Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sudden high svchost.exe usage, antivirus detected and removed malware


  • Please log in to reply
13 replies to this topic

#1 mitch650

mitch650

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 10 February 2013 - 09:13 PM

Hi all, first time poster, hoping someone can help me out.

So on 10/2/13 I had downloaded a file and my AVG antivirus came up saying it had detected and deleted an svchost.exe clone and a cmd.exe clone.

Regardless of this, I am worried my actual svchost.exe has been compromised, as even when idle, the usage continues to rise well past 400mb.

I'd like to know if anyone can help diagnose and resolve this issue, I currently have malwarebytes installed, but it comes up clean, as does AVG and TDSSkiller.

Thanks in advance,

Mitchell

P.S. I am running Win 7 64 bit, and when booted in safe mode, no instances of svchost.exe rise above 12mb

(See image for AVG report)

Attached Files


Edited by mitch650, 10 February 2013 - 09:54 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:48 PM

Posted 10 February 2013 - 10:06 PM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters




  • Check Loaded Modules  and Detect TDLFS file systemDo not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now




  • Click Start Scan and allow the scan process to run

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue




  • Click Reboot computer
  • Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.



  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.



  • Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the   button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log
  • ESET results

 



#3 mitch650

mitch650
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 10 February 2013 - 10:31 PM

Hey mate, cheers for the reply

Logs:


TDSSKiller:

 


