Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Trojan.Agent in svchost.exe file [Solved]

Started by Amg92 , Mar 17 2012 11:28 PM

This topic is locked

#1
Amg92

Posted 17 March 2012 - 11:28 PM

New Member

Member
5 posts

I'll try to include as many details as possible seeing as I'm not great with computers when it comes to these things. As best I can guess I think I got the virus/malware while browsing 1channel.ch which is a site I regularly watch movies/tv shows on and I've gotten maleware, etc from it before but nothing this serious. It slows down my computer greatly and causes it to crash occasionally; including once while I was typing my first topic on here. I've tried running several different antimalware/antivirus/antispyware etc. programs, including: AVG, Avira, ComboFix, HijackThis, and SuperAntiSpyware. ComboFix has detected and deleted(once in Safe Mode and again in normal windows) the C:\Windows\svchost.exe file (the file the viruses are in) but every time I reboot the viruses are still there. It's the same situation with the only other program that even detects them, Malwarebytes Anti-Malware. It also doesn't remove it no matter how many times I try. It detects them as a Trojan.Agent, both viruses in C:\Windows\svchost.exe, one under the category: File, and another under the category: Memory Process. A friend of mine, who's much more computer savvy than myself, gave it his best shot with the listed anti infection programs but also couldn't get it removed and recommended I come here. I'd appreciate any help and I'll try to include additional details that could help if I remember them.

Here is the OTL log:

OTL logfile created on: 3/18/2012 1:13:28 AM - Run 2
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Seth\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 69.86% Memory free
7.92 Gb Paging File | 6.58 Gb Available in Paging File | 83.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 855.25 Gb Free Space | 91.82% Space Free | Partition Type: NTFS

Computer Name: SETH-PC | User Name: Seth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/18 01:04:18 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Seth\Downloads\OTL.exe
PRC - [2012/03/05 13:44:07 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/02/23 06:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/01/31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/01/31 08:56:50 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/01/31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2010/10/14 04:11:39 | 000,487,424 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
PRC - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/07/01 00:06:10 | 002,533,400 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/07/01 00:06:06 | 000,325,656 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/05/07 18:47:32 | 000,114,008 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/05 13:44:07 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/28 02:17:41 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 18:36:20 | 000,921,944 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtNetwork4.dll
MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/05/07 18:45:16 | 000,197,976 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/03/17 00:04:21 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/02/23 06:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/01/31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/01/31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/07/01 00:06:10 | 002,533,400 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/07/01 00:06:06 | 000,325,656 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/31 08:57:31 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/01/31 08:57:30 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/09/16 16:09:16 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/06/23 05:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/06/21 18:07:36 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/05/14 18:02:14 | 006,465,760 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C510(UVC)
DRV:64bit: - [2010/05/14 18:00:52 | 000,329,952 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2010/05/14 17:58:00 | 000,024,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010/01/06 17:20:00 | 000,676,864 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009/09/17 00:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012/02/09 17:24:30 | 000,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (SecDrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {050F6D2A-CD2C-4CCF-A95E-9A59CEE646C0}
IE:64bit: - HKLM\..\SearchScopes\{050F6D2A-CD2C-4CCF-A95E-9A59CEE646C0}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {52A54A6E-3E27-4A22-A928-6755ADA9CFFC}
IE - HKLM\..\SearchScopes\{52A54A6E-3E27-4A22-A928-6755ADA9CFFC}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\SearchScopes,DefaultScope = {52A54A6E-3E27-4A22-A928-6755ADA9CFFC}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://my.daemon-sea...//www.msn.com/"
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010/12/24 22:54:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010/12/24 22:54:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/16 23:20:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/19 20:01:44 | 000,000,000 | ---D | M]

[2010/12/21 16:21:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Seth\AppData\Roaming\Mozilla\Extensions
[2012/03/17 21:36:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Seth\AppData\Roaming\Mozilla\Firefox\Profiles\zxmr2m0l.default\extensions
[2011/06/21 19:08:05 | 000,002,055 | ---- | M] () -- C:\Users\Seth\AppData\Roaming\Mozilla\Firefox\Profiles\zxmr2m0l.default\searchplugins\daemon-search.xml
[2011/11/09 13:06:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/05 13:44:07 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/13 15:08:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/13 15:08:18 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/18 00:43:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Seth\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Seth\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Seth\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Seth\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 216.165.129.158
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F09E33B-F33B-4157-A64D-EB5773E8945F}: DhcpNameServer = 192.168.0.1 216.165.129.158
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/18 00:50:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/18 00:48:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/17 23:21:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/03/17 22:41:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/17 22:41:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/17 22:41:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/17 22:41:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/17 22:34:41 | 002,540,688 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Seth\Desktop\avg_remover_stf_x64_2012_1796.exe
[2012/03/17 22:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Installer Clean Up
[2012/03/17 22:31:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECACHE
[2012/03/17 22:25:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/17 22:17:19 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/03/17 22:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/03/17 22:05:18 | 000,132,320 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/03/17 22:05:18 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/03/17 22:05:18 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012/03/17 21:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/03/17 21:59:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2012/03/17 21:59:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2012/03/17 21:54:07 | 004,438,697 | R--- | C] (Swearware) -- C:\Users\Seth\Desktop\ComboFix.exe
[2012/03/17 21:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2012/03/17 21:37:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/03/17 21:35:36 | 000,000,000 | ---D | C] -- C:\Users\Seth\Desktop\@@@@@@@@@@
[2012/03/17 21:22:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012/03/16 21:21:14 | 000,000,000 | ---D | C] -- C:\Users\Seth\AppData\Roaming\Avira
[2012/03/16 21:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/03/16 21:17:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/03/16 19:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/03/16 08:48:48 | 000,000,000 | ---D | C] -- C:\Users\Seth\AppData\Roaming\SUPERAntiSpyware.com
[2012/03/16 08:48:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/03/16 08:48:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/16 08:33:32 | 000,000,000 | ---D | C] -- C:\Users\Seth\AppData\Roaming\DriverCure
[2012/03/16 08:33:31 | 000,000,000 | ---D | C] -- C:\Users\Seth\AppData\Roaming\ParetoLogic
[2012/03/16 08:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2012/03/12 20:18:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/03/12 20:18:38 | 000,000,000 | ---D | C] -- C:\Users\Seth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/03/05 16:33:30 | 000,000,000 | ---D | C] -- C:\Users\Seth\AppData\Local\Skyrim
[2012/03/05 16:31:51 | 000,000,000 | ---D | C] -- C:\Users\Seth\Documents\My Games
[2012/02/24 16:15:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/02/24 16:15:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam

========== Files - Modified Within 30 Days ==========

[2012/03/18 01:11:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/18 01:11:45 | 3189,071,872 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/18 00:57:36 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/18 00:57:36 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/18 00:56:11 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/18 00:56:11 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/18 00:56:11 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/18 00:43:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/17 23:21:48 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/17 22:34:17 | 002,540,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Seth\Desktop\avg_remover_stf_x64_2012_1796.exe
[2012/03/17 22:17:15 | 323,189,945 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/17 22:05:31 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/03/17 21:54:09 | 004,438,697 | R--- | M] (Swearware) -- C:\Users\Seth\Desktop\ComboFix.exe
[2012/03/17 21:37:23 | 000,002,097 | ---- | M] () -- C:\Users\Seth\Desktop\HijackThis.lnk
[2012/03/17 21:22:17 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012/03/17 04:22:53 | 000,281,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/16 23:28:29 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/03/05 13:44:10 | 000,002,048 | ---- | M] () -- C:\Users\Seth\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/24 16:15:27 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk

