Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot start Windows Firewall or DHCP Client services (DDS log)


  • This topic is locked This topic is locked
23 replies to this topic

#1 Jojestic

Jojestic

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 03 May 2012 - 08:06 PM

Hello,

I was told to post here from this topic http://www.bleepingcomputer.com/forums/topic451796.html. I recently found myself unable to connect to the internet. In addition, the Windows Firewall was turned off at some point. I cannot get either the DHCP Client or Windows Firewall services to start. If I try to manually start the services, I receive the error:

"Windows could not start the DHCP Client sevice on Local Computer.

Error 5: Access is denied."

I tried to run system restore, but I was given the error:

"The disk Local Disk (C:) has errors.

Windows has detected file system corruption on Local Disk (C:). You must check the disk for errors before it can be restored."

I scheduled a chkdsk scan for next reboot, and restarted. Afterwards, I was able to get System Restore to run. After rebooting, I received the error:

"System Restore did not complete successfully. Your computer's system files and settings were not changed.

Details: System Restore failed while scanning the file system on the drive C:\
The drive might be corrupt. You might want to retry System Restore after running chkdsk /R on this disk.
An unspecified error occurred during System Restore. (0x80070057)"

I ran a chkdsk /R and no problems were found. I tried System Restore again, and received the same error as before.

I have run TDSSKiller and Malwarebytes with no results.

I was told to start with step 6 from the preparation guide, running DDS.

When I ran it, it only created DDS.txt, and not attach.txt

I skipped the GMER scan, as I am running a 64-bit OS.

Here is the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Logar at 20:46:59 on 2012-05-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4079.2952 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\XFastUsb\XFastUsb.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [zASRockInstantBoot]
mRun: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{54F1EE2D-C390-4387-A361-D2709F47975E} : DhcpNameServer = 192.168.0.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Logar\AppData\Roaming\Mozilla\Firefox\Profiles\8ruhf6ug.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 FNETURPX;FNETURPX;C:\Windows\system32\drivers\FNETURPX.SYS --> C:\Windows\system32\drivers\FNETURPX.SYS [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-3-23 44768]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]
R3 FNETTBOH_305;FNETTBOH_305;C:\Windows\system32\drivers\FNETTBOH_305.SYS --> C:\Windows\system32\drivers\FNETTBOH_305.SYS [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-12-23 2348352]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 253088]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-04-29 13:56:22 -------- d-----w- C:\Program Files (x86)\ESET
2012-04-29 01:43:23 -------- d-----w- C:\Users\Logar\AppData\Roaming\Malwarebytes
2012-04-29 01:43:15 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-29 01:43:15 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-29 01:43:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-24 02:56:29 -------- d-----w- C:\Users\Logar\AppData\Local\The Witcher
2012-04-22 23:54:29 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24571CD6-1398-44F5-AAFF-526C34A66CD2}\mpengine.dll
2012-04-17 23:51:00 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-17 23:51:00 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-17 23:51:00 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-17 23:51:00 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-17 23:50:59 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-17 23:50:59 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-17 23:50:59 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-10 21:19:41 -------- d-----w- C:\Videos
2012-04-08 20:01:20 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-04-08 20:01:19 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-08 20:01:19 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-08 20:01:19 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-04-08 20:01:19 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-08 20:01:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-04-08 20:01:14 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-04-08 20:01:13 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-04-08 20:01:13 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-04-08 20:01:13 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
.
==================== Find3M ====================
.
2012-04-18 20:04:35 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-18 20:04:34 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-06 23:15:19 41184 ----a-w- C:\Windows\avastSS.scr
2012-03-06 23:04:06 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-03-06 23:02:20 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-03-06 23:01:52 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-02-29 21:00:22 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-02-29 21:00:09 6074176 ----a-w- C:\Windows\System32\nvcpl.dll
2012-02-29 20:59:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-02-29 20:59:47 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-02-29 20:59:47 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-02-29 20:59:29 2515790 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-02-29 17:26:56 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 20:47:09.63 ===============




If you need any more information, please let me know. Thank you for your time and help.

