3\LOCALS~1\Temp\msverov.bat
    [2012/07/30 00:51:57 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\{461531DE-DA02-11E1-8270-B8AC6F996F26}
    [2012/07/30 00:51:57 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\{46150052-DA02-11E1-8270-B8AC6F996F26}
    :Commands
    [EmptyTemp]
    [EMPTYFLASH]
    [Reboot]
  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

===========

Next, please delete your current copy of ComboFix. Then, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

===========

In your next post please provide the following:

  • OTL fix log.
  • ComboFix.txt.
  • If you recognise the folder C:\32788R22FWJFW?

Are there any current issues on your computer?

Link to post
Share on other sites
PackALunch

PackALunch

Posted
  • Author
Posted

Yes, I recognize the C:\32788R22FWJFW folder.

I ran OTL, but it restarted before I managed to copy the log. I'll have to re-run ComboFix, I don't think it ran properly the first time since AdAware wasn't disabled. I'll post the logs once I re-scan.

Also, during the restart (after OTL finished), the bootup screen said it was deleting desktop.ini files. When Windows loaded, all of my hidden files were being displayed and there were 2 files called Desktop.ini on my desktop. Do you know what this might be?

Link to post
Share on other sites
TheDarkKnight

TheDarkKnight

Posted
Posted

Hey PackALunch. :)

Yes, I recognize the C:\32788R22FWJFW folder.

OK good.

Also, during the restart (after OTL finished), the bootup screen said it was deleting desktop.ini files. When Windows loaded, all of my hidden files were being displayed and there were 2 files called Desktop.ini on my desktop. Do you know what this might be?

Sounds like OTL being restarted before it finished left files unhidden. Once I see your logs I will proceed to help you rehide them. The .ini files contain information pertaining to your Desktop, which is why they are normally hidden.

Link to post
Share on other sites
PackALunch

PackALunch

Posted
  • Author
Posted

Ran OTL again and the desktop.ini files are now hidden again. Here the OTL log:

All processes killed

========== FILES ==========

File\Folder C:\Users\Alan\AppData\Roaming\Exve not found.

File\Folder C:\Users\Alan\AppData\Roaming\Salao not found.

File\Folder C:\Users\Alan\AppData\Roaming\Yqicc not found.

File\Folder C:\Windows\tasks\At*.job not found.

File\Folder C:\Windows\Installer\{c32a4258-bbee-3148-b360-01fd4a19d043} not found.

File\Folder C:\Users\Alan\AppData\Local\{c32a4258-bbee-3148-b360-01fd4a19d043} not found.

========== OTL ==========

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\hcfxvc not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\hntmc not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\9365 not found.

Folder C:\Users\Alan\AppData\Local\{461531DE-DA02-11E1-8270-B8AC6F996F26}\ not found.

Folder C:\Users\Alan\AppData\Local\{46150052-DA02-11E1-8270-B8AC6F996F26}\ not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: Alan

->Temp folder emptied: 2217 bytes

->Temporary Internet Files folder emptied: 64700 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 301254106 bytes

->Google Chrome cache emptied: 64481147 bytes

->Flash cache emptied: 1408 bytes

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 608 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 6350 bytes

Total Files Cleaned = 349.00 mb

[EMPTYFLASH]

User: Administrator

User: Alan

->Flash cache emptied: 0 bytes

User: All Users

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.57.0 log created on 08132012_174031

Files\Folders moved on Reboot...

File\Folder C:\Users\Alan\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

PendingFileRenameOperations files...

File C:\Users\Alan\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites
PackALunch

PackALunch

Posted
  • Author
Posted

Here's my ComboFix log:

ComboFix 12-08-13.01 - Alan 08/13/2012 17:52:20.2.2 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2570 [GMT -4:00]

Running from: c:\users\Alan\Desktop\ComboFix.exe

AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}

FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}

SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\assembly\GAC_64\Desktop.ini

.