========== Files Created - No Company Name ==========

[2012/03/17 23:21:48 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/17 22:41:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/17 22:41:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/17 22:41:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/17 22:41:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/17 22:41:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/17 22:32:16 | 000,002,849 | ---- | C] () -- C:\Users\Seth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk
[2012/03/17 22:17:15 | 323,189,945 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/03/17 22:05:31 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/03/17 21:37:23 | 000,002,097 | ---- | C] () -- C:\Users\Seth\Desktop\HijackThis.lnk
[2012/03/17 21:22:17 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012/03/17 21:22:17 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012/03/16 23:28:29 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/02/24 16:15:27 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/01/12 05:05:28 | 000,001,428 | -HS- | C] () -- C:\Users\Seth\AppData\Local\288x46h753768my6gq264ip
[2012/01/12 05:05:28 | 000,001,428 | -HS- | C] () -- C:\ProgramData\288x46h753768my6gq264ip
[2012/01/05 18:19:13 | 000,011,370 | -HS- | C] () -- C:\Users\Seth\AppData\Local\15wsyw72s701ub5lg7xwn23k2o2v66202upu6846f6xi08
[2012/01/05 18:19:13 | 000,011,370 | -HS- | C] () -- C:\ProgramData\15wsyw72s701ub5lg7xwn23k2o2v66202upu6846f6xi08
[2011/12/31 17:47:04 | 000,001,252 | -HS- | C] () -- C:\Users\Seth\AppData\Local\181fc42kw68j70577484kxorxb3y448cfd5ae01271j
[2011/12/31 17:47:04 | 000,001,252 | -HS- | C] () -- C:\ProgramData\181fc42kw68j70577484kxorxb3y448cfd5ae01271j
[2011/12/27 20:32:51 | 000,001,522 | -HS- | C] () -- C:\Users\Seth\AppData\Local\o75y362btui01qt3l86c18yj0lei7dk34itk5g44c
[2011/12/27 20:32:51 | 000,001,522 | -HS- | C] () -- C:\ProgramData\o75y362btui01qt3l86c18yj0lei7dk34itk5g44c
[2011/12/25 19:53:33 | 000,007,598 | ---- | C] () -- C:\Users\Seth\AppData\Local\Resmon.ResmonCfg
[2011/12/23 10:05:17 | 000,009,540 | -HS- | C] () -- C:\Users\Seth\AppData\Local\382186v8a170s663a634o4eia3a3
[2011/12/23 10:05:17 | 000,009,540 | -HS- | C] () -- C:\ProgramData\382186v8a170s663a634o4eia3a3
[2011/12/21 06:36:14 | 000,001,482 | -HS- | C] () -- C:\Users\Seth\AppData\Local\g5ki08g8ie4ses
[2011/12/21 06:36:14 | 000,001,482 | -HS- | C] () -- C:\ProgramData\g5ki08g8ie4ses
[2011/12/19 04:58:48 | 000,001,180 | -HS- | C] () -- C:\Users\Seth\AppData\Local\012813v4r486t150c487b2mmd7k4
[2011/12/19 04:58:48 | 000,001,180 | -HS- | C] () -- C:\ProgramData\012813v4r486t150c487b2mmd7k4
[2011/12/17 08:50:45 | 000,001,388 | -HS- | C] () -- C:\Users\Seth\AppData\Local\355754e6n583k085k872c1oxs1h2
[2011/12/17 08:50:45 | 000,001,388 | -HS- | C] () -- C:\ProgramData\355754e6n583k085k872c1oxs1h2
[2011/12/16 15:03:21 | 000,001,450 | -HS- | C] () -- C:\Users\Seth\AppData\Local\556743u6e382q717x083h0cov2n3
[2011/12/16 15:03:21 | 000,001,450 | -HS- | C] () -- C:\ProgramData\556743u6e382q717x083h0cov2n3
[2011/12/14 03:08:18 | 000,001,334 | -HS- | C] () -- C:\Users\Seth\AppData\Local\fxpwtr0c4feg7igq0jax2o667b5a
[2011/12/14 03:08:18 | 000,001,334 | -HS- | C] () -- C:\ProgramData\fxpwtr0c4feg7igq0jax2o667b5a
[2011/11/28 21:06:18 | 000,001,392 | -HS- | C] () -- C:\Users\Seth\AppData\Local\m5di23d0kl1qov
[2011/11/28 21:06:18 | 000,001,392 | -HS- | C] () -- C:\ProgramData\m5di23d0kl1qov
[2011/11/26 21:48:16 | 000,001,446 | -HS- | C] () -- C:\Users\Seth\AppData\Local\fwvwno3x4dhx2doq6gfi1h707k8s
[2011/11/26 21:48:16 | 000,001,446 | -HS- | C] () -- C:\ProgramData\fwvwno3x4dhx2doq6gfi1h707k8s
[2011/11/19 05:52:52 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/10/19 20:19:35 | 000,000,007 | ---- | C] () -- C:\Users\Seth\AppData\Roaming\RSBuddy Login.ini
[2011/07/31 19:32:50 | 000,000,107 | ---- | C] () -- C:\Users\Seth\AppData\Roaming\RSBuddy_minocyc.ini
[2011/07/31 19:00:46 | 000,000,040 | ---- | C] () -- C:\Users\Seth\AppData\Roaming\RSBuddy_MitchellN.ini
[2011/05/18 15:16:57 | 000,005,632 | ---- | C] () -- C:\Users\Seth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/14 17:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010/05/14 17:56:06 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010/05/14 17:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll

========== LOP Check ==========

[2011/04/22 02:11:18 | 000,000,000 | ---D | M] -- C:\Users\Seth\AppData\Roaming\.minecraft
[2011/06/21 19:10:11 | 000,000,000 | ---D | M] -- C:\Users\Seth\AppData\Roaming\DAEMON Tools Lite
[2012/03/16 08:33:32 | 000,000,000 | ---D | M] -- C:\Users\Seth\AppData\Roaming\DriverCure
[2012/03/15 01:50:12 | 000,000,000 | ---D | M] -- C:\Users\Seth\AppData\Roaming\DVDVideoSoft
[2011/03/25 18:16:56 | 000,000,000 | ---D | M] -- C:\Users\Seth\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/03/12 14:42:23 | 000,000,000 | ---D | M] -- C:\Users\Seth\AppData\Roaming\Leadertech
[2011/04/23 08:12:57 | 000,000,000 | ---D | M] -- C:\Users\Seth\AppData\Roaming\LolClient
[2012/03/16 08:33:31 | 000,000,000 | ---D | M] -- C:\Users\Seth\AppData\Roaming\ParetoLogic
[2011/11/26 20:54:05 | 000,000,000 | ---D | M] -- C:\Users\Seth\AppData\Roaming\TS3Client
[2011/12/25 19:43:09 | 000,000,000 | ---D | M] -- C:\Users\Seth\AppData\Roaming\uTorrent
[2011/10/12 14:32:52 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Edited by Amg92, 17 March 2012 - 11:38 PM.

#2
Essexboy

Posted 18 March 2012 - 08:38 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi there could you post the combofix log please