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:32 AM

Posted 07 May 2012 - 07:02 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Jojestic

Jojestic
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 07 May 2012 - 07:37 PM

Hello, m0le. I've subscribed to the topic. And I'll be sure to stick to the instructions. Ready whenever you are. :thumbup2:

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:32 AM

Posted 07 May 2012 - 07:42 PM

Okay, well file corruption could be malware or it could just be random damage.

Let's check for rootkits with aswMBR

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 Jojestic

Jojestic
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 07 May 2012 - 07:50 PM

Here is the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-07 20:46:34
-----------------------------
20:46:34.360 OS Version: Windows x64 6.1.7601 Service Pack 1
20:46:34.360 Number of processors: 4 586 0x2A07
20:46:34.360 ComputerName: LOGAR-PC UserName: Logar
20:46:36.029 Initialize success
20:46:36.107 AVAST engine defs: 12042401
20:46:39.524 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
20:46:39.524 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
20:46:39.555 Disk 0 MBR read successfully
20:46:39.555 Disk 0 MBR scan
20:46:39.555 Disk 0 Windows 7 default MBR code
20:46:39.570 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:46:39.586 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
20:46:39.664 Disk 0 scanning C:\Windows\system32\drivers
20:46:43.580 Service scanning
20:46:52.113 Modules scanning
20:46:52.113 Disk 0 trace - called modules:
20:46:52.128 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:46:52.128 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f1d060]
20:46:52.144 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa80047c4520]
20:46:52.144 5 ACPI.sys[fffff88000f0d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa80047d6680]
20:46:53.049 AVAST engine scan C:\Windows
20:46:54.780 AVAST engine scan C:\Windows\system32
20:47:56.510 AVAST engine scan C:\Windows\system32\drivers
20:48:02.219 AVAST engine scan C:\Users\Logar
20:48:40.798 Disk 0 MBR has been saved successfully to "C:\Users\Logar\Desktop\MBR.dat"
20:48:40.798 The log file has been saved successfully to "C:\Users\Logar\Desktop\aswMBR.txt"

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:32 AM

Posted 08 May 2012 - 04:35 PM

There's nothing wrong there.

Please run OTL, it's just to scan at this stage

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Posted Image
m0le is a proud member of UNITE

#7 Jojestic

Jojestic
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 08 May 2012 - 06:04 PM

Avast! found OTL suspicious. Closed OTL, shut off avast! for 10 minutes. Ran the scan. Re-enabled Avast!. Here are the logs:

OTL.txt

OTL logfile created on: 5/8/2012 6:56:26 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Logar\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.98 Gb Total Physical Memory | 3.16 Gb Available Physical Memory | 79.24% Memory free
7.96 Gb Paging File | 6.84 Gb Available in Paging File | 85.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 766.69 Gb Free Space | 82.31% Space Free | Partition Type: NTFS
Drive D: | 7.42 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 14.90 Gb Total Space | 14.89 Gb Free Space | 99.90% Space Free | Partition Type: FAT32