14:28:22.0841 3444  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:28:24.0545 3444  ============================================================
14:28:24.0545 3444  Current date / time: 2013/02/11 14:28:24.0545
14:28:24.0545 3444  SystemInfo:
14:28:24.0545 3444  
14:28:24.0545 3444  OS Version: 6.1.7601 ServicePack: 1.0
14:28:24.0545 3444  Product type: Workstation
14:28:24.0545 3444  ComputerName: MITCHELL-PC
14:28:24.0545 3444  UserName: Mitchell
14:28:24.0545 3444  Windows directory: C:\Windows
14:28:24.0545 3444  System windows directory: C:\Windows
14:28:24.0545 3444  Running under WOW64
14:28:24.0545 3444  Processor architecture: Intel x64
14:28:24.0545 3444  Number of processors: 12
14:28:24.0545 3444  Page size: 0x1000
14:28:24.0545 3444  Boot type: Normal boot
14:28:24.0545 3444  ============================================================
14:28:28.0780 3444  BG loaded
14:28:30.0153 3444  Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:28:30.0168 3444  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:28:30.0200 3444  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:28:30.0215 3444  Drive \Device\Harddisk2\DR2 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:28:30.0215 3444  ============================================================
14:28:30.0215 3444  \Device\Harddisk3\DR3:
14:28:30.0215 3444  MBR partitions:
14:28:30.0215 3444  \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:28:30.0215 3444  \Device\Harddisk3\DR3\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x34A94000
14:28:30.0215 3444  \Device\Harddisk3\DR3\Partition3: MBR, Type 0x7, StartLBA 0x34AC6800, BlocksNum 0x3FC3F800
14:28:30.0215 3444  \Device\Harddisk0\DR0:
14:28:30.0215 3444  MBR partitions:
14:28:30.0215 3444  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x37186642
14:28:30.0215 3444  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x37185800, BlocksNum 0x3203302
14:28:30.0215 3444  \Device\Harddisk1\DR1:
14:28:30.0215 3444  MBR partitions:
14:28:30.0215 3444  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC350000
14:28:30.0215 3444  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x3D090000
14:28:30.0215 3444  \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x493E0800, BlocksNum 0x2B325800
14:28:30.0215 3444  \Device\Harddisk2\DR2:
14:28:30.0215 3444  MBR partitions:
14:28:30.0215 3444  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x575452C2
14:28:30.0215 3444  ============================================================
14:28:30.0309 3444  C: <-> \Device\Harddisk3\DR3\Partition2
14:28:30.0309 3444  Z: <-> \Device\Harddisk2\DR2\Partition1
14:28:30.0324 3444  Y: <-> \Device\Harddisk1\DR1\Partition1
14:28:30.0356 3444  F: <-> \Device\Harddisk0\DR0\Partition1
14:28:30.0402 3444  E: <-> \Device\Harddisk1\DR1\Partition3
14:28:31.0307 3444  X: <-> \Device\Harddisk3\DR3\Partition3
14:28:31.0338 3444  D: <-> \Device\Harddisk1\DR1\Partition2
14:28:31.0338 3444  ============================================================
14:28:31.0338 3444  Initialize success
14:28:31.0338 3444  ============================================================
14:28:41.0634 4332  ============================================================
14:28:41.0634 4332  Scan started
14:28:41.0634 4332  Mode: Manual; SigCheck; TDLFS; 
14:28:41.0634 4332  ============================================================
14:28:43.0834 4332  ================ Scan system memory ========================
14:28:43.0834 4332  System memory - ok
14:28:43.0850 4332  ================ Scan services =============================
14:28:45.0160 4332  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:28:45.0441 4332  1394ohci - ok
14:28:45.0690 4332  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:28:45.0722 4332  ACPI - ok
14:28:45.0987 4332  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:28:46.0829 4332  AcpiPmi - ok
14:28:47.0426 4332  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:28:47.0446 4332  AdobeARMservice - ok
14:28:47.0796 4332  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:28:47.0816 4332  AdobeFlashPlayerUpdateSvc - ok
14:28:48.0026 4332  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:28:48.0046 4332  adp94xx - ok
14:28:48.0346 4332  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:28:48.0396 4332  adpahci - ok
14:28:48.0426 4332  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:28:48.0436 4332  adpu320 - ok
14:28:48.0586 4332  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:28:51.0519 4332  AeLookupSvc - ok
14:28:52.0694 4332  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
14:28:52.0974 4332  AFD - ok
14:28:53.0034 4332  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:28:53.0044 4332  agp440 - ok
14:28:53.0084 4332  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
14:28:53.0614 4332  ALG - ok
14:28:53.0654 4332  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:28:53.0664 4332  aliide - ok
14:28:53.0814 4332  [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:28:57.0986 4332  AMD External Events Utility - ok
14:28:58.0015 4332  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
14:28:58.0021 4332  amdide - ok
14:28:58.0420 4332  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
14:28:58.0960 4332  AmdK8 - ok
14:28:59.0562 4332  [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
14:28:59.0681 4332  amdkmdag - ok
14:29:00.0065 4332  [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
14:29:00.0271 4332  amdkmdap - ok
14:29:00.0300 4332  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
14:29:00.0538 4332  AmdPPM - ok
14:29:00.0753 4332  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:29:00.0760 4332  amdsata - ok
14:29:00.0888 4332  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
14:29:00.0895 4332  amdsbs - ok
14:29:00.0910 4332  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:29:00.0915 4332  amdxata - ok
14:29:00.0973 4332  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
14:29:02.0414 4332  AppID - ok
14:29:02.0964 4332  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:29:03.0288 4332  AppIDSvc - ok
14:29:03.0395 4332  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
14:29:03.0679 4332  Appinfo - ok
14:29:03.0983 4332  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:29:04.0052 4332  Apple Mobile Device - ok
14:29:04.0461 4332  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
14:29:04.0632 4332  AppMgmt - ok
14:29:04.0772 4332  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
14:29:04.0852 4332  arc - ok
14:29:04.0977 4332  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:29:05.0005 4332  arcsas - ok
14:29:05.0277 4332  [ D7989234601A2DE9A1801F4ED9533B6E ] asahci64        C:\Windows\system32\DRIVERS\asahci64.sys
14:29:05.0296 4332  asahci64 - ok
14:29:05.0485 4332  [ 6D9C024AA8F24065A6DBEAB1F431D854 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
14:29:05.0634 4332  asmthub3 - ok
14:29:05.0814 4332  [ ECAD22F15D8F17CC04F24E9A6FB00F2F ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
14:29:06.0034 4332  asmtxhci - ok
14:29:06.0628 4332  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:29:06.0855 4332  aspnet_state - ok
14:29:07.0015 4332  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:29:07.0119 4332  AsyncMac - ok
14:29:07.0309 4332  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
14:29:07.0325 4332  atapi - ok
14:29:07.0600 4332  [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
14:29:07.0895 4332  AtiHDAudioService - ok
14:29:08.0109 4332  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:29:08.0131 4332  AudioEndpointBuilder - ok
14:29:08.0139 4332  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:29:08.0162 4332  AudioSrv - ok
14:29:09.0258 4332  [ 231B6AD3DB2866BC3FDB9979E6B2B61E ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
14:29:09.0329 4332  AVGIDSAgent - ok
14:29:09.0375 4332  [ 633360E94804E7BAFE642017817C9413 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
14:29:09.0381 4332  AVGIDSDriver - ok
14:29:09.0490 4332  [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter    C:\Windows\system32\DRIVERS\avgidsfiltera.sys
14:29:09.0496 4332  AVGIDSFilter - ok
14:29:09.0535 4332  [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
14:29:09.0539 4332  AVGIDSHA - ok
14:29:09.0603 4332  [ BE8BC5D10ABA05D7F6E79D8296906C86 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
14:29:09.0610 4332  Avgldx64 - ok
14:29:09.0636 4332  [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
14:29:09.0641 4332  Avgmfx64 - ok
14:29:09.0653 4332  [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
14:29:09.0657 4332  Avgrkx64 - ok
14:29:09.0746 4332  [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
14:29:09.0754 4332  Avgtdia - ok
14:29:09.0851 4332  [ D9F75C9B11E4629D7B4C6139BA51D87F ] avgtp           C:\Windows\system32\drivers\avgtpx64.sys
14:29:09.0856 4332  avgtp - ok
14:29:09.0972 4332  [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd           C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
14:29:09.0979 4332  avgwd - ok
14:29:10.0046 4332  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:29:10.0269 4332  AxInstSV - ok
14:29:10.0409 4332  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
14:29:10.0673 4332  b06bdrv - ok
14:29:11.0054 4332  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:29:11.0196 4332  b57nd60a - ok