Download aswMBR.exe ( 4.1mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

THEN

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Seth\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Seth\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Seth\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Seth\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
[2012/01/12 05:05:28 | 000,001,428 | -HS- | C] () -- C:\Users\Seth\AppData\Local\288x46h753768my6gq264ip
[2012/01/12 05:05:28 | 000,001,428 | -HS- | C] () -- C:\ProgramData\288x46h753768my6gq264ip
[2012/01/05 18:19:13 | 000,011,370 | -HS- | C] () -- C:\Users\Seth\AppData\Local\15wsyw72s701ub5lg7xwn23k2o2v66202upu6846f6xi08
[2012/01/05 18:19:13 | 000,011,370 | -HS- | C] () -- C:\ProgramData\15wsyw72s701ub5lg7xwn23k2o2v66202upu6846f6xi08
[2011/12/31 17:47:04 | 000,001,252 | -HS- | C] () -- C:\Users\Seth\AppData\Local\181fc42kw68j70577484kxorxb3y448cfd5ae01271j
[2011/12/31 17:47:04 | 000,001,252 | -HS- | C] () -- C:\ProgramData\181fc42kw68j70577484kxorxb3y448cfd5ae01271j
[2011/12/27 20:32:51 | 000,001,522 | -HS- | C] () -- C:\Users\Seth\AppData\Local\o75y362btui01qt3l86c18yj0lei7dk34itk5g44c
[2011/12/27 20:32:51 | 000,001,522 | -HS- | C] () -- C:\ProgramData\o75y362btui01qt3l86c18yj0lei7dk34itk5g44c
[2011/12/23 10:05:17 | 000,009,540 | -HS- | C] () -- C:\Users\Seth\AppData\Local\382186v8a170s663a634o4eia3a3
[2011/12/23 10:05:17 | 000,009,540 | -HS- | C] () -- C:\ProgramData\382186v8a170s663a634o4eia3a3
[2011/12/21 06:36:14 | 000,001,482 | -HS- | C] () -- C:\Users\Seth\AppData\Local\g5ki08g8ie4ses
[2011/12/21 06:36:14 | 000,001,482 | -HS- | C] () -- C:\ProgramData\g5ki08g8ie4ses
[2011/12/19 04:58:48 | 000,001,180 | -HS- | C] () -- C:\Users\Seth\AppData\Local\012813v4r486t150c487b2mmd7k4
[2011/12/19 04:58:48 | 000,001,180 | -HS- | C] () -- C:\ProgramData\012813v4r486t150c487b2mmd7k4
[2011/12/17 08:50:45 | 000,001,388 | -HS- | C] () -- C:\Users\Seth\AppData\Local\355754e6n583k085k872c1oxs1h2
[2011/12/17 08:50:45 | 000,001,388 | -HS- | C] () -- C:\ProgramData\355754e6n583k085k872c1oxs1h2
[2011/12/16 15:03:21 | 000,001,450 | -HS- | C] () -- C:\Users\Seth\AppData\Local\556743u6e382q717x083h0cov2n3
[2011/12/16 15:03:21 | 000,001,450 | -HS- | C] () -- C:\ProgramData\556743u6e382q717x083h0cov2n3
[2011/12/14 03:08:18 | 000,001,334 | -HS- | C] () -- C:\Users\Seth\AppData\Local\fxpwtr0c4feg7igq0jax2o667b5a
[2011/12/14 03:08:18 | 000,001,334 | -HS- | C] () -- C:\ProgramData\fxpwtr0c4feg7igq0jax2o667b5a
[2011/11/28 21:06:18 | 000,001,392 | -HS- | C] () -- C:\Users\Seth\AppData\Local\m5di23d0kl1qov
[2011/11/28 21:06:18 | 000,001,392 | -HS- | C] () -- C:\ProgramData\m5di23d0kl1qov
[2011/11/26 21:48:16 | 000,001,446 | -HS- | C] () -- C:\Users\Seth\AppData\Local\fwvwno3x4dhx2doq6gfi1h707k8s
[2011/11/26 21:48:16 | 000,001,446 | -HS- | C] () -- C:\ProgramData\fwvwno3x4dhx2doq6gfi1h707k8s

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#3
Amg92

Posted 18 March 2012 - 06:18 PM

New Member

Topic Starter
Member
5 posts

Hey thanks for the reply. There's several logs so I put them in spoilers.

ComboFix Log:

Spoiler

aswMBR Log:

Spoiler

OTL Log:

Spoiler

Edited by Amg92, 18 March 2012 - 06:25 PM.

#4
Essexboy

Posted 19 March 2012 - 04:15 AM

GeekU Moderator

Retired Staff
69,964 posts

OK I see it

Could you post the combofix log

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

#5
Amg92

Posted 19 March 2012 - 06:54 AM

New Member

Topic Starter
Member
5 posts

Wow I think you actually got rid of it. YOU'RE MY HERO. Or at least Malewarebytes isn't detecting it anymore. I ran a Flash Scan and a Quick Scan with no detections. It still seems like a lot of my computer's physical memory is getting used it's at 30% with just Firefox running and there's still 11 svchost.exe processes running(56 processes total), but to be honest before this virus I wasn't checking that stuff at all so it could be completely normal for all I know.

Either way I really appreciate it this virus has been driving me insane.

Here's the TDSSKiller Log:

08:47:06.0832 3876 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
08:47:07.0348 3876 ============================================================
08:47:07.0349 3876 Current date / time: 2012/03/19 08:47:07.0348
08:47:07.0349 3876 SystemInfo:
08:47:07.0349 3876
08:47:07.0349 3876 OS Version: 6.1.7601 ServicePack: 1.0
08:47:07.0349 3876 Product type: Workstation
08:47:07.0349 3876 ComputerName: SETH-PC
08:47:07.0349 3876 UserName: Seth
08:47:07.0349 3876 Windows directory: C:\Windows
08:47:07.0349 3876 System windows directory: C:\Windows
08:47:07.0349 3876 Running under WOW64
08:47:07.0349 3876 Processor architecture: Intel x64
08:47:07.0349 3876 Number of processors: 4
08:47:07.0349 3876 Page size: 0x1000
08:47:07.0349 3876 Boot type: Normal boot
08:47:07.0349 3876 ============================================================
08:47:08.0668 3876 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:47:08.0670 3876 \Device\Harddisk0\DR0:
08:47:08.0681 3876 MBR used
08:47:08.0681 3876 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:47:08.0681 3876 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
08:47:08.0705 3876 Initialize success
08:47:08.0705 3876 ============================================================
08:48:09.0960 4640 ============================================================
08:48:09.0960 4640 Scan started
08:48:09.0960 4640 Mode: Manual; SigCheck; TDLFS;
08:48:09.0960 4640 ============================================================
08:48:10.0333 4640 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:48:10.0415 4640 1394ohci - ok
08:48:10.0440 4640 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:48:10.0451 4640 ACPI - ok
08:48:10.0471 4640 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:48:10.0528 4640 AcpiPmi - ok
08:48:10.0687 4640 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:48:10.0739 4640 adp94xx - ok
08:48:10.0831 4640 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:48:10.0866 4640 adpahci - ok
08:48:10.0989 4640 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:48:11.0002 4640 adpu320 - ok
08:48:11.0047 4640 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:48:11.0099 4640 AFD - ok
08:48:11.0134 4640 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:48:11.0144 4640 agp440 - ok
08:48:11.0201 4640 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:48:11.0209 4640 aliide - ok
08:48:11.0230 4640 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:48:11.0238 4640 amdide - ok
08:48:11.0271 4640 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:48:11.0329 4640 AmdK8 - ok
08:48:11.0345 4640 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:48:11.0369 4640 AmdPPM - ok
08:48:11.0403 4640 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:48:11.0413 4640 amdsata - ok
08:48:11.0476 4640 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:48:11.0488 4640 amdsbs - ok
08:48:11.0517 4640 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:48:11.0531 4640 amdxata - ok
08:48:11.0592 4640 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:48:11.0637 4640 AppID - ok
08:48:11.0723 4640 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:48:11.0733 4640 arc - ok
08:48:11.0749 4640 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:48:11.0760 4640 arcsas - ok
08:48:11.0777 4640 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:48:11.0867 4640 AsyncMac - ok
08:48:11.0897 4640 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:48:11.0903 4640 atapi - ok
08:48:11.0989 4640 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
08:48:12.0024 4640 avgntflt - ok
08:48:12.0041 4640 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
08:48:12.0052 4640 avipbb - ok
08:48:12.0065 4640 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
08:48:12.0073 4640 avkmgr - ok
08:48:12.0119 4640 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:48:12.0175 4640 b06bdrv - ok
08:48:12.0234 4640 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:48:12.0268 4640 b57nd60a - ok
08:48:12.0312 4640 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:48:12.0357 4640 Beep - ok
08:48:12.0398 4640 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:48:12.0420 4640 blbdrive - ok
08:48:12.0510 4640 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:48:12.0575 4640 bowser - ok
08:48:12.0615 4640 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:48:12.0746 4640 BrFiltLo - ok
08:48:12.0770 4640 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:48:12.0781 4640 BrFiltUp - ok
08:48:12.0799 4640 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
08:48:12.0839 4640 BridgeMP - ok
08:48:12.0915 4640 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:48:12.0982 4640 Brserid - ok
08:48:13.0034 4640 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:48:13.0076 4640 BrSerWdm - ok
08:48:13.0214 4640 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:48:13.0248 4640 BrUsbMdm - ok
08:48:13.0309 4640 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:48:13.0342 4640 BrUsbSer - ok
08:48:13.0391 4640 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:48:13.0418 4640 BTHMODEM - ok
08:48:13.0442 4640 catchme - ok
08:48:13.0510 4640 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:48:13.0548 4640 cdfs - ok
08:48:13.0602 4640 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
08:48:13.0636 4640 cdrom - ok
08:48:13.0670 4640 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:48:13.0695 4640 circlass - ok
08:48:13.0727 4640 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:48:13.0738 4640 CLFS - ok
08:48:13.0806 4640 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:48:13.0833 4640 CmBatt - ok
08:48:13.0861 4640 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:48:13.0870 4640 cmdide - ok
08:48:13.0894 4640 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
08:48:13.0920 4640 CNG - ok
08:48:13.0935 4640 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:48:13.0944 4640 Compbatt - ok
08:48:13.0977 4640 CompFilter64 (41f879d9d141cdce729d87ba0e95f731) C:\Windows\system32\DRIVERS\lvbflt64.sys
08:48:13.0984 4640 CompFilter64 - ok
08:48:14.0051 4640 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:48:14.0074 4640 CompositeBus - ok
08:48:14.0113 4640 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:48:14.0122 4640 crcdisk - ok
08:48:14.0152 4640 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:48:14.0193 4640 DfsC - ok
08:48:14.0217 4640 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:48:14.0243 4640 discache - ok
08:48:14.0297 4640 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:48:14.0305 4640 Disk - ok
08:48:14.0365 4640 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:48:14.0393 4640 drmkaud - ok
08:48:14.0426 4640 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:48:14.0449 4640 DXGKrnl - ok
08:48:14.0503 4640 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:48:14.0568 4640 ebdrv - ok
08:48:14.0673 4640 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:48:14.0690 4640 elxstor - ok
08:48:14.0710 4640 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:48:14.0734 4640 ErrDev - ok
08:48:14.0761 4640 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:48:14.0790 4640 exfat - ok
08:48:14.0805 4640 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:48:14.0833 4640 fastfat - ok
08:48:14.0853 4640 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:48:14.0887 4640 fdc - ok
08:48:14.0960 4640 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:48:14.0968 4640 FileInfo - ok
08:48:14.0981 4640 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:48:15.0025 4640 Filetrace - ok
08:48:15.0048 4640 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:48:15.0059 4640 flpydisk - ok
08:48:15.0080 4640 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:48:15.0090 4640 FltMgr - ok
08:48:15.0109 4640 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:48:15.0119 4640 FsDepends - ok
08:48:15.0130 4640 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
08:48:15.0139 4640 Fs_Rec - ok
08:48:15.0203 4640 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:48:15.0215 4640 fvevol - ok
08:48:15.0242 4640 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:48:15.0252 4640 gagp30kx - ok
08:48:15.0279 4640 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:48:15.0286 4640 GEARAspiWDM - ok
08:48:15.0304 4640 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:48:15.0347 4640 hcw85cir - ok
08:48:15.0373 4640 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:48:15.0403 4640 HdAudAddService - ok
08:48:15.0525 4640 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
08:48:15.0562 4640 HDAudBus - ok
08:48:15.0651 4640 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
08:48:15.0666 4640 HECIx64 - ok
08:48:15.0729 4640 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:48:15.0753 4640 HidBatt - ok
08:48:15.0800 4640 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:48:15.0832 4640 HidBth - ok
08:48:15.0868 4640 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:48:15.0884 4640 HidIr - ok
08:48:15.0941 4640 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
08:48:15.0968 4640 HidUsb - ok
08:48:16.0005 4640 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:48:16.0015 4640 HpSAMD - ok
08:48:16.0066 4640 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:48:16.0121 4640 HTTP - ok
08:48:16.0159 4640 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:48:16.0166 4640 hwpolicy - ok
08:48:16.0211 4640 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:48:16.0223 4640 i8042prt - ok
08:48:16.0253 4640 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:48:16.0269 4640 iaStorV - ok
08:48:16.0310 4640 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:48:16.0320 4640 iirsp - ok
08:48:16.0395 4640 IntcAzAudAddService (e8017f1662d9142f45ceab694d013c00) C:\Windows\system32\drivers\RTKVHD64.sys
08:48:16.0441 4640 IntcAzAudAddService - ok
08:48:16.0451 4640 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:48:16.0460 4640 intelide - ok
08:48:16.0483 4640 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:48:16.0508 4640 intelppm - ok
08:48:16.0557 4640 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:48:16.0601 4640 IpFilterDriver - ok
08:48:16.0649 4640 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:48:16.0677 4640 IPMIDRV - ok
08:48:16.0716 4640 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:48:16.0758 4640 IPNAT - ok
08:48:16.0798 4640 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:48:16.0850 4640 IRENUM - ok
08:48:16.0901 4640 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:48:16.0910 4640 isapnp - ok
08:48:16.0935 4640 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:48:16.0950 4640 iScsiPrt - ok
08:48:16.0965 4640 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
08:48:16.0975 4640 kbdclass - ok
08:48:17.0005 4640 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
08:48:17.0028 4640 kbdhid - ok
08:48:17.0072 4640 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
08:48:17.0079 4640 KSecDD - ok
08:48:17.0107 4640 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
08:48:17.0115 4640 KSecPkg - ok
08:48:17.0154 4640 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:48:17.0197 4640 ksthunk - ok
08:48:17.0255 4640 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:48:17.0293 4640 lltdio - ok
08:48:17.0351 4640 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:48:17.0362 4640 LSI_FC - ok
08:48:17.0409 4640 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:48:17.0420 4640 LSI_SAS - ok
08:48:17.0436 4640 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:48:17.0446 4640 LSI_SAS2 - ok
08:48:17.0464 4640 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:48:17.0474 4640 LSI_SCSI - ok
08:48:17.0499 4640 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:48:17.0541 4640 luafv - ok
08:48:17.0594 4640 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
08:48:17.0601 4640 LVPr2M64 - ok
08:48:17.0627 4640 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
08:48:17.0631 4640 LVPr2Mon - ok
08:48:17.0673 4640 LVRS64 (a43a6cbea073990a784603ef065a281b) C:\Windows\system32\DRIVERS\lvrs64.sys
08:48:17.0685 4640 LVRS64 - ok
08:48:18.0136 4640 LVUVC64 (4350876ab0d0c77d0b40a1c85935c96b) C:\Windows\system32\DRIVERS\lvuvc64.sys
08:48:18.0256 4640 LVUVC64 - ok
08:48:18.0331 4640 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:48:18.0341 4640 megasas - ok
08:48:18.0357 4640 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:48:18.0371 4640 MegaSR - ok
08:48:18.0387 4640 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:48:18.0427 4640 Modem - ok
08:48:18.0454 4640 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:48:18.0481 4640 monitor - ok
08:48:18.0540 4640 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:48:18.0550 4640 mouclass - ok
08:48:18.0593 4640 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:48:18.0618 4640 mouhid - ok
08:48:18.0681 4640 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:48:18.0689 4640 mountmgr - ok
08:48:18.0702 4640 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:48:18.0715 4640 mpio - ok
08:48:18.0727 4640 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:48:18.0773 4640 mpsdrv - ok
08:48:18.0853 4640 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:48:18.0913 4640 MRxDAV - ok
08:48:18.0941 4640 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:48:18.0975 4640 mrxsmb - ok
08:48:18.0993 4640 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:48:19.0003 4640 mrxsmb10 - ok
08:48:19.0059 4640 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:48:19.0068 4640 mrxsmb20 - ok
08:48:19.0088 4640 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:48:19.0097 4640 msahci - ok
08:48:19.0115 4640 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:48:19.0127 4640 msdsm - ok
08:48:19.0147 4640 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:48:19.0171 4640 Msfs - ok
08:48:19.0179 4640 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:48:19.0223 4640 mshidkmdf - ok
08:48:19.0295 4640 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:48:19.0302 4640 msisadrv - ok
08:48:19.0327 4640 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:48:19.0371 4640 MSKSSRV - ok
08:48:19.0391 4640 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:48:19.0432 4640 MSPCLOCK - ok
08:48:19.0457 4640 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:48:19.0512 4640 MSPQM - ok
08:48:19.0595 4640 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:48:19.0606 4640 MsRPC - ok