Computer Name: LOGAR-PC | User Name: Logar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/08 18:53:22 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Logar\Desktop\OTL.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/08/14 11:16:03 | 004,942,336 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUsb\XFastUsb.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/23 22:54:20 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/18 16:04:35 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/29 20:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/06 19:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/03/06 19:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/03/06 19:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/06 19:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/03/06 19:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/03/06 19:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/17 08:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/08/14 13:34:02 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2011/08/14 11:16:03 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 01:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/02/08 01:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/09/30 23:35:06 | 000,302,120 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010/06/23 05:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1556659537-1839889590-3025604768-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1556659537-1839889590-3025604768-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1556659537-1839889590-3025604768-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 63 FF 3B 1D 96 5A CC 01 [binary data]
IE - HKU\S-1-5-21-1556659537-1839889590-3025604768-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1556659537-1839889590-3025604768-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1556659537-1839889590-3025604768-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/23 17:46:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/19 22:33:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/08/14 11:25:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Logar\AppData\Roaming\Mozilla\Extensions
[2012/01/05 19:38:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Logar\AppData\Roaming\Mozilla\Firefox\Profiles\8ruhf6ug.default\extensions
[2011/08/14 11:25:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/05 19:38:44 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\LOGAR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8RUHF6UG.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/03/19 22:33:48 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/19 19:06:47 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/12 19:04:43 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1556659537-1839889590-3025604768-1000..\Run: [zASRockInstantBoot] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54F1EE2D-C390-4387-A361-D2709F47975E}: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/25 14:56:43 | 008,094,560 | R--- | M] (Electronic Arts, Inc.) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2012/01/10 10:42:25 | 000,000,000 | R--D | M] - D:\Autorun -- [ UDF ]
O32 - AutoRun File - [2011/10/12 23:29:52 | 000,022,486 | R--- | M] () - D:\Autorun.ico -- [ UDF ]
O32 - AutoRun File - [2011/12/13 14:35:49 | 000,000,136 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{31d8956d-d800-11e0-8f11-002522a79177}\Shell - "" = AutoRun
O33 - MountPoints2\{31d8956d-d800-11e0-8f11-002522a79177}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{65d49432-c6a0-11e0-878f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{65d49432-c6a0-11e0-878f-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2011/11/25 14:56:43 | 008,094,560 | R--- | M] (Electronic Arts, Inc.)
O33 - MountPoints2\{e9f83d54-c697-11e0-977d-002522a79177}\Shell - "" = AutoRun
O33 - MountPoints2\{e9f83d54-c697-11e0-977d-002522a79177}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/08 18:55:10 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Logar\Desktop\OTL.exe
[2012/05/07 20:46:26 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Logar\Desktop\aswMBR.exe
[2012/05/02 23:35:42 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/05/02 23:33:11 | 000,381,816 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Logar\Desktop\psexec.exe
[2012/04/29 09:56:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/04/28 21:43:23 | 000,000,000 | ---D | C] -- C:\Users\Logar\AppData\Roaming\Malwarebytes
[2012/04/28 21:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/28 21:43:15 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/28 21:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/28 21:43:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/23 22:56:29 | 000,000,000 | ---D | C] -- C:\Users\Logar\Documents\The Witcher
[2012/04/23 22:56:29 | 000,000,000 | ---D | C] -- C:\Users\Logar\AppData\Local\The Witcher
[2012/04/23 22:53:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\The Witcher
[2012/04/17 19:52:14 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/17 19:52:14 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/17 19:52:13 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/17 19:52:13 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/17 19:52:13 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/17 19:52:13 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/17 19:52:13 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/17 19:52:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/17 19:52:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/17 19:52:12 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/17 19:52:12 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/17 19:51:00 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/17 19:51:00 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/17 19:50:59 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/15 16:47:15 | 000,000,000 | ---D | C] -- C:\Users\Logar\Desktop\[Mazui]_Boku_Ha_Tomodachi_Ga_Sukunai_[720p]
[2012/04/10 17:19:41 | 000,000,000 | ---D | C] -- C:\Videos
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/08 18:53:22 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Logar\Desktop\OTL.exe
[2012/05/08 18:52:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/08 18:51:59 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/07 20:48:40 | 000,000,512 | ---- | M] () -- C:\Users\Logar\Desktop\MBR.dat
[2012/05/07 20:45:00 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Logar\Desktop\aswMBR.exe
[2012/05/07 20:42:13 | 000,020,496 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/07 20:42:13 | 000,020,496 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/07 20:39:12 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/07 20:39:12 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/07 20:39:12 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/07 20:34:54 | 3207,614,464 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/03 19:41:21 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/05/02 23:29:00 | 000,381,816 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Logar\Desktop\psexec.exe
[2012/04/30 16:03:28 | 000,337,573 | ---- | M] () -- C:\Users\Logar\Desktop\FSS.exe
[2012/04/28 21:43:17 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/23 16:44:37 | 000,000,221 | ---- | M] () -- C:\Users\Logar\Desktop\The Witcher Enhanced Edition.url
[2012/04/23 16:43:34 | 000,000,221 | ---- | M] () -- C:\Users\Logar\Desktop\Star Wars Knights of the Old Republic.url
[2012/04/18 16:04:35 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/18 16:04:34 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/10 17:18:55 | 000,266,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/02 22:15:28 | 000,000,512 | ---- | C] () -- C:\Users\Logar\Desktop\MBR.dat
[2012/05/02 20:17:09 | 000,337,573 | ---- | C] () -- C:\Users\Logar\Desktop\FSS.exe
[2012/04/28 21:43:17 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/23 16:44:37 | 000,000,221 | ---- | C] () -- C:\Users\Logar\Desktop\The Witcher Enhanced Edition.url
[2012/04/23 16:43:34 | 000,000,221 | ---- | C] () -- C:\Users\Logar\Desktop\Star Wars Knights of the Old Republic.url
[2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