14:29:11.0322 4332  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:29:11.0617 4332  BDESVC - ok
14:29:11.0680 4332  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:29:11.0777 4332  Beep - ok
14:29:12.0104 4332  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
14:29:12.0264 4332  BFE - ok
14:29:12.0968 4332  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
14:29:13.0113 4332  BITS - ok
14:29:13.0274 4332  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:29:13.0365 4332  blbdrive - ok
14:29:13.0613 4332  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:29:13.0634 4332  Bonjour Service - ok
14:29:13.0727 4332  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:29:13.0807 4332  bowser - ok
14:29:13.0856 4332  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
14:29:13.0900 4332  BrFiltLo - ok
14:29:13.0934 4332  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
14:29:13.0956 4332  BrFiltUp - ok
14:29:14.0002 4332  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
14:29:14.0039 4332  BridgeMP - ok
14:29:14.0090 4332  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
14:29:14.0186 4332  Browser - ok
14:29:14.0274 4332  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:29:14.0441 4332  Brserid - ok
14:29:14.0444 4332  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:29:14.0495 4332  BrSerWdm - ok
14:29:14.0500 4332  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:29:14.0553 4332  BrUsbMdm - ok
14:29:14.0558 4332  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:29:14.0602 4332  BrUsbSer - ok
14:29:14.0656 4332  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
14:29:14.0687 4332  BTHMODEM - ok
14:29:14.0794 4332  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
14:29:14.0836 4332  bthserv - ok
14:29:14.0881 4332  catchme - ok
14:29:14.0958 4332  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:29:15.0010 4332  cdfs - ok
14:29:15.0582 4332  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:29:15.0604 4332  cdrom - ok
14:29:15.0688 4332  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
14:29:15.0931 4332  CertPropSvc - ok
14:29:15.0981 4332  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
14:29:16.0320 4332  circlass - ok
14:29:16.0391 4332  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
14:29:16.0399 4332  CLFS - ok
14:29:16.0625 4332  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:29:16.0663 4332  clr_optimization_v2.0.50727_32 - ok
14:29:16.0899 4332  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:29:17.0024 4332  clr_optimization_v2.0.50727_64 - ok
14:29:17.0344 4332  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:29:17.0901 4332  clr_optimization_v4.0.30319_32 - ok
14:29:18.0007 4332  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:29:18.0058 4332  clr_optimization_v4.0.30319_64 - ok
14:29:18.0139 4332  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
14:29:18.0168 4332  CmBatt - ok
14:29:18.0219 4332  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:29:18.0225 4332  cmdide - ok
14:29:18.0316 4332  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
14:29:18.0347 4332  CNG - ok
14:29:18.0385 4332  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
14:29:18.0393 4332  Compbatt - ok
14:29:18.0435 4332  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
14:29:18.0479 4332  CompositeBus - ok
14:29:18.0498 4332  COMSysApp - ok
14:29:18.0585 4332  [ 51E7182652A7A5AF46AFCDE6AFDDCDF5 ] CORSGKB         C:\Windows\system32\drivers\CORSGKB.sys
14:29:18.0659 4332  CORSGKB - ok
14:29:18.0788 4332  [ 75DBD5DB9892D7451D0429BEC1AABE1A ] cpuz135         C:\Windows\system32\drivers\cpuz135_x64.sys
14:29:18.0797 4332  cpuz135 - ok
14:29:18.0828 4332  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
14:29:18.0845 4332  crcdisk - ok
14:29:19.0016 4332  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:29:19.0064 4332  CryptSvc - ok
14:29:19.0109 4332  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
14:29:19.0194 4332  CSC - ok
14:29:19.0585 4332  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
14:29:19.0659 4332  CscService - ok
14:29:19.0768 4332  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:29:19.0802 4332  DcomLaunch - ok
14:29:19.0891 4332  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
14:29:20.0031 4332  defragsvc - ok
14:29:20.0241 4332  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:29:20.0292 4332  DfsC - ok
14:29:20.0406 4332  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:29:20.0805 4332  Dhcp - ok
14:29:20.0837 4332  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
14:29:20.0931 4332  discache - ok
14:29:20.0960 4332  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
14:29:20.0968 4332  Disk - ok
14:29:21.0041 4332  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
14:29:21.0114 4332  dmvsc - ok
14:29:21.0172 4332  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:29:21.0710 4332  Dnscache - ok
14:29:21.0826 4332  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:29:22.0275 4332  dot3svc - ok
14:29:22.0768 4332  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
14:29:23.0299 4332  DPS - ok
14:29:23.0698 4332  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:29:23.0851 4332  drmkaud - ok
14:29:24.0313 4332  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:29:24.0320 4332  dtsoftbus01 - ok
14:29:25.0307 4332  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:29:25.0338 4332  DXGKrnl - ok
14:29:25.0720 4332  [ EAFCB4551836FF44EE775CEDDFA7A77E ] e1cexpress      C:\Windows\system32\DRIVERS\e1c62x64.sys
14:29:25.0730 4332  e1cexpress - ok
14:29:25.0986 4332  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
14:29:26.0082 4332  EapHost - ok
14:29:27.0027 4332  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
14:29:27.0242 4332  ebdrv - ok
14:29:27.0378 4332  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
14:29:27.0456 4332  EFS - ok
14:29:28.0087 4332  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:29:28.0382 4332  ehRecvr - ok
14:29:28.0408 4332  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
14:29:28.0427 4332  ehSched - ok
14:29:28.0953 4332  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
14:29:28.0985 4332  elxstor - ok
14:29:29.0013 4332  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:29:29.0164 4332  ErrDev - ok
14:29:29.0246 4332  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
14:29:29.0354 4332  EventSystem - ok
14:29:29.0464 4332  [ 13A2B915F6D93E52505656773D53096F ] EverestDriver   C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64
14:29:29.0597 4332  EverestDriver - ok
14:29:29.0657 4332  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
14:29:29.0697 4332  exfat - ok
14:29:29.0778 4332  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:29:29.0921 4332  fastfat - ok
14:29:30.0078 4332  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
14:29:30.0250 4332  Fax - ok
14:29:30.0292 4332  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
14:29:30.0365 4332  fdc - ok
14:29:30.0409 4332  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
14:29:30.0617 4332  fdPHost - ok
14:29:30.0658 4332  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:29:30.0722 4332  FDResPub - ok
14:29:30.0870 4332  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:29:30.0876 4332  FileInfo - ok
14:29:30.0911 4332  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:29:30.0998 4332  Filetrace - ok
14:29:31.0036 4332  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
14:29:31.0054 4332  flpydisk - ok
14:29:31.0178 4332  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:29:31.0186 4332  FltMgr - ok
14:29:31.0536 4332  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
14:29:31.0805 4332  FontCache - ok
14:29:32.0126 4332  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:29:32.0141 4332  FontCache3.0.0.0 - ok
14:29:32.0165 4332  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:29:32.0180 4332  FsDepends - ok
14:29:32.0295 4332  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:29:32.0311 4332  Fs_Rec - ok
14:29:32.0480 4332  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:29:32.0504 4332  fvevol - ok
14:29:32.0533 4332  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:29:32.0542 4332  gagp30kx - ok
14:29:32.0844 4332  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:29:32.0857 4332  GEARAspiWDM - ok
14:29:32.0933 4332  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
14:29:32.0975 4332  gpsvc - ok
14:29:33.0061 4332  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:29:33.0066 4332  gupdate - ok
14:29:33.0119 4332  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:29:33.0132 4332  gupdatem - ok
14:29:33.0157 4332  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:29:33.0236 4332  hcw85cir - ok
14:29:33.0353 4332  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:29:33.0404 4332  HdAudAddService - ok
14:29:33.0448 4332  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
14:29:33.0488 4332  HDAudBus - ok
14:29:33.0504 4332  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
14:29:33.0540 4332  HidBatt - ok
14:29:33.0545 4332  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:29:33.0586 4332  HidBth - ok
14:29:33.0619 4332  [ 0A77D29F311B88CFAE3