08:48:19.0634 4640 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:48:19.0641 4640 mssmbios - ok
08:48:19.0698 4640 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:48:19.0742 4640 MSTEE - ok
08:48:19.0765 4640 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:48:19.0793 4640 MTConfig - ok
08:48:19.0864 4640 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:48:19.0871 4640 Mup - ok
08:48:19.0900 4640 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:48:19.0937 4640 NativeWifiP - ok
08:48:19.0975 4640 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:48:19.0994 4640 NDIS - ok
08:48:20.0017 4640 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:48:20.0043 4640 NdisCap - ok
08:48:20.0105 4640 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:48:20.0148 4640 NdisTapi - ok
08:48:20.0177 4640 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:48:20.0217 4640 Ndisuio - ok
08:48:20.0245 4640 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:48:20.0287 4640 NdisWan - ok
08:48:20.0310 4640 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:48:20.0351 4640 NDProxy - ok
08:48:20.0421 4640 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:48:20.0445 4640 NetBIOS - ok
08:48:20.0469 4640 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:48:20.0516 4640 NetBT - ok
08:48:20.0564 4640 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:48:20.0573 4640 nfrd960 - ok
08:48:20.0591 4640 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:48:20.0631 4640 Npfs - ok
08:48:20.0723 4640 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:48:20.0761 4640 nsiproxy - ok
08:48:20.0807 4640 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:48:20.0836 4640 Ntfs - ok
08:48:20.0851 4640 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:48:20.0888 4640 Null - ok
08:48:20.0956 4640 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
08:48:20.0985 4640 NVENETFD - ok
08:48:21.0025 4640 NVHDA (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys
08:48:21.0035 4640 NVHDA - ok
08:48:21.0222 4640 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:48:21.0418 4640 nvlddmkm - ok
08:48:21.0492 4640 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:48:21.0503 4640 nvraid - ok
08:48:21.0527 4640 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:48:21.0539 4640 nvstor - ok
08:48:21.0553 4640 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:48:21.0565 4640 nv_agp - ok
08:48:21.0582 4640 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:48:21.0610 4640 ohci1394 - ok
08:48:21.0656 4640 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:48:21.0668 4640 Parport - ok
08:48:21.0778 4640 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
08:48:21.0785 4640 partmgr - ok
08:48:21.0810 4640 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:48:21.0819 4640 pci - ok
08:48:21.0827 4640 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:48:21.0834 4640 pciide - ok
08:48:21.0860 4640 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:48:21.0873 4640 pcmcia - ok
08:48:21.0889 4640 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:48:21.0896 4640 pcw - ok
08:48:21.0913 4640 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:48:21.0963 4640 PEAUTH - ok
08:48:22.0065 4640 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:48:22.0108 4640 PptpMiniport - ok
08:48:22.0149 4640 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:48:22.0181 4640 Processor - ok
08:48:22.0223 4640 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:48:22.0266 4640 Psched - ok
08:48:22.0343 4640 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:48:22.0375 4640 ql2300 - ok
08:48:22.0388 4640 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:48:22.0399 4640 ql40xx - ok
08:48:22.0423 4640 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:48:22.0451 4640 QWAVEdrv - ok
08:48:22.0469 4640 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:48:22.0512 4640 RasAcd - ok
08:48:22.0596 4640 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:48:22.0622 4640 RasAgileVpn - ok
08:48:22.0647 4640 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:48:22.0693 4640 Rasl2tp - ok
08:48:22.0733 4640 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:48:22.0779 4640 RasPppoe - ok
08:48:22.0802 4640 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:48:22.0844 4640 RasSstp - ok
08:48:22.0920 4640 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:48:22.0959 4640 rdbss - ok
08:48:22.0976 4640 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:48:22.0988 4640 rdpbus - ok
08:48:23.0005 4640 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:48:23.0030 4640 RDPCDD - ok
08:48:23.0052 4640 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:48:23.0094 4640 RDPENCDD - ok
08:48:23.0159 4640 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:48:23.0184 4640 RDPREFMP - ok
08:48:23.0205 4640 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
08:48:23.0228 4640 RDPWD - ok
08:48:23.0262 4640 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:48:23.0271 4640 rdyboost - ok
08:48:23.0315 4640 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:48:23.0354 4640 rspndr - ok
08:48:23.0439 4640 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
08:48:23.0452 4640 RTL8167 - ok
08:48:23.0495 4640 RTL8192su (fc00c0de6dc83de1b2b01420e2195b21) C:\Windows\system32\DRIVERS\RTL8192su.sys
08:48:23.0522 4640 RTL8192su - ok
08:48:23.0578 4640 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
08:48:23.0583 4640 SASDIFSV - ok
08:48:23.0607 4640 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
08:48:23.0612 4640 SASKUTIL - ok
08:48:23.0675 4640 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:48:23.0686 4640 sbp2port - ok
08:48:23.0715 4640 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:48:23.0740 4640 scfilter - ok
08:48:23.0783 4640 SecDrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\SECDRV.SYS
08:48:23.0824 4640 SecDrv - ok
08:48:23.0844 4640 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:48:23.0867 4640 Serenum - ok
08:48:23.0938 4640 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:48:23.0950 4640 Serial - ok
08:48:23.0976 4640 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:48:23.0998 4640 sermouse - ok
08:48:24.0026 4640 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:48:24.0066 4640 sffdisk - ok
08:48:24.0076 4640 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:48:24.0101 4640 sffp_mmc - ok
08:48:24.0164 4640 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:48:24.0193 4640 sffp_sd - ok
08:48:24.0224 4640 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:48:24.0233 4640 sfloppy - ok
08:48:24.0273 4640 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:48:24.0282 4640 SiSRaid2 - ok
08:48:24.0292 4640 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:48:24.0302 4640 SiSRaid4 - ok
08:48:24.0362 4640 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:48:24.0389 4640 Smb - ok
08:48:24.0397 4640 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:48:24.0404 4640 spldr - ok
08:48:24.0435 4640 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:48:24.0483 4640 srv - ok
08:48:24.0503 4640 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:48:24.0514 4640 srv2 - ok
08:48:24.0524 4640 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:48:24.0547 4640 srvnet - ok
08:48:24.0692 4640 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:48:24.0701 4640 stexstor - ok
08:48:24.0737 4640 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:48:24.0745 4640 swenum - ok
08:48:24.0795 4640 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
08:48:24.0828 4640 Tcpip - ok
08:48:24.0867 4640 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
08:48:24.0892 4640 TCPIP6 - ok
08:48:24.0933 4640 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:48:24.0972 4640 tcpipreg - ok
08:48:24.0995 4640 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:48:25.0015 4640 TDPIPE - ok
08:48:25.0045 4640 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
08:48:25.0065 4640 TDTCP - ok
08:48:25.0097 4640 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:48:25.0123 4640 tdx - ok
08:48:25.0210 4640 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:48:25.0220 4640 TermDD - ok
08:48:25.0248 4640 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:48:25.0289 4640 tssecsrv - ok
08:48:25.0312 4640 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:48:25.0352 4640 TsUsbFlt - ok
08:48:25.0381 4640 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:48:25.0424 4640 tunnel - ok
08:48:25.0482 4640 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:48:25.0492 4640 uagp35 - ok
08:48:25.0530 4640 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:48:25.0573 4640 udfs - ok
08:48:25.0608 4640 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:48:25.0618 4640 uliagpkx - ok
08:48:25.0640 4640 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
08:48:25.0668 4640 umbus - ok
08:48:25.0690 4640 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:48:25.0713 4640 UmPass - ok
08:48:25.0780 4640 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
08:48:25.0806 4640 usbaudio - ok
08:48:25.0836 4640 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
08:48:25.0854 4640 usbccgp - ok
08:48:25.0887 4640 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:48:25.0920 4640 usbcir - ok
08:48:25.0946 4640 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
08:48:25.0972 4640 usbehci - ok
08:48:26.0034 4640 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:48:26.0069 4640 usbhub - ok
08:48:26.0103 4640 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
08:48:26.0131 4640 usbohci - ok
08:48:26.0153 4640 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:48:26.0182 4640 usbprint - ok
08:48:26.0210 4640 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
08:48:26.0252 4640 USBSTOR - ok
08:48:26.0303 4640 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
08:48:26.0330 4640 usbuhci - ok
08:48:26.0361 4640 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:48:26.0367 4640 vdrvroot - ok
08:48:26.0382 4640 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:48:26.0394 4640 vga - ok
08:48:26.0413 4640 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:48:26.0458 4640 VgaSave - ok
08:48:26.0482 4640 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:48:26.0496 4640 vhdmp - ok
08:48:26.0515 4640 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:48:26.0524 4640 viaide - ok
08:48:26.0557 4640 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:48:26.0564 4640 volmgr - ok
08:48:26.0587 4640 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:48:26.0598 4640 volmgrx - ok
08:48:26.0612 4640 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:48:26.0622 4640 volsnap - ok
08:48:26.0657 4640 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:48:26.0669 4640 vsmraid - ok
08:48:26.0682 4640 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
08:48:26.0705 4640 vwifibus - ok
08:48:26.0773 4640 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
08:48:26.0801 4640 vwififlt - ok
08:48:26.0827 4640 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:48:26.0851 4640 WacomPen - ok
08:48:26.0893 4640 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:48:26.0934 4640 WANARP - ok
08:48:26.0937 4640 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:48:26.0960 4640 Wanarpv6 - ok
08:48:26.0995 4640 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:48:27.0004 4640 Wd - ok
08:48:27.0062 4640 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:48:27.0077 4640 Wdf01000 - ok
08:48:27.0119 4640 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:48:27.0144 4640 WfpLwf - ok
08:48:27.0154 4640 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:48:27.0163 4640 WIMMount - ok
08:48:27.0204 4640 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:48:27.0233 4640 WmiAcpi - ok
08:48:27.0309 4640 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:48:27.0335 4640 ws2ifsl - ok
08:48:27.0364 4640 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:48:27.0402 4640 WudfPf - ok
08:48:27.0425 4640 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:48:27.0453 4640 WUDFRd - ok
08:48:27.0475 4640 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
08:48:27.0516 4640 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
08:48:27.0516 4640 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
08:48:27.0561 4640 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
08:48:27.0561 4640 \Device\Harddisk0\DR0 - detected TDSS File System (1)
08:48:27.0563 4640 Boot (0x1200) (efdd80454a1f524062b9006c736a0a34) \Device\Harddisk0\DR0\Partition0
08:48:27.0564 4640 \Device\Harddisk0\DR0\Partition0 - ok
08:48:27.0588 4640 Boot (0x1200) (bb8bfa3290afaa7edf0a7b68d3b76236) \Device\Harddisk0\DR0\Partition1
08:48:27.0589 4640 \Device\Harddisk0\DR0\Partition1 - ok
08:48:27.0589 4640 ============================================================
08:48:27.0589 4640 Scan finished
08:48:27.0589 4640 ============================================================
08:48:27.0597 3568 Detected object count: 2
08:48:27.0597 3568 Actual detected object count: 2
08:48:53.0594 3568 \Device\Harddisk0\DR0\# - copied to quarantine
08:48:53.0594 3568 \Device\Harddisk0\DR0 - copied to quarantine
08:48:53.0623 3568 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
08:48:53.0625 3568 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
08:48:53.0628 3568 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
08:48:53.0631 3568 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
08:48:53.0645 3568 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
08:48:53.0654 3568 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
08:48:53.0655 3568 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
08:48:53.0657 3568 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
08:48:53.0658 3568 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
08:48:53.0661 3568 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
08:48:53.0664 3568 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
08:48:53.0665 3568 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
08:48:53.0716 3568 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
08:48:53.0741 3568 \Device\Harddisk0\DR0 - ok
08:48:53.0780 3568 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
08:48:53.0780 3568 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
08:48:53.0780 3568 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
08:50:12.0295 3396 Deinitialize success