---- Previous Run -------

.

c:\users\Alan\AppData\Roaming\Love\mari0\options.txt

c:\windows\Installer\{c32a4258-bbee-3148-b360-01fd4a19d043}\@

c:\windows\Installer\{c32a4258-bbee-3148-b360-01fd4a19d043}\L\00000004.@

c:\windows\Installer\{c32a4258-bbee-3148-b360-01fd4a19d043}\L\201d3dde

c:\windows\Installer\{c32a4258-bbee-3148-b360-01fd4a19d043}\U\00000004.@

c:\windows\Installer\{c32a4258-bbee-3148-b360-01fd4a19d043}\U\00000008.@

c:\windows\Installer\{c32a4258-bbee-3148-b360-01fd4a19d043}\U\000000cb.@

c:\windows\Installer\{c32a4258-bbee-3148-b360-01fd4a19d043}\U\80000000.@

c:\windows\Installer\{c32a4258-bbee-3148-b360-01fd4a19d043}\U\80000032.@

c:\windows\Installer\{c32a4258-bbee-3148-b360-01fd4a19d043}\U\80000064.@

c:\windows\SysWow64\URTTemp\regtlib.exe

.

-- Previous Run --

.

Infected copy of c:\windows\system32\Services.exe was found and disinfected

Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

.

--------

.

.

((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))

.

.

2012-08-13 22:00 . 2012-08-13 22:00 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-12 17:14 . 2012-08-12 17:14 -------- d-----w- C:\_OTL

2012-08-11 00:16 . 2012-08-11 00:16 -------- d-----w- c:\users\Alan\AppData\Local\adaware

2012-08-11 00:16 . 2012-08-13 21:49 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection

2012-08-11 00:16 . 2011-12-19 16:44 60536 ----a-w- c:\windows\system32\drivers\sbhips.sys

2012-08-11 00:16 . 2011-12-19 17:21 45936 ----a-w- c:\windows\system32\sbbd.exe

2012-08-11 00:16 . 2011-10-26 18:23 57976 ----a-w- c:\windows\system32\drivers\sbredrv.sys

2012-08-11 00:16 . 2012-08-11 03:18 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus

2012-08-11 00:16 . 2012-08-11 00:16 -------- d-----w- c:\programdata\Lavasoft

2012-08-11 00:16 . 2012-08-11 00:16 -------- d-----w- c:\users\Alan\AppData\Local\Downloaded Installations

2012-08-11 00:14 . 2012-08-13 21:50 -------- d-----w- c:\users\Alan\AppData\Roaming\Ad-Aware Antivirus

2012-08-11 00:01 . 2012-08-11 00:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-08-11 00:01 . 2012-08-11 00:01 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-08-11 00:00 . 2012-08-11 00:00 388096 ----a-r- c:\users\Alan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-08-11 00:00 . 2012-08-11 00:00 -------- d-----w- c:\program files (x86)\Trend Micro

2012-08-10 23:22 . 2012-08-10 23:23 -------- d-----w- C:\Temp

2012-08-10 23:18 . 2012-08-10 23:44 -------- d-----w- c:\users\Alan\AppData\Roaming\Wizards of the Coast

2012-08-10 23:17 . 2012-08-10 23:17 -------- d-----w- c:\program files (x86)\Wizards of the Coast

2012-08-10 23:07 . 2004-03-09 17:00 132880 ----a-w- c:\windows\SysWow64\MSINET.OCX

2012-08-10 23:07 . 2001-10-04 18:13 3584 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\DAO\comcat.dll

2012-08-10 23:07 . 2001-10-04 17:16 1338880 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\DAO\shdocvw.dll

2012-08-10 23:07 . 2001-10-04 17:14 184320 ----a-w- c:\windows\SysWow64\wzcsvc.dll

2012-08-10 23:07 . 2000-05-22 21:00 203976 ----a-w- c:\windows\SysWow64\richtx32.ocx

2012-08-10 23:07 . 1999-06-11 03:34 570128 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\DAO\DAO350.DLL

2012-08-10 23:07 . 1998-06-24 17:00 244024 ----a-w- c:\windows\SysWow64\MSFLXGRD.OCX

2012-08-10 23:07 . 1998-06-24 17:00 140096 ----a-w- c:\windows\SysWow64\COMDLG32.OCX

2012-08-10 22:26 . 2012-08-10 22:41 -------- d-----w- c:\program files (x86)\Free Window Registry Repair

2012-08-10 22:26 . 2012-08-10 22:26 -------- d--h--w- c:\programdata\Common Files

2012-08-10 22:06 . 2012-08-10 22:06 -------- d-----w- c:\users\Alan\AppData\Roaming\Malwarebytes

2012-08-10 22:06 . 2012-08-10 22:06 -------- d-----w- c:\programdata\Malwarebytes

2012-08-10 22:06 . 2012-08-10 22:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-10 22:06 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-10 22:05 . 2012-08-10 22:05 -------- d-----w- c:\program files\CCleaner