 

aswMBR:
 
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-11 14:36:46
-----------------------------
14:36:46.906    OS Version: Windows x64 6.1.7601 Service Pack 1
14:36:46.906    Number of processors: 12 586 0x2D06
14:36:46.906    ComputerName: MITCHELL-PC  UserName: Mitchell
14:36:49.040    Initialize success
14:38:24.862    AVAST engine defs: 13021001
14:38:33.518    Disk 0  \Device\Harddisk0\DR0 -> \Device\00000074
14:38:33.519    Disk 0 Vendor: ATA_____ 3B01 Size: 476940MB BusType: 11
14:38:33.521    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000076
14:38:33.523    Disk 1 Vendor: ATA_____ 00E4 Size: 953869MB BusType: 11
14:38:33.525    Disk 2  \Device\Harddisk2\DR2 -> \Device\00000077
14:38:33.527    Disk 2 Vendor: ATA_____ DE12 Size: 715404MB BusType: 11
14:38:33.529    Disk 3 (boot) \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP0T0L0-0
14:38:33.532    Disk 3 Vendor: WDC_WD10EARS-00Y5B1 80.00A80 Size: 953869MB BusType: 11
14:38:33.549    Disk 3 MBR read successfully
14:38:33.552    Disk 3 MBR scan
14:38:33.556    Disk 3 Windows 7 default MBR code
14:38:33.559    Disk 3 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
14:38:33.575    Disk 3 Partition 2 00     07    HPFS/NTFS NTFS       431400 MB offset 206848
14:38:33.601    Disk 3 Partition 3 00     07    HPFS/NTFS NTFS       522367 MB offset 883714048
14:38:33.630    Disk 3 scanning C:\Windows\system32\drivers
14:38:41.314    Service scanning
14:38:59.015    Modules scanning
14:38:59.024    Disk 3 trace - called modules:
14:38:59.048    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys ataport.SYS PCIIDEX.SYS hal.dll asahci64.sys 
14:38:59.055    1 nt!IofCallDriver -> \Device\Harddisk3\DR3[0xfffffa800dfed790]
14:38:59.062    3 CLASSPNP.SYS[fffff8800461743f] -> nt!IofCallDriver -> [0xfffffa800df19860]
14:38:59.070    5 iaStorF.sys[fffff880049b22fa] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800ddc8060]
14:39:00.649    AVAST engine scan C:\Windows
14:39:03.164    AVAST engine scan C:\Windows\system32
14:42:33.364    AVAST engine scan C:\Windows\system32\drivers
14:42:49.402    AVAST engine scan C:\Users\Mitchell
14:52:31.323    AVAST engine scan C:\ProgramData
14:54:44.433    Scan finished successfully
14:55:50.373    Disk 3 MBR has been saved successfully to "C:\Users\Mitchell\Desktop\MBR.dat"
14:55:50.375    The log file has been saved successfully to "C:\Users\Mitchell\Desktop\aswMBR.txt"
 