< End of report >




Extras.txt

OTL Extras logfile created on: 5/8/2012 6:56:26 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Logar\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.98 Gb Total Physical Memory | 3.16 Gb Available Physical Memory | 79.24% Memory free
7.96 Gb Paging File | 6.84 Gb Available in Paging File | 85.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 766.69 Gb Free Space | 82.31% Space Free | Partition Type: NTFS
Drive D: | 7.42 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 14.90 Gb Total Space | 14.89 Gb Free Space | 99.90% Space Free | Partition Type: FAT32

Computer Name: LOGAR-PC | User Name: Logar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1556659537-1839889590-3025604768-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C2C38BD-2DB3-4B61-BB8B-F791E6DE17A6}" = rport=139 | protocol=6 | dir=out | app=system |
"{30B01F45-2A76-497A-8DA6-D80CFB3792FE}" = rport=445 | protocol=6 | dir=out | app=system |
"{34FC544B-4484-45F5-84E3-2BDC034E7FB6}" = lport=445 | protocol=6 | dir=in | app=system |
"{3A33053A-8CC5-4907-A695-D5E142CAC2EF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{41BBFE9C-FA5C-449A-8C75-20E72ADA31ED}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5790C7B6-F265-4F20-95B6-D043CCD64F80}" = rport=138 | protocol=17 | dir=out | app=system |
"{743A8AD0-6985-4053-BA63-1C5223CADCCF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{743C444A-A33A-42A7-8F14-26ADA7A0E207}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7BCE1818-9D4C-4149-8E63-2879AF83873C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7D097D6F-0CE5-4982-80B3-6C27C7BFCB48}" = rport=137 | protocol=17 | dir=out | app=system |
"{82FD14DA-BAA4-4323-B8AB-69D7AD1BC917}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{86356C6F-EDDE-4B24-A3BD-23230D633FEF}" = lport=138 | protocol=17 | dir=in | app=system |
"{86AB08DC-741D-43D5-ADFF-05EE86DE225D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9CB2448E-AD6F-4555-BEF5-874DA8942681}" = lport=139 | protocol=6 | dir=in | app=system |
"{9CB8EBFC-160C-4075-B221-1F2506D117C8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9ED75890-6D48-4D3E-A367-BBFA85B6A997}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B283D1F8-800E-4FFB-A0C6-A59DFC8327D9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BA3760C4-43E8-45AE-8292-3B097ED64FD0}" = lport=137 | protocol=17 | dir=in | app=system |
"{D69BED6B-8719-4274-BF4C-E68E0192DB5E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EC18A77D-B612-4026-B54B-FAB3B85FE358}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F47B626F-3971-4890-AAF8-0BA0919048D9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02CEC2D9-2D4E-43CE-B413-95C8448A77F4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0998D43C-0287-4F30-A05B-E1A856D32439}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{187E9AC2-5750-4C71-89AF-DEE8F7A39E3F}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe |
"{24273247-8D7C-438E-B0B7-33A602CD7F37}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\jojestic\garrysmod\hl2.exe |
"{28901837-C490-4CC3-A388-C55717DFE025}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{29D13D41-5543-445F-8748-25B9F0439A91}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
"{2A0D23D1-325B-4ED5-ABBF-7AA1D0C0576A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3B43E2FC-E051-4165-BC56-70748A0ECCE6}" = protocol=6 | dir=out | app=system |
"{4060061B-2A5A-4A48-8E17-5E7B1C9786E7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{47C74606-C51D-443A-AA82-3F8D3162EA56}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{4ACEF8B5-F7B4-4783-803A-85A21918F2E5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5134B6C8-73A4-4B7E-B2F4-AB7570DB35FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{55040DB6-7E1C-4BB9-9D43-91AC5D2B861F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5A730DFE-BEC9-4A97-BA0D-31BF5D9DC0CC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5B294371-B6D7-4814-8ACB-0CEA6BCE1CFE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm |
"{5C9AD413-E289-4C17-86D1-7F5ED25F2593}" = dir=out | app=%programfiles% (x86)\sony\vegas pro 10.0\vegas100.exe |
"{5DE53368-8667-4D63-8349-4E526682C795}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{5F3F8331-3C0B-45B3-A285-581375F64022}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6A0853C8-279F-45EC-AB7D-91AA4604515F}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe |
"{6FE5D17C-10D2-4B5A-8AF7-AEFBFE904895}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{7B5721FD-48CF-424D-8261-534E639DAC68}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7C53083C-F7EE-4334-8E58-C4C697E3053C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7D0D9E08-CA80-46AF-AF44-20FC624F272E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{7F770F7E-9528-4740-BFD7-21FCE24993FD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm |
"{84FDDD54-4B5B-44AF-AC6C-45E98A086406}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{85755839-4B91-45AD-B024-A8A7850868B6}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{900833F5-9F5E-4280-82B0-E65FA852B7F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{9B6C8C1D-FF5D-4014-9949-DEE61E6B946F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{9D1DEA9D-2097-4B36-A7F2-56A9F5ACAB4A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A8C28F2F-AE2C-40E6-91EC-A593CA2724D8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AEBA8BE7-4E36-4D47-B52B-05CAB329958E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{B139F409-5983-4CD5-B8D2-EFF48478C72D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B2DAF556-F248-475A-BE3C-8507CF828ECD}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{B61192E0-A487-4817-BC89-2279B8E33F1C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B92D66CB-6B97-4427-9039-A5B5AC548739}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C9F31AB5-AAB9-4D48-9B6F-E89F777DA45C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{CD6416A1-91E3-4EA1-84B0-B9952FB4EAFB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D1AED7F5-A176-412F-AFB1-E624A5F7D77A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D2245720-03CC-4113-90AA-86D3C5870D09}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
"{D2C11B46-38B5-4FB0-B13F-22CB8DB62D9F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\jojestic\garrysmod\hl2.exe |
"{D63B2537-1021-4ADD-A7C6-58B05AD18623}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DD321686-3210-47ED-AD3D-B64FC1A3B66F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{DE810B5F-662D-4430-9EAD-BD7640C5DCE6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DEDFF966-8B79-4767-9652-3A7FBBB0FB41}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{E30AE5DD-EBA8-4700-8A5A-76BC2AF8E123}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E650CE95-E7E9-4855-BC19-8DC4C4ED330E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{EB66C973-F940-46BE-9A3F-09DD8A20EA4D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{F4591215-B20A-467C-9271-4CA0C5F63A38}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{2189BCB7-59F1-44CD-8E82-54512C8611DB}C:\program files (x86)\cdv software entertainment usa\sacred 2 - fallen angel\system\s2gs.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cdv software entertainment usa\sacred 2 - fallen angel\system\s2gs.exe |
"TCP Query User{7BA4160A-3BB4-406A-8967-DE7E779CA48D}C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe |
"TCP Query User{E09F14E6-00AD-434E-AAB4-EF978D90E907}C:\program files (x86)\steam\steamapps\common\kingdoms of amalur - reckoning demo\reckoningdemo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kingdoms of amalur - reckoning demo\reckoningdemo.exe |
"UDP Query User{0551C62A-AD52-4A7D-8B14-C46CCFEA5382}C:\program files (x86)\steam\steamapps\common\kingdoms of amalur - reckoning demo\reckoningdemo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kingdoms of amalur - reckoning demo\reckoningdemo.exe |
"UDP Query User{67BF5C1F-BD25-4E04-944C-1E6A13628A81}C:\program files (x86)\cdv software entertainment usa\sacred 2 - fallen angel\system\s2gs.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cdv software entertainment usa\sacred 2 - fallen angel\system\s2gs.exe |
"UDP Query User{9F1715B6-B3EC-4CCB-A6B5-08B25D763AF8}C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.10
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C9608300-11F5-11E0-A64B-0013D3D69929}" = MSVCRT Redists
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1A1FA4C1-2701-401C-8CE1-FDDE45304FF5}" = ASUS nVidia Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{57520FA0-A73E-4165-BCA2-D71000018301}" = Batman: Arkham City™
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3
"{6D592E30-11EC-11E0-859C-0013D3D69929}" = Vegas Pro 10.0
"{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.26
"avast" = avast! Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-07-30
"Guitar Pro 5_is1" = Guitar Pro 5.0
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"Steam App 17460" = Mass Effect
"Steam App 20900" = The Witcher: Enhanced Edition
"Steam App 24980" = Mass Effect 2
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 32370" = Star Wars: Knights of the Old Republic
"Steam App 4000" = Garry's Mod
"Steam App 58540" = Divinity II - The Dragon Knight Saga
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Unofficial Oblivion Patch_is1" = Unofficial Oblivion Patch v3.2.0
"uTorrent" = µTorrent
"VisiPics_is1" = VisiPics V1.30
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"XFastUsb" = XFastUsb