2012-08-10 21:55 . 2012-08-10 21:55 -------- d-----w- c:\users\Alan\AppData\Roaming\PC Utility Kit

2012-08-10 21:55 . 2012-08-10 21:55 -------- d-----w- c:\users\Alan\AppData\Roaming\DriverCure

2012-08-10 21:54 . 2012-08-10 23:06 -------- d-----w- c:\programdata\PC Utility Kit

2012-08-10 05:51 . 2012-08-10 05:51 -------- d-----w- c:\programdata\Local Settings

2012-07-30 05:06 . 2012-07-30 05:06 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-07-28 00:06 . 2012-07-28 00:06 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3831888-9955-4873-8416-1BA1EF5CC3A9}\offreg.dll

2012-07-27 21:55 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3831888-9955-4873-8416-1BA1EF5CC3A9}\mpengine.dll

2012-07-25 04:05 . 2012-07-25 04:05 -------- d-----w- c:\users\Alan\AppData\Roaming\MinMaxGames

2012-07-16 02:54 . 2012-07-16 02:54 -------- d-----w- c:\users\Alan\AppData\Local\Cockatrice

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-30 05:03 . 2012-03-31 21:16 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-30 05:03 . 2011-11-17 03:04 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-14 19:09 . 2011-11-18 07:36 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2012-07-14 19:09 . 2011-11-18 07:36 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2012-07-14 19:09 . 2011-11-18 07:36 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2012-07-14 19:09 . 2011-11-18 07:36 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2012-07-14 05:49 . 2011-11-18 06:21 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-06-12 03:08 . 2012-07-14 05:51 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-06-11 18:17 . 2012-06-11 18:17 71680 ----a-w- c:\windows\system32\frapsv64.dll

2012-06-11 18:17 . 2012-06-11 18:17 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll

2012-06-11 17:50 . 2012-06-11 17:50 187392 ----a-w- c:\windows\system32\clinfo.exe

2012-06-11 17:50 . 2012-06-11 17:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-06-11 17:50 . 2012-06-11 17:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-06-11 17:50 . 2012-06-11 17:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll

2012-06-11 17:50 . 2012-06-11 17:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-06-11 17:50 . 2012-06-11 17:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll

2012-06-11 17:49 . 2012-06-11 17:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-06-09 05:43 . 2012-07-11 23:31 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-06-06 06:06 . 2012-07-11 23:31 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 06:06 . 2012-07-11 23:31 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 06:02 . 2012-07-11 23:31 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-06-06 05:05 . 2012-07-11 23:31 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:05 . 2012-07-11 23:31 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-06 05:03 . 2012-07-11 23:31 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-06-02 22:19 . 2012-06-18 22:24 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-18 22:25 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-18 22:25 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-18 22:25 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-18 22:24 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-18 22:25 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-18 22:24 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-18 22:24 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:15 . 2012-06-18 22:24 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 05:50 . 2012-07-11 23:31 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:48 . 2012-07-11 23:31 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:48 . 2012-07-11 23:31 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:45 . 2012-07-11 23:31 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:44 . 2012-07-11 23:31 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 04:40 . 2012-07-11 23:31 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:40 . 2012-07-11 23:31 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:39 . 2012-07-11 23:31 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34 . 2012-07-11 23:31 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2012-05-31 16:25 . 2011-11-17 02:51 279656 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"F.lux"="c:\users\Alan\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-11-26 393216]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2011-11-18 1310720]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe" [2012-07-30 686280]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

@="Ad-Aware Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]

R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-21 113120]

R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-18 1255736]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-07-12 1239952]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 Realtek87B;Realtek87B;c:\program files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe [2009-12-07 40960]

S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-07 448512]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1247984433-1651517782-1903060838-1000Core.job

- c:\users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-17 02:54]

.

2012-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1247984433-1651517782-1903060838-1000UA.job

- c:\users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-17 02:54]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]

"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]

"SoundMAX"="c:\program files (x86)\Analog Devices\SoundMAX\soundmax.exe" [2009-05-18 3866624]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page =

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.254.254

FF - ProfilePath - c:\users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\dcc8hm3o.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.reddit.com

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-08-13 18:03:32

ComboFix-quarantined-files.txt 2012-08-13 22:03

.

Pre-Run: 46,323,691,520 bytes free

Post-Run: 45,953,847,296 bytes free

.