ESET:

 

 

C:\Program Files (x86)\MagicISO\Magic.ISO.Maker.v5.3.b216_patch.exe    a variant of Win32/HackTool.Patcher.AF application
C:\Users\Mitchell\Documents\_Downloads\Compressed\plzshiph4x0rtoyear2133-ch.zip    a variant of Win32/GameHack.F application
C:\Users\Mitchell\Documents\_Downloads\Compressed\Xilisoft_DVD_Ripper_Ultimate_6.0.15.1110.zip    multiple threats
C:\Users\Mitchell\Documents\_Downloads\Programs\hwmonitor_1.16-setup.exe    multiple threats
C:\Users\Mitchell\Documents\_Downloads\Programs\LimeWireWin.exe    multiple threats
C:\Users\Mitchell\Documents\_Downloads\Programs\LimeWireWin_2.exe    probably a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Mitchell\Downloads\DTLite4454-0315.exe    Win32/OpenCandy application
C:\Users\Mitchell\Downloads\FreeVideoToMP3Converter.exe    Win32/OpenCandy application
C:\Users\Mitchell\Downloads\Programs\cpu-z_1.60.1-setup-en.exe    a variant of Win32/Bundled.Toolbar.Ask application
E:\Fable IIII\paul.dll    a variant of Win32/Packed.VMProtect.AAA trojan

Edited by mitch650, 11 February 2013 - 01:33 AM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:48 PM

Posted 10 February 2013 - 11:14 PM

Logs?


Edited by narenxp, 10 February 2013 - 11:14 PM.


#5 mitch650

mitch650
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 11 February 2013 - 12:35 AM

Posted in original reply above. Thanks.


Edited by mitch650, 11 February 2013 - 01:33 AM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:48 PM

Posted 11 February 2013 - 02:55 AM

Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.  If you already have it installed launch the program and update the database.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.  You can also right click on the link and select Save Link As

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


Farbar's MiniToolBox

--------------------

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure the following options are checked:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply


===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


===================================================


AdwCleaner by Xplode - Search for Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well


===================================================


Junkware Removal Tooll by thisisu

-------------------

  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply


===================================================


Rkill

-------------------

Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:


  • In order for Rkill to run properly you must disable your anti-malware software.  Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    • Note:  You may have to run Rkill a few times before it is successful.  You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear.  Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again.  If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.


===================================================


Autoruns

--------------------

  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Junkware Removal Tool log
  • Rkill log
  • Autoruns log


 



#7 mitch650

mitch650
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 11 February 2013 - 09:54 AM

Malwarebytes log
 
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
 
Database version: v2013.02.11.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mitchell :: MITCHELL-PC [administrator]
 
Protection: Disabled
 
11/02/2013 11:52:13 PM
mbam-log-2013-02-11 (23-52-13).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220631
Time elapsed: 2 minute(s), 26 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
MiniToolBox log
MiniToolBox by Farbar  Version:10-01-2013
Ran by Mitchell (administrator) on 11-02-2013 at 13:07:14
Running from "C:\Users\Mitchell\Downloads"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
========================= FF Proxy Settings: ============================== 
 
========================= IP Configuration: ================================
 
Intel® 82579V Gigabit Network Connection = Local Area Connection (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Mitchell-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel® 82579V Gigabit Network Connection
   Physical Address. . . . . . . . . : 54-04-A6-3E-32-E5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::845f:eb4a:7ad1:1373%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.28(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, 11 February 2013 12:50:00 PM
   Lease Expires . . . . . . . . . . : Friday, 7 June 2013 6:36:39 AM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 240387238
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-53-CC-D0-54-04-A6-3E-32-E5
   DNS Servers . . . . . . . . . . . : 211.29.152.116
                                       198.142.0.51
                                       211.29.132.12
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{D0BD3EB3-DD78-4B19-994D-4E6BBC3A0030}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:1c94:2c86:2ce1:ffe2(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::1c94:2c86:2ce1:ffe2%13(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  dnspax.syd.optusnet.com.au
Address:  211.29.152.116
 
Name:    google.com
Addresses:  2404:6800:4006:803::1006
      74.125.237.97
      74.125.237.101
      74.125.237.110
      74.125.237.98
      74.125.237.104
      74.125.237.100
      74.125.237.102
      74.125.237.99
      74.125.237.105
      74.125.237.103
      74.125.237.96
 
 
Pinging google.com [74.125.237.129] with 32 bytes of data:
Reply from 74.125.237.129: bytes=32 time=15ms TTL=53
Reply from 74.125.237.129: bytes=32 time=13ms TTL=53
 
Ping statistics for 74.125.237.129:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 13ms, Maximum = 15ms, Average = 14ms
Server:  dnspax.syd.optusnet.com.au
Address:  211.29.152.116
 
Name:    yahoo.com
Addresses:  206.190.36.45
      98.139.183.24
      98.138.253.109
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=202ms TTL=49
Reply from 98.138.253.109: bytes=32 time=205ms TTL=49
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 202ms, Maximum = 205ms, Average = 203ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=3ms TTL=128
Reply from 127.0.0.1: bytes=32 time=1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 3ms, Average = 2ms
===========================================================================
Interface List
 11...54 04 a6 3e 32 e5 ......Intel® 82579V Gigabit Network Connection
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.28     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link      192.168.0.28    266
     192.168.0.28  255.255.255.255         On-link      192.168.0.28    266
    192.168.0.255  255.255.255.255         On-link      192.168.0.28    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.0.28    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.0.28    266
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 13     58 2001::/32                On-link
 13    306 2001:0:9d38:6ab8:1c94:2c86:2ce1:ffe2/128
                                    On-link
 11    266 fe80::/64                On-link
 13    306 fe80::/64                On-link
 13    306 fe80::1c94:2c86:2ce1:ffe2/128
                                    On-link
 11    266 fe80::845f:eb4a:7ad1:1373/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    306 ff00::/8                 On-link
 11    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (02/11/2013 00:51:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/11/2013 02:25:45 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/11/2013 02:25:37 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/11/2013 02:25:35 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/11/2013 02:25:30 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/11/2013 02:25:26 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/11/2013 02:25:25 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/11/2013 02:25:25 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/11/2013 02:25:21 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/11/2013 02:25:06 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (02/11/2013 00:52:02 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error: 
%%1056
 