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/2/2012 11:49:24 PM | Computer Name = Logar-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/3/2012 7:38:30 PM | Computer Name = Logar-PC | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr
= 0x80070005, Access is denied. . Operation: Initializing Writer Context: Writer
Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer
Writer Instance ID: {b1604348-9f64-427a-8afd-169170b03f55}

Error - 5/3/2012 7:40:08 PM | Computer Name = Logar-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/3/2012 7:54:45 PM | Computer Name = Logar-PC | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr
= 0x80070005, Access is denied. . Operation: Initializing Writer Context: Writer
Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer
Writer Instance ID: {c0a70914-5bfe-4434-b4d0-195634a1fbf5}

Error - 5/3/2012 7:56:25 PM | Computer Name = Logar-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/5/2012 10:43:49 AM | Computer Name = Logar-PC | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr
= 0x80070005, Access is denied. . Operation: Initializing Writer Context: Writer
Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer
Writer Instance ID: {2ca2677c-bb31-49b7-9d4e-dcb1cba1a331}

Error - 5/5/2012 10:45:27 AM | Computer Name = Logar-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/5/2012 11:53:58 AM | Computer Name = Logar-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 5/7/2012 8:35:03 PM | Computer Name = Logar-PC | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr
= 0x80070005, Access is denied. . Operation: Initializing Writer Context: Writer
Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer
Writer Instance ID: {a1df9a4f-1926-4dca-b39e-bdb11bcc9fe6}

Error - 5/7/2012 8:36:43 PM | Computer Name = Logar-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 5/2/2012 8:14:48 PM | Computer Name = Logar-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%0

Error - 5/2/2012 8:14:48 PM | Computer Name = Logar-PC | Source = Service Control Manager | ID = 7024
Description = The Network Location Awareness service terminated with service-specific
error %%-1073741288.

Error - 5/2/2012 8:14:51 PM | Computer Name = Logar-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%0

Error - 5/2/2012 8:14:51 PM | Computer Name = Logar-PC | Source = Service Control Manager | ID = 7024
Description = The Network Location Awareness service terminated with service-specific
error %%-1073741288.

Error - 5/2/2012 8:14:54 PM | Computer Name = Logar-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%0

Error - 5/2/2012 8:14:54 PM | Computer Name = Logar-PC | Source = Service Control Manager | ID = 7024
Description = The Network Location Awareness service terminated with service-specific
error %%-1073741288.