- - End Of File - - CA5FB4C7D2C1971DA67208F74ABF4D4F

Link to post
Share on other sites
PackALunch

PackALunch

Posted
  • Author
Posted

There were several quaranitined files in MalWareBytes and AdAware. AdAware has quaranitined Trojan.Win32.Generic!BT last night. Quarantine messages come up last night when I was using firefox and going to random websites. I don't remember which sites they were, but there were a few.

Link to post
Share on other sites
PackALunch

PackALunch

Posted
  • Author
Posted

The isearch is still my chrome homepage, but no other issues noted.

Should I delete the quarantined files in MalwareBytes and AdAware?

OTL logfile created on: 8/14/2012 6:37:34 PM - Run 2

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Alan\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.98 Gb Available Physical Memory | 74.58% Memory free

8.00 Gb Paging File | 6.02 Gb Available in Paging File | 75.25% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.76 Gb Total Space | 42.40 Gb Free Space | 9.10% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Drive E: | 3.73 Gb Total Space | 3.72 Gb Free Space | 99.84% Space Free | Partition Type: FAT32

Computer Name: ALANS_COMPUTER | User Name: Alan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/12 02:06:46 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe

PRC - [2012/08/03 20:15:15 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe

PRC - [2012/07/12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe

PRC - [2012/07/12 18:32:18 | 018,832,264 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe

PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe

PRC - [2011/11/22 19:34:51 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

PRC - [2010/11/25 22:31:10 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe

PRC - [2010/11/20 08:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2010/01/08 15:15:24 | 001,118,208 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe

PRC - [2009/12/07 14:49:24 | 000,040,960 | ---- | M] (Realtek) -- C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/01 19:13:51 | 020,316,496 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll

MOD - [2012/08/01 19:13:48 | 000,900,944 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll

MOD - [2012/08/01 19:13:46 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll

MOD - [2012/08/01 19:13:44 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll

MOD - [2012/08/01 19:13:42 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll

MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/05 22:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2011/11/18 03:06:47 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012/07/21 14:55:31 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/07/12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)

SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/06/19 18:38:51 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)

SRV - [2011/11/22 19:34:51 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/12/07 14:49:24 | 000,040,960 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe -- (Realtek87B)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2012/04/05 21:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/12/19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)

DRV:64bit: - [2011/11/29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)

DRV:64bit: - [2011/11/18 03:06:47 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)

DRV:64bit: - [2011/10/26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)

DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/01/07 07:20:22 | 000,448,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8187.sys -- (RTL8187)

DRV:64bit: - [2009/11/23 18:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)

DRV:64bit: - [2009/11/23 18:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2005/03/29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 36 7A 93 42 77 CD 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "www.reddit.com"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/28 04:16:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/21 14:55:32 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 01:09:16 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{46150052-DA02-11E1-8270-B8AC6F996F26}: C:\Users\Alan\AppData\Local\{46150052-DA02-11E1-8270-B8AC6F996F26}\

[2011/11/16 22:50:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Extensions

[2012/06/29 18:25:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\dcc8hm3o.default\extensions

[2012/06/29 18:25:44 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\dcc8hm3o.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

[2012/01/06 04:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011/11/16 22:57:47 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\ALAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DCC8HM3O.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI

[2011/12/28 04:11:52 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\ALAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DCC8HM3O.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI

[2012/07/21 14:55:32 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/08/10 18:26:45 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

[2012/07/21 14:55:30 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/07/21 14:55:30 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.ca/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://www.google.ca/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Alan\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Alan\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Alan\AppData\Local\Google\Chrome\Application\21.0.1180.79\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll

CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Alan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

CHR - Extension: Gmail = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/13 18:00:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)

O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)

O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [F.lux] C:\Users\Alan\Local Settings\Apps\F.lux\flux.exe ()

O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)

O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5050E6B5-C2EC-4839-9514-AC096653B7AE}: DhcpNameServer = 192.168.254.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{684966C1-FE82-46F9-B7A1-E299E7AC9A31}: DhcpNameServer = 192.168.254.254

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: GinaDLL - (C:\Windows\SYSTEM32\RtlGina\RtlGina.DLL) - File not found

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/14 00:13:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/08/13 18:03:33 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/08/12 13:24:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/08/12 13:24:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/08/12 13:24:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/08/12 13:21:37 | 004,733,169 | R--- | C] (Swearware) -- C:\Users\Alan\Desktop\ComboFix.exe