I posted the ComboFix log in my last reply but here it is again since you asked for it:

ComboFix 12-03-17.01 - Seth 03/18/2012 0:40.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4055.2319 [GMT -4:00]
Running from: c:\users\Seth\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-18 to 2012-03-18 )))))))))))))))))))))))))))))))
.
.
2012-03-18 04:43 . 2012-03-18 04:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-18 02:32 . 2012-03-18 02:32 3584 ----a-r- c:\users\Seth\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2012-03-18 02:32 . 2012-03-18 02:32 -------- d-----w- c:\program files (x86)\Windows Installer Clean Up
2012-03-18 02:31 . 2012-03-18 02:31 -------- d-----w- c:\program files (x86)\MSECACHE
2012-03-18 02:05 . 2012-01-31 12:57 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-03-18 02:05 . 2012-01-31 12:57 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-03-18 02:05 . 2011-09-16 20:09 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-03-18 01:59 . 2012-03-18 02:00 -------- d-----w- c:\program files (x86)\SpywareBlaster
2012-03-18 01:59 . 2010-01-10 22:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2012-03-18 01:37 . 2012-03-18 01:37 -------- d-----w- c:\program files (x86)\Trend Micro
2012-03-18 01:22 . 2012-03-18 01:22 -------- d-----w- c:\program files (x86)\TeamViewer
2012-03-17 03:30 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-17 03:30 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-17 03:30 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-17 03:30 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-17 03:30 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-17 03:30 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-17 03:29 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-17 03:29 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-17 03:29 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-17 03:29 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-17 01:21 . 2012-03-17 01:21 -------- d-----w- c:\users\Seth\AppData\Roaming\Avira
2012-03-17 01:17 . 2012-03-17 01:17 -------- d-----w- c:\programdata\Avira
2012-03-17 01:17 . 2012-03-17 01:17 -------- d-----w- c:\program files (x86)\Avira
2012-03-16 23:39 . 2012-03-16 23:39 -------- d-----w- c:\program files\Enigma Software Group
2012-03-16 12:48 . 2012-03-16 12:48 -------- d-----w- c:\users\Seth\AppData\Roaming\SUPERAntiSpyware.com
2012-03-16 12:48 . 2012-03-18 03:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-16 12:48 . 2012-03-16 12:48 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-16 12:33 . 2012-03-16 12:33 -------- d-----w- c:\users\Seth\AppData\Roaming\DriverCure
2012-03-16 12:33 . 2012-03-16 12:33 -------- d-----w- c:\users\Seth\AppData\Roaming\ParetoLogic
2012-03-16 12:33 . 2012-03-16 12:39 -------- d-----w- c:\programdata\ParetoLogic
2012-03-05 20:33 . 2012-03-05 20:33 -------- d-----w- c:\users\Seth\AppData\Local\Skyrim
2012-03-05 20:32 . 2008-03-05 21:03 238088 ----a-w- c:\windows\SysWow64\xactengine3_0.dll
2012-03-05 17:57 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-03-05 17:57 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-03-05 17:57 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-03-05 17:57 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-03-05 17:57 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-03-05 17:57 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-05 17:57 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-24 20:15 . 2012-03-18 02:02 -------- d-----w- c:\program files (x86)\Steam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-09 21:24 . 2012-02-09 21:24 163644 ----a-w- c:\windows\SysWow64\drivers\SECDRV.SYS
2011-12-21 17:52 . 2011-12-21 17:52 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-12-21 17:52 . 2011-12-21 17:52 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-12-21 17:52 . 2011-12-21 17:52 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-12-21 17:52 . 2011-12-21 17:52 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-12-21 17:52 . 2011-12-21 17:52 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-12-21 17:52 . 2011-12-21 17:52 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-12-21 17:52 . 2011-12-21 17:52 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-12-21 17:52 . 2011-12-21 17:52 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-12-21 17:52 . 2011-12-21 17:52 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-12-21 17:52 . 2011-12-21 17:52 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-12-21 17:52 . 2011-12-21 17:52 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-12-21 17:52 . 2011-12-21 17:52 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-12-21 17:52 . 2011-12-21 17:52 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-21 17:52 . 2011-12-21 17:52 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-12-21 17:52 . 2011-12-21 17:52 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-12-21 17:52 . 2011-12-21 17:52 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-12-21 17:52 . 2011-12-21 17:52 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-12-21 17:52 . 2011-12-21 17:52 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-12-21 17:52 . 2011-12-21 17:52 222208 ----a-w- c:\windows\system32\msls31.dll
2011-12-21 17:52 . 2011-12-21 17:52 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-21 17:52 . 2011-12-21 17:52 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-12-21 17:52 . 2011-12-21 17:52 12288 ----a-w- c:\windows\system32\mshta.exe
2011-12-21 17:52 . 2011-12-21 17:52 114176 ----a-w- c:\windows\system32\admparse.dll
2011-12-21 17:52 . 2011-12-21 17:52 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-21 17:52 . 2011-12-21 17:52 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-12-21 17:52 . 2011-12-21 17:52 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-12-21 17:52 . 2011-12-21 17:52 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-21 17:52 . 2011-12-21 17:52 448512 ----a-w- c:\windows\system32\html.iec
2011-12-21 17:52 . 2011-12-21 17:52 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-21 17:52 . 2011-12-21 17:52 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-21 17:52 . 2011-12-21 17:52 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-12-21 17:52 . 2011-12-21 17:52 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-21 17:52 . 2011-12-21 17:52 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-12-21 17:52 . 2011-12-21 17:52 160256 ----a-w- c:\windows\system32\wextract.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-18_02.49.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-18 04:13 . 2012-03-18 03:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012031820120319\index.dat
+ 2012-03-17 04:05 . 2012-03-18 03:07 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012031720120318\index.dat
- 2012-03-17 04:05 . 2012-03-18 01:32 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012031720120318\index.dat
- 2012-03-17 03:26 . 2012-03-18 02:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-03-17 03:26 . 2012-03-18 03:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2009-08-07 17:53 . 2012-03-18 03:07 40240 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-18 03:08 49000 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-30 00:14 . 2012-03-18 03:08 15574 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2282208584-1249931738-1591611488-1000_UserData.bin
- 2012-03-18 02:48 . 2012-03-18 02:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-18 04:44 . 2012-03-18 04:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-18 02:48 . 2012-03-18 02:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-18 04:44 . 2012-03-18 04:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-11-03 07:22 . 2012-03-18 02:28 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-11-03 07:22 . 2012-03-18 03:07 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-03-18 04:46 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 02:36 . 2012-03-18 02:33 624162 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-18 03:10 624162 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-18 02:33 106538 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-03-18 03:10 106538 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-03-18 02:39 241144 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-18 04:44 241144 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-02-04 16:25 . 2012-03-18 01:41 537468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2282208584-1249931738-1591611488-1000-12288.dat
+ 2012-02-04 16:25 . 2012-03-18 04:44 537468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2282208584-1249931738-1591611488-1000-12288.dat
- 2009-07-14 04:54 . 2012-03-18 02:49 3899392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-18 04:39 3899392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-03-16 08:20 . 2012-03-18 02:39 6424236 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-03-16 08:20 . 2012-03-18 04:44 6424236 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2009-07-14 04:54 . 2012-03-18 04:39 11845632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-13 06:41 . 2012-03-18 02:39 57531480 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2282208584-1249931738-1591611488-1000-8192.dat
+ 2011-05-13 06:41 . 2012-03-18 04:44 57531480 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2282208584-1249931738-1591611488-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="c:\program files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" [2010-10-14 487424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-07-01 112152]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SASDIFSV
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"MRT"="c:\windows\system32\MRT.exe" [2012-03-17 56297240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\Seth\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Seth\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.0.1 216.165.129.158
FF - ProfilePath - c:\users\Seth\AppData\Roaming\Mozilla\Firefox\Profiles\zxmr2m0l.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.daemon-search.com/startpage|http://www.msn.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-03-18 00:48:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-18 04:48
ComboFix2.txt 2012-03-18 02:53
.
Pre-Run: 918,712,143,872 bytes free
Post-Run: 918,596,927,488 bytes free
.
- - End Of File - - 56660DBB76158F534B1146FF224F2A6D