Error: (02/11/2013 00:51:02 PM) (Source: Service Control Manager) (User: )
Description: The Portable Device Enumerator Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (02/11/2013 00:51:02 PM) (Source: Service Control Manager) (User: )
Description: The WLAN AutoConfig service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (02/11/2013 00:51:02 PM) (Source: Service Control Manager) (User: )
Description: The Diagnostic System Host service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/11/2013 00:51:02 PM) (Source: Service Control Manager) (User: )
Description: The Desktop Window Manager Session Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (02/11/2013 00:51:02 PM) (Source: Service Control Manager) (User: )
Description: The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (02/11/2013 00:51:02 PM) (Source: Service Control Manager) (User: )
Description: The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (02/11/2013 00:51:02 PM) (Source: Service Control Manager) (User: )
Description: The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (02/11/2013 00:51:02 PM) (Source: Service Control Manager) (User: )
Description: The Network Connections service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
 
Error: (02/11/2013 00:51:02 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-02-11 02:42:29.704
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-02-11 02:42:29.694
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
=========================== Installed Programs ============================
 
 Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 Plugin (Version: 11.5.502.149)
Adobe Flash Player 9 ActiveX (Version: 9)
Adobe Reader X (10.1.5) (Version: 10.1.5)
Advertising Center (Version: 0.0.0.2)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
ARMA 2
ARMA 2: Operation Arrowhead
Asmedia ASM104x USB 3.0 Host Controller Driver (Version: 1.14.1.0)
Asmedia ASM106x SATA Host Controller Driver (Version: 1.2.2.000)
Assassin's Creed ® III (Version: 1.00)
ASUS_ROG_THEME (Version: 1.00.03)
AVG 2012 (Version: 12.0.2639)
AVG 2012 (Version: 12.1.2238)
AVG 2012 (Version: 2012.1.2238)
AVG Security Toolbar (Version: 14.0.0.14)
Battlefield 3™ (Version: 1.0.0.0)
Battlelog Web Plugins (Version: 1.118.0)
BattlEye for OA Uninstall
BattlEye Uninstall
Binary Domain version 1.02 (Version: 1.02)
Blacklight Retribution
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.1219.1521.27485)
Catalyst Control Center Graphics Previews Common (Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (Version: 2012.1219.1521.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (Version: 2012.1219.1520.27485)
CCC Help Czech (Version: 2012.1219.1520.27485)
CCC Help Danish (Version: 2012.1219.1520.27485)
CCC Help Dutch (Version: 2012.1219.1520.27485)
CCC Help English (Version: 2012.1219.1520.27485)
CCC Help Finnish (Version: 2012.1219.1520.27485)
CCC Help French (Version: 2012.1219.1520.27485)
CCC Help German (Version: 2012.1219.1520.27485)
CCC Help Greek (Version: 2012.1219.1520.27485)
CCC Help Hungarian (Version: 2012.1219.1520.27485)
CCC Help Italian (Version: 2012.1219.1520.27485)
CCC Help Japanese (Version: 2012.1219.1520.27485)
CCC Help Korean (Version: 2012.1219.1520.27485)
CCC Help Norwegian (Version: 2012.1219.1520.27485)
CCC Help Polish (Version: 2012.1219.1520.27485)
CCC Help Portuguese (Version: 2012.1219.1520.27485)
CCC Help Russian (Version: 2012.1219.1520.27485)
CCC Help Spanish (Version: 2012.1219.1520.27485)
CCC Help Swedish (Version: 2012.1219.1520.27485)
CCC Help Thai (Version: 2012.1219.1520.27485)
CCC Help Turkish (Version: 2012.1219.1520.27485)
Command & Conquer Generals (Version: 0.50.0000)
Command and ConquerTM Generals Zero Hour (Version: 1.00.0000)
Corsair K90 Firmware Update Application
Corsair K90 Gaming Keyboard Driver V1.0
CPUID CPU-Z 1.60.1
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.45.4.0315)
Dead Space 3 version 5.1 (Version: 5.1)
Diablo III (Version: 1.0.2.9858)
DmC Devil may Cry version 5.1 (Version: 5.1)
ESN Sonar (Version: 0.70.4)
Google Chrome (Version: 24.0.1312.57)
Google Update Helper (Version: 1.3.21.135)
Hi-Rez Studios Authenticate and Update Service (Version: 3.0.0.0)
ImagXpress (Version: 7.0.74.0)
Intel® Network Connections Drivers (Version: 16.5)
Intel® Rapid Storage Technology enterprise (Version: 3.0.0.1112)
Internet Download Manager
iTunes (Version: 11.0.1.12)
JavaFX 2.1.1 (Version: 2.1.1)
Kaspersky Security Scan (Version: 12.0.1.117)
Kingdoms of Amalur Reckoning
Magic Workstation 0.94f
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Menu Templates - Starter Kit (Version: 9.6.0.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Project 2007 Service Pack 3 (SP3)
Microsoft Office Project MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Project Professional 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio Professional 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Movie Maker (Version: 16.4.3505.0912)
Movie Templates - Starter Kit (Version: 9.6.0.0)
Mozilla Firefox 13.0 (x86 en-US) (Version: 13.0)
Mozilla Maintenance Service (Version: 13.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MTG Card Images for Magic Workstation
MTG GamePack for Magic Workstation
Need for Speed Most Wanted
Nero 9 Essentials
Nero BurnRights (Version: 3.4.13.100)
Nero BurnRights Help (Version: 3.4.4.100)
Nero ControlCenter (Version: 9.0.0.1)
Nero CoverDesigner (Version: 4.4.23.100)
Nero DiscSpeed (Version: 5.4.13.100)
Nero DriveSpeed (Version: 4.4.12.100)
Nero Express Help (Version: 9.4.39.100)
Nero InfoTool (Version: 6.4.12.100)
Nero Installer (Version: 4.4.9.0)
Nero Online Upgrade (Version: 1.3.0.0)
Nero ShowTime (Version: 5.4.27.100)
Nero StartSmart (Version: 9.4.40.100)
Nero StartSmart Help (Version: 9.4.40.100)
Nero StartSmart OEM (Version: 9.4.10.100)
Nero Vision (Version: 6.4.19.100)
Nero Vision Help (Version: 6.4.15.100)
NeroExpress (Version: 1.0.0.0)
neroxml (Version: 1.0.0)
NVIDIA PhysX (Version: 9.12.0613)
OpenNI 1.5.4.0 for Windows 64-bit (Version: 1.5.4.0)
Origin (Version: 8.6.0.357)
PAYDAY: The Heist
Photo Gallery (Version: 16.4.3505.0912)
PlanetSide 2
PrimeSense - NITE 1.5.2.21 for Windows 64-bit (Version: 1.5.2.21)
PrimeSense Sensor 5.1.2.1 for Windows 64-bit (Version: 5.1.2.1)
PrimeSense Sensor KinectMod 5.1.2.1 for Windows 64-bit (Version: 5.1.2.1)
Prototype 2 version 5.1 (Version: 5.1)
PunkBuster Services (Version: 0.991)
Ralink RT2870 Wireless LAN Card (Version: 1.5.6.0)
Realtek High Definition Audio Driver (Version: 6.0.1.6602)
ROG_Video Intro  Screen Saver
Skype Click to Call (Version: 6.5.11422)
Skype™ 6.1 (Version: 6.1.129)
Smart Technology Programming Software 7.0.23.0 (Version: 7.0.23.0)
Smite Closed Beta (Version: 0.1.976.1)
Speccy (Version: 1.16)
Steam (Version: 1.0.0.0)
Stronghold 3
The Darkness II version 1.0 (Version: 1.0)
Tixati
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Uplay (Version: 2.0)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Windows Driver Package - PrimeSense (psdrv3) PrimeSense  (05/22/2012 3.1.3.1) (Version: 05/22/2012 3.1.3.1)
Windows Driver Package - PrimeSense (psdrv3) PrimeSense  (11/21/2011 3.1.3.1) (Version: 11/21/2011 3.1.3.1)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
WinRAR 4.20 beta 2 (64-bit) (Version: 4.20.2)
WinZip 15.0 (Version: 15.0.9411)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 22%
Total physical RAM: 16359.06 MB
Available physical RAM: 12662.02 MB
Total Pagefile: 32716.31 MB
Available Pagefile: 28381.71 MB
Total Virtual: 4095.88 MB
Available Virtual: 3966.18 MB
 