Error - 5/2/2012 8:14:57 PM | Computer Name = Logar-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%0

Error - 5/2/2012 8:14:57 PM | Computer Name = Logar-PC | Source = Service Control Manager | ID = 7024
Description = The Network Location Awareness service terminated with service-specific
error %%-1073741288.

Error - 5/2/2012 8:15:00 PM | Computer Name = Logar-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%0

Error - 5/2/2012 8:15:00 PM | Computer Name = Logar-PC | Source = Service Control Manager | ID = 7024
Description = The Network Location Awareness service terminated with service-specific
error %%-1073741288.


< End of report >

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:32 AM

Posted 08 May 2012 - 06:18 PM

Yes, Avast does flag OTL wrongly. Please run OTL again

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

Then run ESET's online scanner

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.

If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.
Posted Image
m0le is a proud member of UNITE

#9 Jojestic

Jojestic
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 08 May 2012 - 06:28 PM

I copied and pasted the text into the Custom Scan/Fixes window. I then ran the fix, and this log was generated:

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

OTL by OldTimer - Version 3.2.42.3 log created on 05082012_192328


I still cannot connect to the internet on my desktop, so I can't run the online scan yet.

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:32 AM

Posted 08 May 2012 - 06:30 PM

Let's attempt to get that back now then.

Please copy the entire contents of the codebox below into Notepad:
  • Open Notepad
  • Copy the contents of the codebox below using CTRL C

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2]
  • Now return to Notepad and use CTRL V to paste the script
  • Verify that you have pasted the complete script
  • Save the Notepad file to your Desktop as FixReg.reg using Save as Type: All files
  • Locate FixReg.reg on your desktop
  • Double click to run, and when prompted Allow the file to merge with your registry
  • OK your way out.
After that, Reboot your computer.


After the reboot, we will reinstall TCP/IP
  • Go to Start the Settings and choose Network Connections
  • Right click on your normal connection icon, and choose Properties
  • Click the Install button
  • Choose Protocol then click Add
  • Click Have disk
  • In the drop down box, type in: C:\WINDOWS\INF and click OK
  • In the next dialog, click Internet Protocol (TCP/IP) then click OK
  • Click Close to leave the properties box
After that, Reboot your computer and see if you have regained your connection.
Posted Image
m0le is a proud member of UNITE

#11 Jojestic

Jojestic
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 08 May 2012 - 06:42 PM

I ran the RegFix.reg from the desktop. I was given a message that it completed successfully. Then, I rebooted.

Upon reboot, Avast! gave me an error that my Web Shield is not working properly. Trying to restart it manually does not work.
Edit: Upon second reboot, this message no longer appears.

When intalling tcp/ip, both ipv6 and ipv4 were options to install. I installed ipv4 and rebooted.

I still cannot connect to the internet.

Edited by Jojestic, 08 May 2012 - 06:42 PM.


#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:32 AM

Posted 09 May 2012 - 04:41 PM

Can you run FSS for me

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Posted Image
m0le is a proud member of UNITE

#13 Jojestic

Jojestic
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 09 May 2012 - 05:40 PM

Here is the FSS log:

Farbar Service Scanner Version: 30-04-2012 01
Ran by Logar (administrator) on 09-05-2012 at 18:38:38
Running from "C:\Users\Logar\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:32 AM

Posted 09 May 2012 - 06:46 PM

There is no connection to network.


Very useful... <_<


Please download MiniToolBox, save it to your desktop and run it.

Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List Winsock Entries
  • List devices
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size.
  • List Minidump Files.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Posted Image
m0le is a proud member of UNITE

#15 Jojestic

Jojestic
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 09 May 2012 - 07:11 PM

Minitoolbox log:

MiniToolBox by Farbar Version: 18-01-2012
Ran by Logar (administrator) on 09-05-2012 at 20:10:15
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Logar-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hr.cox.net

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : hr.cox.net
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-25-22-A7-91-77
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::10b7:af51:1c74:e5f1%11(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.229.241(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.hr.cox.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hr.cox.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.0.1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 192.168.0.1

Ping request could not find host yahoo.com. Please check the name and try again.
Server: UnKnown
Address: 192.168.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 25 22 a7 91 77 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.229.241 276
169.254.229.241 255.255.255.255 On-link 169.254.229.241 276
169.254.255.255 255.255.255.255 On-link 169.254.229.241 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.229.241 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.229.241 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::10b7:af51:1c74:e5f1/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/09/2012 08:08:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/09/2012 08:07:41 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/09/2012 08:06:50 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied.
.


Operation:
Initializing Writer

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {fd2dd55c-40bd-4ccc-a1f9-f655461dbcff}

Error: (05/09/2012 06:57:31 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (05/09/2012 06:39:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/09/2012 06:37:51 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied.
.


Operation:
Initializing Writer

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {cc2ed78b-51d0-4254-9a40-f311f8246efa}

Error: (05/08/2012 09:08:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/08/2012 09:06:33 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied.
.


Operation:
Initializing Writer

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {2c39fd18-5d9f-4788-8cb1-7c48054f74bb}

Error: (05/08/2012 07:43:20 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/08/2012 07:41:40 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied.
.


Operation:
Initializing Writer

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {751b1487-ee2b-4da5-b267-2ea9ed6142a1}


System errors:
=============
Error: (05/09/2012 08:08:58 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness service terminated with service-specific error %%-1073741288.

Error: (05/09/2012 08:08:57 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1062

Error: (05/09/2012 08:08:57 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%0

Error: (05/09/2012 08:08:56 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness service terminated with service-specific error %%-1073741288.

Error: (05/09/2012 08:08:56 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1062

Error: (05/09/2012 08:08:56 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%0

Error: (05/09/2012 08:08:54 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness service terminated with service-specific error %%-1073741288.

Error: (05/09/2012 08:08:56 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x8007042c

Error: (05/09/2012 08:08:54 PM) (Source: DCOM) (User: )
Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (05/09/2012 08:08:54 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%0


Microsoft Office Sessions:
=========================
Error: (05/09/2012 08:08:33 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/09/2012 08:07:41 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestF:\Utilities\esetsmartinstaller_enu.exe

Error: (05/09/2012 08:06:50 PM) (Source: VSS)(User: )
Description: RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...)0x80070005, Access is denied.


Operation:
Initializing Writer

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {fd2dd55c-40bd-4ccc-a1f9-f655461dbcff}

Error: (05/09/2012 06:57:31 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (05/09/2012 06:39:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/09/2012 06:37:51 PM) (Source: VSS)(User: )
Description: RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...)0x80070005, Access is denied.


Operation:
Initializing Writer

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {cc2ed78b-51d0-4254-9a40-f311f8246efa}

Error: (05/08/2012 09:08:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/08/2012 09:06:33 PM) (Source: VSS)(User: )
Description: RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...)0x80070005, Access is denied.


Operation:
Initializing Writer

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {2c39fd18-5d9f-4788-8cb1-7c48054f74bb}

Error: (05/08/2012 07:43:20 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/08/2012 07:41:40 PM) (Source: VSS)(User: )
Description: RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...)0x80070005, Access is denied.


Operation:
Initializing Writer

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {751b1487-ee2b-4da5-b267-2ea9ed6142a1}


========================= Devices: ================================

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 24%
Total physical RAM: 4078.7 MB
Available physical RAM: 3080.2 MB
Total Pagefile: 8155.59 MB
Available Pagefile: 7114.36 MB
Total Virtual: 4095.88 MB
Available Virtual: 3959.66 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:766.04 GB) NTFS
2 Drive d: (KOAR 1) (CDROM) (Total:7.42 GB) (Free:0 GB) UDF
3 Drive f: () (Removable) (Total:14.9 GB) (Free:14.89 GB) FAT32

========================= Users: ========================================

User accounts for \\LOGAR-PC

Administrator Guest Logar
UpdatusUser

========================= Minidump Files ==================================

No minidump file found

**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users