Edited by Amg92, 19 March 2012 - 07:06 AM.

#6
Essexboy

Posted 19 March 2012 - 09:36 AM

GeekU Moderator

Retired Staff
69,964 posts

Looks better, I missed the log sorry

OK one more element to remove and then I will do a quick scan to ensure that the rest has gone

Re-run TDSSKiller and when you get the following report select delete

\Device\Harddisk0\DR0 ( TDSS File System )

THEN

Re-Run OTL

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open one notepad window.
Post this log

#7
Amg92

Posted 19 March 2012 - 09:49 AM

New Member

Topic Starter
Member
5 posts

Ok I deleted the file and ran OTL again. Here's the log:

OTL logfile created on: 3/19/2012 11:44:42 AM - Run 4
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Seth\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.89 Gb Available Physical Memory | 73.10% Memory free
7.92 Gb Paging File | 6.64 Gb Available in Paging File | 83.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 854.25 Gb Free Space | 91.72% Space Free | Partition Type: NTFS

Computer Name: SETH-PC | User Name: Seth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/18 01:04:18 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Seth\Downloads\OTL.exe
PRC - [2012/02/23 06:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/01/31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/01/31 08:56:50 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/01/31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2010/10/14 04:11:39 | 000,487,424 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
PRC - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/07/01 00:06:10 | 002,533,400 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/07/01 00:06:06 | 000,325,656 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/05/11 15:11:30 | 001,188,176 | ---- | M] (Logitech, Inc.) -- C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe
PRC - [2010/05/11 15:11:20 | 000,341,328 | ---- | M] (Logitech, Inc.) -- C:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exe
PRC - [2010/05/07 18:47:32 | 000,114,008 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

========== Modules (No Company Name) ==========

MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 18:36:20 | 000,921,944 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtNetwork4.dll
MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/05/07 18:45:16 | 000,197,976 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/03/17 00:04:21 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/02/23 06:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/01/31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/01/31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/07/01 00:06:10 | 002,533,400 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/07/01 00:06:06 | 000,325,656 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/31 08:57:31 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/01/31 08:57:30 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/09/16 16:09:16 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/06/23 05:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/06/21 18:07:36 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/05/14 18:02:14 | 006,465,760 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C510(UVC)
DRV:64bit: - [2010/05/14 18:00:52 | 000,329,952 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2010/05/14 17:58:00 | 000,024,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010/01/06 17:20:00 | 000,676,864 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009/09/17 00:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012/02/09 17:24:30 | 000,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (SecDrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {050F6D2A-CD2C-4CCF-A95E-9A59CEE646C0}
IE:64bit: - HKLM\..\SearchScopes\{050F6D2A-CD2C-4CCF-A95E-9A59CEE646C0}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {52A54A6E-3E27-4A22-A928-6755ADA9CFFC}
IE - HKLM\..\SearchScopes\{52A54A6E-3E27-4A22-A928-6755ADA9CFFC}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2282208584-1249931738-1591611488-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-2282208584-1249931738-1591611488-1000\..\SearchScopes,DefaultScope = {52A54A6E-3E27-4A22-A928-6755ADA9CFFC}
IE - HKU\S-1-5-21-2282208584-1249931738-1591611488-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
IE - HKU\S-1-5-21-2282208584-1249931738-1591611488-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010/12/24 22:54:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010/12/24 22:54:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/16 23:20:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/19 20:01:44 | 000,000,000 | ---D | M]