========================= Partitions: =====================================
 
3 Drive c: (Windows 7 Primary) (Fixed) (Total:421.29 GB) (Free:267.82 GB) NTFS
4 Drive d: (Windows 7 - Media Partition) (Fixed) (Total:488.28 GB) (Free:15.47 GB) NTFS
5 Drive e: (Windows 7 - Games Partition) (Fixed) (Total:345.57 GB) (Free:24.35 GB) NTFS
6 Drive f: (Dedicated Games) (Fixed) (Total:440.76 GB) (Free:24.46 GB) NTFS
8 Drive x: () (Fixed) (Total:510.12 GB) (Free:457.57 GB) NTFS
9 Drive y: (Windows 7 Old) (Fixed) (Total:97.66 GB) (Free:8.18 GB) NTFS
10 Drive z: (Backup) (Fixed) (Total:698.64 GB) (Free:35.84 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\MITCHELL-PC
 
Administrator            Guest                    Mitchell                 
 
 
**** End of log ****
 
 
Farbar's Service Scanner log
Farbar Service Scanner Version: 10-02-2013
Ran by Mitchell (administrator) on 12-02-2013 at 01:43:21
Running from "C:\Users\Mitchell\Downloads"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****
AdwCleaner log
# AdwCleaner v2.112 - Logfile created 02/11/2013 at 23:43:55
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Mitchell - MITCHELL-PC
# Boot Mode : Normal
# Running from : C:\Users\Mitchell\Downloads\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Users\Mitchell\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Mitchell\AppData\LocalLow\AVG Secure Search
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16457
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v13.0 (en-US)
 
File : C:\Users\Mitchell\AppData\Roaming\Mozilla\Firefox\Profiles\0rcgoiuf.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v24.0.1312.57
 
File : C:\Users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.20] : urls_to_restore_on_startup = [ "hxxp://www.google.com/", "hxxps://isearch.avg.com/?cid={18[...]
Deleted [l.2721] : urls_to_restore_on_startup = [ "hxxp://www.google.com/", "hxxps://isearch.avg.com/?cid={18B8F[...]
 
*************************
 
AdwCleaner[S1].txt - [5167 octets] - [11/02/2013 23:43:55]
 
########## EOF - C:\AdwCleaner[S1].txt - [5227 octets] ##########
 
Junkware Removal Tool log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Windows 7 Ultimate x64
Ran by Mitchell on Tue 12/02/2013 at  1:44:59.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{0055c089-8582-441b-a0bf-17b458c2a3a8}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{0055c089-8582-441b-a0bf-17b458c2a3a8}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\Mitchell\AppData\Roaming\mozilla\firefox\profiles\0rcgoiuf.default\minidumps [31 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 12/02/2013 at  1:48:25.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Rkill log
Rkill 2.4.6 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 02/12/2013 01:50:54 AM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 02/12/2013 01:50:57 AM
Execution time: 0 hours(s), 0 minute(s), and 2 seconds(s)
 