[2012/08/12 13:14:20 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/08/12 02:06:43 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe

[2012/08/11 11:47:25 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/08/11 11:47:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/08/11 11:45:45 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Alan\Desktop\TDSSKiller.exe

[2012/08/10 20:16:34 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\adaware

[2012/08/10 20:16:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection

[2012/08/10 20:16:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus

[2012/08/10 20:16:26 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys

[2012/08/10 20:16:25 | 000,057,976 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbredrv.sys

[2012/08/10 20:16:25 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe

[2012/08/10 20:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft

[2012/08/10 20:16:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus

[2012/08/10 20:16:12 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\Downloaded Installations

[2012/08/10 20:14:16 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Ad-Aware Antivirus

[2012/08/10 20:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2012/08/10 20:01:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012/08/10 20:01:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2012/08/10 20:00:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2012/08/10 20:00:46 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

[2012/08/10 19:22:41 | 000,000,000 | ---D | C] -- C:\Temp

[2012/08/10 19:18:04 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Wizards of the Coast

[2012/08/10 19:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wizards of the Coast

[2012/08/10 19:17:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wizards of the Coast

[2012/08/10 19:07:55 | 000,244,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSFLXGRD.OCX

[2012/08/10 19:07:55 | 000,203,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\richtx32.ocx

[2012/08/10 19:07:55 | 000,140,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX

[2012/08/10 19:07:55 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSINET.OCX

[2012/08/10 18:26:16 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair

[2012/08/10 18:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair

[2012/08/10 18:26:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Window Registry Repair

[2012/08/10 18:26:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2012/08/10 18:16:38 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\WotC Games

[2012/08/10 18:06:12 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Malwarebytes

[2012/08/10 18:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/08/10 18:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/08/10 18:06:03 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/08/10 18:06:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/08/10 18:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2012/08/10 18:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012/08/10 18:03:32 | 002,406,064 | ---- | C] (Trend Micro Inc.) -- C:\Users\Alan\Desktop\HousecallLauncher64.exe

[2012/08/10 17:55:09 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\PC Utility Kit

[2012/08/10 17:55:09 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\DriverCure

[2012/08/10 17:55:00 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Utility Kit

[2012/08/10 17:54:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Utility Kit

[2012/08/10 01:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings

[2012/07/30 01:06:14 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

[2012/07/25 00:05:16 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\MinMaxGames

[2012/07/15 22:54:30 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\Cockatrice

[1 C:\Users\Alan\Desktop\*.tmp files -> C:\Users\Alan\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/14 18:18:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1247984433-1651517782-1903060838-1000UA.job

[2012/08/14 17:49:07 | 000,002,454 | ---- | M] () -- C:\Users\Alan\Desktop\Google Chrome.lnk

[2012/08/14 17:47:35 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1247984433-1651517782-1903060838-1000Core.job

[2012/08/14 17:47:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/14 00:11:37 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk

[2012/08/13 18:00:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/08/13 17:51:11 | 004,733,169 | R--- | M] (Swearware) -- C:\Users\Alan\Desktop\ComboFix.exe

[2012/08/13 17:51:09 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/13 17:51:09 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/13 17:43:47 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/12 13:18:02 | 000,001,190 | ---- | M] () -- C:\Windows\SysWow64\ServiceConfig.xml

[2012/08/12 02:06:46 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe

[2012/08/10 20:01:24 | 000,001,262 | ---- | M] () -- C:\Users\Alan\Desktop\Spybot - Search & Destroy.lnk

[2012/08/10 20:00:46 | 000,002,971 | ---- | M] () -- C:\Users\Alan\Desktop\HiJackThis.lnk

[2012/08/10 19:57:55 | 4272,030,993 | ---- | M] () -- C:\Users\Alan\Desktop\Gw2.dat

[2012/08/10 19:53:01 | 022,108,224 | ---- | M] (ArenaNet) -- C:\Users\Alan\Desktop\gw2.exe

[2012/08/10 19:23:14 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Magic Online.lnk

[2012/08/10 18:26:16 | 000,001,035 | ---- | M] () -- C:\Users\Alan\Desktop\Free Window Registry Repair.lnk

[2012/08/10 18:14:36 | 000,885,560 | ---- | M] () -- C:\Users\Alan\AppData\Local\census.cache

[2012/08/10 18:14:00 | 000,112,397 | ---- | M] () -- C:\Users\Alan\AppData\Local\ars.cache