[2010/12/21 16:21:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Seth\AppData\Roaming\Mozilla\Extensions
[2012/03/17 21:36:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Seth\AppData\Roaming\Mozilla\Firefox\Profiles\zxmr2m0l.default\extensions
[2011/06/21 19:08:05 | 000,002,055 | ---- | M] () -- C:\Users\Seth\AppData\Roaming\Mozilla\Firefox\Profiles\zxmr2m0l.default\searchplugins\daemon-search.xml
[2011/11/09 13:06:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/05 13:44:07 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/13 15:08:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/13 15:08:18 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/18 20:11:07 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-2282208584-1249931738-1591611488-1000..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2282208584-1249931738-1591611488-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2282208584-1249931738-1591611488-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 216.165.129.158
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F09E33B-F33B-4157-A64D-EB5773E8945F}: DhcpNameServer = 192.168.0.1 216.165.129.158
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/19 08:48:53 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/19 06:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/03/19 06:23:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Premiumplay Codec-C
[2012/03/19 06:23:12 | 000,000,000 | ---D | C] -- C:\codec-info
[2012/03/19 06:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/03/18 20:11:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/18 02:58:31 | 000,000,000 | ---D | C] -- C:\Users\Seth\AppData\Local\ElevatedDiagnostics
[2012/03/18 00:50:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/18 00:48:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/17 23:21:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/03/17 22:41:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/17 22:41:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/17 22:41:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/17 22:41:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/17 22:34:41 | 002,540,688 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Seth\Desktop\avg_remover_stf_x64_2012_1796.exe
[2012/03/17 22:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Installer Clean Up
[2012/03/17 22:31:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECACHE
[2012/03/17 22:25:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/17 22:17:19 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/03/17 22:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/03/17 22:05:18 | 000,132,320 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/03/17 22:05:18 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/03/17 22:05:18 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012/03/17 21:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/03/17 21:59:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2012/03/17 21:59:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2012/03/17 21:54:07 | 004,438,697 | R--- | C] (Swearware) -- C:\Users\Seth\Desktop\ComboFix.exe
[2012/03/17 21:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2012/03/17 21:37:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/03/17 21:35:36 | 000,000,000 | ---D | C] -- C:\Users\Seth\Desktop\@@@@@@@@@@
[2012/03/17 21:22:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012/03/16 21:21:14 | 000,000,000 | ---D | C] -- C:\Users\Seth\AppData\Roaming\Avira
[2012/03/16 21:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/03/16 21:17:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/03/16 19:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/03/16 08:48:48 | 000,000,000 | ---D | C] -- C:\Users\Seth\AppData\Roaming\SUPERAntiSpyware.com
[2012/03/16 08:48:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/03/16 08:48:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/16 08:33:32 | 000,000,000 | ---D | C] -- C:\Users\Seth\AppData\Roaming\DriverCure
[2012/03/16 08:33:31 | 000,000,000 | ---D | C] -- C:\Users\Seth\AppData\Roaming\ParetoLogic
[2012/03/16 08:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2012/03/12 20:18:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/03/12 20:18:38 | 000,000,000 | ---D | C] -- C:\Users\Seth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/03/05 16:33:30 | 000,000,000 | ---D | C] -- C:\Users\Seth\AppData\Local\Skyrim
[2012/03/05 16:31:51 | 000,000,000 | ---D | C] -- C:\Users\Seth\Documents\My Games
[2012/02/24 16:15:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/02/24 16:15:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam

========== Files - Modified Within 30 Days ==========

[2012/03/19 08:59:05 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/19 08:59:05 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/19 08:56:01 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/19 08:56:01 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/19 08:56:01 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/19 08:51:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/19 08:51:40 | 3189,071,872 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/18 20:11:07 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/03/18 20:05:20 | 000,000,512 | ---- | M] () -- C:\Users\Seth\Desktop\MBR.dat
[2012/03/17 23:21:48 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/17 22:34:17 | 002,540,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Seth\Desktop\avg_remover_stf_x64_2012_1796.exe
[2012/03/17 22:17:15 | 323,189,945 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/17 22:05:31 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/03/17 21:54:09 | 004,438,697 | R--- | M] (Swearware) -- C:\Users\Seth\Desktop\ComboFix.exe
[2012/03/17 21:37:23 | 000,002,097 | ---- | M] () -- C:\Users\Seth\Desktop\HijackThis.lnk
[2012/03/17 21:22:17 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012/03/17 04:22:53 | 000,281,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/16 23:28:29 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/03/05 13:44:10 | 000,002,048 | ---- | M] () -- C:\Users\Seth\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/24 16:15:27 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk

========== Files Created - No Company Name ==========

[2012/03/18 20:05:20 | 000,000,512 | ---- | C] () -- C:\Users\Seth\Desktop\MBR.dat
[2012/03/17 23:21:48 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/17 22:41:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/17 22:41:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/17 22:41:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/17 22:41:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/17 22:41:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/17 22:32:16 | 000,002,849 | ---- | C] () -- C:\Users\Seth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk
[2012/03/17 22:17:15 | 323,189,945 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/03/17 22:05:31 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/03/17 21:37:23 | 000,002,097 | ---- | C] () -- C:\Users\Seth\Desktop\HijackThis.lnk
[2012/03/17 21:22:17 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012/03/17 21:22:17 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012/03/16 23:28:29 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/02/24 16:15:27 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/12/25 19:53:33 | 000,007,598 | ---- | C] () -- C:\Users\Seth\AppData\Local\Resmon.ResmonCfg
[2011/11/19 05:52:52 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/10/19 20:19:35 | 000,000,007 | ---- | C] () -- C:\Users\Seth\AppData\Roaming\RSBuddy Login.ini
[2011/07/31 19:32:50 | 000,000,107 | ---- | C] () -- C:\Users\Seth\AppData\Roaming\RSBuddy_minocyc.ini
[2011/07/31 19:00:46 | 000,000,040 | ---- | C] () -- C:\Users\Seth\AppData\Roaming\RSBuddy_MitchellN.ini
[2011/05/18 15:16:57 | 000,005,632 | ---- | C] () -- C:\Users\Seth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/14 17:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010/05/14 17:56:06 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010/05/14 17:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll

========== LOP Check ==========

[2011/04/22 02:11:18 | 000,000,000 | ---D | M] -- C:\Users\Seth\AppData\Roaming\.minecraft
[2011/06/21 19:10:11 | 000,000,000 | ---D | M] -- C:\Users\Seth\AppData\Roaming\DAEMON Tools Lite
[2012/03/16 08:33:32 | 000,000,000 | ---D | M] -- C:\Users\Seth\AppData\Roaming\DriverCure
[2012/03/15 01:50:12 | 000,000,000 | ---D | M] -- C:\Users\Seth\AppData\Roaming\DVDVideoSoft
[2012/03/18 20:11:06 | 000,000,000 | ---D | M] -- C:\Users\Seth\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/03/12 14:42:23 | 000,000,000 | ---D | M] -- C:\Users\Seth\AppData\Roaming\Leadertech
[2011/04/23 08:12:57 | 000,000,000 | ---D | M] -- C:\Users\Seth\AppData\Roaming\LolClient
[2012/03/16 08:33:31 | 000,000,000 | ---D | M] -- C:\Users\Seth\AppData\Roaming\ParetoLogic
[2011/11/26 20:54:05 | 000,000,000 | ---D | M] -- C:\Users\Seth\AppData\Roaming\TS3Client
[2011/12/25 19:43:09 | 000,000,000 | ---D | M] -- C:\Users\Seth\AppData\Roaming\uTorrent
[2011/10/12 14:32:52 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: SETH-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media
Volume 1 System Rese NTFS Partition 100 MB Healthy System
Volume 2 C NTFS Partition 931 GB Healthy Boot

< End of report >

#8
Essexboy

Posted 19 March 2012 - 11:57 AM

GeekU Moderator

Retired Staff
69,964 posts

That looks good any outstanding problems ?

#9
Amg92

Posted 19 March 2012 - 12:53 PM

New Member

Topic Starter
Member
5 posts

That looks good any outstanding problems ?

No, everything seems fine as far as I can tell. Really appreciate it.

#10
Essexboy

Posted 19 March 2012 - 01:22 PM

GeekU Moderator

Retired Staff
69,964 posts

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[resethosts]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK
Follow the prompts on the screen
A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Do not show hidden files and folders.
Click Yes to confirm.
Click OK.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to this site and click Do I have Java
It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point

Go to Control Panel and select System
Select System
On the left select System Protection and accept the warning if you get one
Select System Protection Tab
Select Create at the bottom
Type in a name i.e. Clean
Select Create

Now we can purge the infected ones

GoStart > All programs > Accessories > system tools
Right click Disc cleanup and select run as administrator
Select Your main drive and accept the warning if you get one
For a few moments the system will make some calculations
Select the More Options tab
In the System Restore and Shadow Backups select Clean up
Select Delete on the pop up
Select OK
Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image

Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:

#11
Essexboy

Posted 21 March 2012 - 02:15 PM

GeekU Moderator

Retired Staff
69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.