[2012/08/10 18:06:04 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/10 18:05:40 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/08/10 18:03:39 | 000,000,036 | ---- | M] () -- C:\Users\Alan\AppData\Local\housecall.guid.cache

[2012/08/10 18:03:36 | 002,406,064 | ---- | M] (Trend Micro Inc.) -- C:\Users\Alan\Desktop\HousecallLauncher64.exe

[2012/08/10 01:57:52 | 000,001,441 | ---- | M] () -- C:\Users\Alan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/07/30 01:03:13 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/07/30 01:03:13 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/07/29 20:44:41 | 000,421,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/07/25 20:52:19 | 000,000,222 | ---- | M] () -- C:\Users\Alan\Desktop\Space Pirates and Zombies.url

[2012/07/25 00:05:08 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat

[2012/07/24 09:22:36 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Alan\Desktop\TDSSKiller.exe

[1 C:\Users\Alan\Desktop\*.tmp files -> C:\Users\Alan\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/12 13:24:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/08/12 13:24:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/08/12 13:24:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/08/12 13:24:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/08/12 13:24:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/08/12 13:18:02 | 000,001,190 | ---- | C] () -- C:\Windows\SysWow64\ServiceConfig.xml

[2012/08/10 20:16:29 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk

[2012/08/10 20:01:24 | 000,001,262 | ---- | C] () -- C:\Users\Alan\Desktop\Spybot - Search & Destroy.lnk

[2012/08/10 20:00:46 | 000,002,971 | ---- | C] () -- C:\Users\Alan\Desktop\HiJackThis.lnk

[2012/08/10 19:23:14 | 000,002,175 | ---- | C] () -- C:\Users\Public\Desktop\Magic Online.lnk

[2012/08/10 18:26:16 | 000,001,035 | ---- | C] () -- C:\Users\Alan\Desktop\Free Window Registry Repair.lnk

[2012/08/10 18:14:36 | 000,885,560 | ---- | C] () -- C:\Users\Alan\AppData\Local\census.cache

[2012/08/10 18:14:00 | 000,112,397 | ---- | C] () -- C:\Users\Alan\AppData\Local\ars.cache

[2012/08/10 18:06:04 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/10 18:05:40 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/08/10 18:03:39 | 000,000,036 | ---- | C] () -- C:\Users\Alan\AppData\Local\housecall.guid.cache

[2012/07/25 20:52:19 | 000,000,222 | ---- | C] () -- C:\Users\Alan\Desktop\Space Pirates and Zombies.url

[2012/07/25 00:05:08 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

[2012/03/17 00:19:56 | 000,000,043 | ---- | C] () -- C:\Users\Alan\jagex_cl_runescape_LIVE.dat

[2012/03/17 00:19:56 | 000,000,024 | ---- | C] () -- C:\Users\Alan\random.dat

[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

[2012/03/06 15:21:06 | 000,000,092 | ---- | C] () -- C:\Users\Alan\AppData\Local\fusioncache.dat

[2012/02/14 22:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2012/02/14 22:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2011/12/27 18:34:31 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini

[2011/12/27 18:33:21 | 000,000,060 | ---- | C] () -- C:\Windows\wpd99.drv

[2011/12/27 18:33:20 | 000,039,424 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll

[2011/12/10 23:30:33 | 000,007,598 | ---- | C] () -- C:\Users\Alan\AppData\Local\Resmon.ResmonCfg

[2011/11/22 00:28:22 | 000,187,432 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2011/11/20 20:43:38 | 000,759,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/11/20 01:23:10 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011/11/20 01:23:09 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011/11/19 14:24:55 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

[2011/11/18 03:07:21 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2011/11/16 23:55:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011/11/16 22:44:31 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe

[2011/09/12 19:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

< End of report >

Link to post
Share on other sites
TheDarkKnight

TheDarkKnight

Posted
Posted

Good morning to you PackALunch. :)

isearch is related to AVG Secure Search. Please go to the second post in the below link to disable this function of AVG:

https://support.mozilla.org/en-US/questions/881017

Please let me know if isearch persists.

===========

Also, please run a free online scan with the ESET Online Scanner.

Note: You can use Internet Explorer or Mozilla Firefox for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

===========

When you reply please provide log.txt. and if isearch is fixed. :)

Link to post
Share on other sites
PackALunch

PackALunch

Posted
  • Author
Posted

The isearch is only an issue with Google Chrome. The solution you posted is for Firefox and didn't work in Chrome.

Here's the ESET scan:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=2b20fe17f43705429eb0512141e4ce7b

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-08-15 11:16:14

# local_time=2012-08-15 07:16:14 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776574 100 94 711591 96610627 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=297561

# found=6

# cleaned=6

# scan_time=5396

C:\Qoobox\Quarantine\C\Windows\Installer\{c32a4258-bbee-3148-b360-01fd4a19d043}\U\00000008.@.vir Win64/Agent.BA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Windows\Installer\{c32a4258-bbee-3148-b360-01fd4a19d043}\U\000000cb.@.vir Win64/Conedex.B trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Windows\Installer\{c32a4258-bbee-3148-b360-01fd4a19d043}\U\80000000.@.vir Win64/Sirefef.AP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir Win64/Patched.B.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\08122012_131420\C_Users\Alan\AppData\Local\{46150052-DA02-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\08122012_131420\C_Windows\Installer\{c32a4258-bbee-3148-b360-01fd4a19d043}\U\80000000.@ Win64/Sirefef.AP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites
TheDarkKnight

TheDarkKnight

Posted
Posted

Good evening PackALunch. :)

Please see the below link to disable AVG Safe Serch in Chrome, and hopefully that removes isearch:

http://free.avg.com/ww-en/faq.num-4338

==========

Then, please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document, along with the results of disabling AVG Safe Search.

Link to post
Share on other sites
PackALunch

PackALunch

Posted
  • Author
Posted

The AVG Safe Search does not appear in Step 4 of the instructions you linked. It is set to google, but for some reason the homepage is still this: http://isearch.avg.com/?cid={641185E0-4645-4D34-A074-4B50DB319E5D}&mid=b770532ed54947d098ced1542655810e-40d0caceb6da94f855a39c37c30e55dd5585daab〈=en&ds=gl011&pr=sa&d=2012-08-10%2018:26:55&v=11.1.0.7&sap=hp

Results of screen317's Security Check version 0.99.44

Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 8 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Lavasoft Ad-Aware

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Ad-Aware

Spybot - Search & Destroy

Malwarebytes Anti-Malware version 1.62.0.1300

Java 6 Update 29

Java version out of Date!

Adobe Reader X 10.1.3 Adobe Reader out of Date!

Mozilla Firefox (14.0.1)

Google Chrome 21.0.1180.77

Google Chrome 21.0.1180.79

Google Chrome VisualElementsManifest.xml..

````````Process Check: objlist.exe by Laurent````````

Ad-Aware AAWService.exe is disabled!

Ad-Aware AAWTray.exe is disabled!

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Ad-Aware Antivirus AdAwareService.exe

Ad-Aware Antivirus SBAMSvc.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Link to post
Share on other sites
TheDarkKnight

TheDarkKnight

Posted
Posted

Good morning PackALunch. :)

Did you disable the AVG Safe Search Toolbar?

  • Please type this into your Chrome Address Bar:
    chrome://chrome/settings/
  • Then, under On Startup>Click Open a specific page or set of pages.
  • Remove all(your specific) pages which were previously set.
  • Then under Search.
  • Select Manage Search engines...
  • Remove any that are related to AVG.

Please let me know if that helps resolve the issue.

Link to post
Share on other sites
TheDarkKnight

TheDarkKnight

Posted
Posted

Hello PackALunch. :)

Are there any more scans I should run?

I see no reason to unless you have an issue on your computer?

Your version of Java is out of date. It's important to remove older versions of Java since it does not do so automatically and older versions can leave you vulnerable.

Please follow the instructions below to update Java:

  • Please go to the below link and download the latest Windows XP version:

http://www.java.com/...load/manual.jsp

  • Save it to your Desktop.
  • Please go to Start>Control Panel>Programs and Features>Programs.
  • Navigate to any versions of Java (J2SE Runtime Environment) you have installed. They will have this icon next to them: javaicon.gif
  • Select Uninstal.
  • Please double-click the installer and follow the prompts to install the latest version once all the previous versions have been successfully removed.

Your version of Adobe Reader is out of date. It could have security vulnerabilities, so please follow these instructions to update it:

  • Please go to Start>All Programs>Adobe Reader.
  • Open Adobe Reader and navigate to Help>Check for Updates.
  • Please follow the prompts to install the latest version.

==========

In your next post please let me know how the updates go and if there are any remaining issues. :)

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.