Autoruns log
 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""
+ "ProfilerU"    "Saitek SST Profile Launcher"    "Saitek"    "c:\program files\smarttechnology\software\profileru.exe"
+ "SaiMfd"    "Saitek MFD File System Driver"    "Saitek"    "c:\program files\smarttechnology\software\saimfd.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""
+ "AVG_TRAY"    "AVG Tray Monitor"    "AVG Technologies CZ, s.r.o."    "c:\program files (x86)\avg\avg2012\avgtray.exe"
+ "Corsair laver"    "Vengeance Gaming Software"    "Corsair Components  Inc"    "c:\program files (x86)\corsair\k90 keyboard\k90hid.exe"
+ "StartCCC"    "Catalyst® Control Center Launcher"    "Advanced Micro Devices, Inc."    "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe"
"C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"    ""    ""    ""
+ "Stardock ObjectDock.lnk"    "ObjectDock"    "Stardock"    "c:\program files (x86)\stardock\objectdock\objectdock.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components"    ""    ""    ""
+ "Microsoft Windows"    "Windows Mail"    "Microsoft Corporation"    "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components"    ""    ""    ""
+ "Google Chrome"    "Google Chrome"    "Google Inc."    "c:\program files (x86)\google\chrome\application\24.0.1312.57\installer\chrmstp.exe"
+ "Microsoft Windows"    "Windows Mail"    "Microsoft Corporation"    "c:\program files (x86)\windows mail\winmail.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter"    ""    ""    ""
+ "text/xml"    "Microsoft Office XML MIME Filter"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler"    ""    ""    ""
+ "linkscanner"    "Safe Search pluggable protocol"    "AVG Technologies CZ, s.r.o."    "c:\program files (x86)\avg\avg2012\avgppa.dll"
+ "skype-ie-addon-data"    "Skype Click to Call for Internet Explorer"    "Skype Technologies S.A."    "c:\program files (x86)\skype\toolbars\internet explorer x64\skypeieplugin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks"    ""    ""    ""
+ "Groove GFS Stub Execution Hook"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "AVG Shell Extension"    "AVG Shell Extension"    "AVG Technologies CZ, s.r.o."    "c:\program files (x86)\avg\avg2012\avgsea.dll"
+ "WinRAR"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files\winrar\rarext.dll"
+ "WinZip"    "WinZip Shell Extension DLL"    "WinZip Computing, S.L."    "c:\program files (x86)\winzip\wzshls64.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "AVG Shell Extension"    "AVG Shell Extension"    "AVG Technologies CZ, s.r.o."    "c:\program files (x86)\avg\avg2012\avgse.dll"
+ "Cover Designer"    "Cover Designer"    "Nero AG"    "c:\program files (x86)\nero\nero 9\nero coverdesigner\coveredextension.dll"
+ "WinRAR32"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files\winrar\rarext32.dll"
+ "WinZip"    "WinZip Shell Extension DLL"    "WinZip Computing, S.L."    "c:\program files (x86)\winzip\wzshlstb.dll"
+ "XXX Groove GFS Context Menu Handler XXX"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "XXX Groove GFS Context Menu Handler XXX"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "WinZip"    "WinZip Shell Extension DLL"    "WinZip Computing, S.L."    "c:\program files (x86)\winzip\wzshls64.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "WinZip"    "WinZip Shell Extension DLL"    "WinZip Computing, S.L."    "c:\program files (x86)\winzip\wzshlstb.dll"
+ "XXX Groove GFS Context Menu Handler XXX"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers"    ""    ""    ""
+ "WinZip"    "WinZip Shell Extension DLL"    "WinZip Computing, S.L."    "c:\program files (x86)\winzip\wzshls64.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers"    ""    ""    ""
+ "WinZip"    "WinZip Shell Extension DLL"    "WinZip Computing, S.L."    "c:\program files (x86)\winzip\wzshlstb.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "ACE"    "AMD Desktop Control Panel"    "Advanced Micro Devices, Inc."    "c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll"
+ "Gadgets"    "Sidebar droptarget"    "Microsoft Corporation"    "c:\program files\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "Gadgets"    "Sidebar droptarget"    "Microsoft Corporation"    "c:\program files (x86)\windows sidebar\sbdrop.dll"
+ "XXX Groove GFS Context Menu Handler XXX"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers"    ""    ""    ""
+ "PDF Shell Extension"    "PDF Shell Extension"    "Adobe Systems, Inc."    "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "AVG Shell Extension"    "AVG Shell Extension"    "AVG Technologies CZ, s.r.o."    "c:\program files (x86)\avg\avg2012\avgsea.dll"
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "WinRAR"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files\winrar\rarext.dll"
+ "WinZip"    "WinZip Shell Extension DLL"    "WinZip Computing, S.L."    "c:\program files (x86)\winzip\wzshls64.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "AVG Shell Extension"    "AVG Shell Extension"    "AVG Technologies CZ, s.r.o."    "c:\program files (x86)\avg\avg2012\avgse.dll"
+ "WinRAR32"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files\winrar\rarext32.dll"
+ "WinZip"    "WinZip Shell Extension DLL"    "WinZip Computing, S.L."    "c:\program files (x86)\winzip\wzshlstb.dll"
+ "XXX Groove GFS Context Menu Handler XXX"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers"    ""    ""    ""
+ "WinRAR"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files\winrar\rarext.dll"
+ "WinZip"    "WinZip Shell Extension DLL"    "WinZip Computing, S.L."    "c:\program files (x86)\winzip\wzshls64.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers"    ""    ""    ""
+ "WinRAR32"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files\winrar\rarext32.dll"
+ "WinZip"    "WinZip Shell Extension DLL"    "WinZip Computing, S.L."    "c:\program files (x86)\winzip\wzshlstb.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"    ""    ""    ""
+ "IDM Shell Extension"    "Internet Download Manager module"    "Tonec Inc."    "c:\program files (x86)\internet download manager\idmshellext64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"    ""    ""    ""
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""
+ "AVG Do Not Track"    "AVG Do Not Track for IE"    "AVG Technologies CZ, s.r.o."    "c:\program files (x86)\avg\avg2012\avgdtiea.dll"
+ "IDM integration (IDMIEHlprObj Class)"    "IDM Browser Helper Object"    "Internet Download Manager, Tonec Inc."    "c:\program files (x86)\internet download manager\idmiecc64.dll"
+ "Java™ Plug-In 2 SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "c:\program files\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "c:\program files\java\jre7\bin\ssv.dll"
+ "Skype add-on for Internet Explorer"    "Skype Click to Call for Internet Explorer"    "Skype Technologies S.A."    "c:\program files (x86)\skype\toolbars\internet explorer x64\skypeieplugin.dll"
+ "Windows Live ID Sign-in Helper"    "Microsoft® Windows Live ID Login Helper"    "Microsoft Corp."    "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""
+ "Adobe PDF Link Helper"    "Adobe PDF Helper for Internet Explorer"    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Groove GFS Browser Helper"    "GrooveShellExtensions Module"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Skype Browser Helper"    "Skype Click to Call for Internet Explorer"    "Skype Technologies S.A."    "c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "Windows Live ID Sign-in Helper"    "Microsoft® Windows Live ID Login Helper"    "Microsoft Corp."    "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions"    ""    ""    ""
+ "AVG Do Not Track"    "AVG Do Not Track for IE"    "AVG Technologies CZ, s.r.o."    "c:\program files (x86)\avg\avg2012\avgdtiea.dll"
+ "Skype Click to Call"    "Skype Click to Call for Internet Explorer"    "Skype Technologies S.A."    "c:\program files (x86)\skype\toolbars\internet explorer x64\skypeieplugin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions"    ""    ""    ""
+ "S&end to OneNote"    "Microsoft Office OneNote Internet Explorer Add-in"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\onbttnie.dll"
+ "Skype Click to Call"    "Skype Click to Call for Internet Explorer"    "Skype Technologies S.A."    "c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll"
"Task Scheduler"    ""    ""    ""
+ "\Adobe Flash Player Updater"    "Adobe® Flash® Player Update Service 11.5 r502"    "Adobe Systems Incorporated"    "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "\Apple\AppleSoftwareUpdate"    "Apple Software Update"    "Apple Inc."    "c:\program files (x86)\apple software update\softwareupdate.exe"
+ "\GoogleUpdateTaskMachineCore"    "Google Installer"    "Google Inc."    "c:\program files (x86)\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskMachineUA"    "Google Installer"    "Google Inc."    "c:\program files (x86)\google\update\googleupdate.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task"    "Windows Live Social Object Extractor Engine"    "Microsoft Corporation"    "c:\program files (x86)\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo"    ""    ""    "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary"    "Windows Media Player Network Sharing Service Configuration Application"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnscfg.exe"
+ "\SidebarExecute"    "Windows Desktop Gadgets"    "Microsoft Corporation"    "c:\program files\windows sidebar\sidebar.exe"
+ "\{5C8F7A9C-777D-4311-AFD6-C475F0047F24}"    "Google Chrome"    "Google Inc."    "c:\program files (x86)\google\chrome\application\chrome.exe"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""
+ "Apple Mobile Device"    "Provides the interface to Apple mobile devices."    "Apple Inc."    "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "AVGIDSAgent"    "Provides Identity Protection Against Cyber Crime."    "AVG Technologies CZ, s.r.o."    "c:\program files (x86)\avg\avg2012\avgidsagent.exe"
+ "avgwd"    "AVG Watchdog Service"    "AVG Technologies CZ, s.r.o."    "c:\program files (x86)\avg\avg2012\avgwdsvc.exe"
+ "Bonjour Service"    "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence."    "Apple Inc."    "c:\program files\bonjour\mdnsresponder.exe"
+ "iPod Service"    "iPod hardware management services"    "Apple Inc."    "c:\program files\ipod\bin\ipodservice.exe"
+ "Microsoft Office Groove Audit Service"    "Groove Audit Service"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office12\grooveauditservice.exe"
+ "odserv"    "Run portions of Microsoft Office Diagnostics."    "Microsoft Corporation"    "c:\program files (x86)\common files\microsoft shared\office12\odserv.exe"
+ "ose"    "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports."    "Microsoft Corporation"    "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "PnkBstrA"    "PunkBuster Service Component [v1034] http://www.evenbalance.com"    ""    "c:\windows\syswow64\pnkbstra.exe"
+ "WinDefend"    "Protection against spyware and potentially unwanted software"    "Microsoft Corporation"    "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc"    "Enables Windows Live ID authentication."    "Microsoft Corp."    "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc"    "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""
+ "adp94xx"    "Adaptec Windows SAS/SATA Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci"    "Adaptec Windows SATA Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320"    "Adaptec StorPort Ultra320 SCSI Driver (X64)"    "Adaptec, Inc."    "c:\windows\system32\drivers\adpu320.sys"
+ "aliide"    "ALi mini IDE Driver"    "Acer Laboratories Inc."    "c:\windows\system32\drivers\aliide.sys"
+ "amdkmdag"    "ATI Radeon Kernel Mode Driver"    "Advanced Micro Devices, Inc."    "c:\windows\system32\drivers\atikmdag.sys"
+ "amdkmdap"    "AMD multi-vendor Miniport Driver"    "Advanced Micro Devices, Inc."    "c:\windows\system32\drivers\atikmpag.sys"
+ "amdsata"    "AHCI 1.2 Device Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs"    "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform"    "AMD Technologies Inc."    "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata"    "Storage Filter Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\amdxata.sys"
+ "arc"    "Adaptec RAID Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\arc.sys"
+ "arcsas"    "Adaptec SAS RAID WS03 Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\arcsas.sys"
+ "asahci64"    "Asmedia 106x SATA Host Controller Driver"    "Asmedia Technology"    "c:\windows\system32\drivers\asahci64.sys"
+ "asmthub3"    "ASMedia USB3 Hub Driver"    "ASMedia Technology Inc"    "c:\windows\system32\drivers\asmthub3.sys"
+ "asmtxhci"    "ASMEDIA XHCI Host Controller Driver"    "ASMedia Technology Inc"    "c:\windows\system32\drivers\asmtxhci.sys"
+ "AtiHDAudioService"    "AMD High Definition Audio Function Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\atihdw76.sys"
+ "AVGIDSDriver"    "AVG Technologies IDS Application Activity Monitor Driver"    "AVG Technologies CZ, s.r.o. "    "c:\windows\system32\drivers\avgidsdrivera.sys"
+ "AVGIDSFilter"    "AVG Technologies IDS Application Activity Monitor Filter Driver"    "AVG Technologies CZ, s.r.o. "    "c:\windows\system32\drivers\avgidsfiltera.sys"
+ "AVGIDSHA"    "AVG Technologies IDS Application Activity Monitor Helper Driver"    "AVG Technologies CZ, s.r.o. "    "c:\windows\system32\drivers\avgidsha.sys"
+ "Avgldx64"    "AVG AVI Loader Driver"    "AVG Technologies CZ, s.r.o."    "c:\windows\system32\drivers\avgldx64.sys"
+ "Avgmfx64"    "AVG Resident Shield Minifilter Driver"    "AVG Technologies CZ, s.r.o."    "c:\windows\system32\drivers\avgmfx64.sys"
+ "Avgrkx64"    "AVG Anti-Rootkit Driver"    "AVG Technologies CZ, s.r.o."    "c:\windows\system32\drivers\avgrkx64.sys"
+ "Avgtdia"    "AVG Network connection watcher"    "AVG Technologies CZ, s.r.o."    "c:\windows\system32\drivers\avgtdia.sys"
+ "avgtp"    ""    "AVG Technologies"    "c:\windows\system32\drivers\avgtpx64.sys"
+ "b06bdrv"    "Broadcom NetXtreme II GigE VBD"    "Broadcom Corporation"    "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a"    "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver."    "Broadcom Corporation"    "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo"    "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp"    "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid"    "Brotehr Serial I/F Driver (WDM)"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm"    "Brother Serial driver (WDM version)"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm"    "Brother USB MDM Driver "    "Brother Industries Ltd."    "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer"    "Brother USB Serial Driver"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brusbser.sys"
+ "catchme"    ""    ""    "File not found: C:\ComboFix\catchme.sys"
+ "cmdide"    "CMD PCI IDE Bus Driver"    "CMD Technology, Inc."    "c:\windows\system32\drivers\cmdide.sys"
+ "CORSGKB"    ""    " "    "c:\windows\system32\drivers\corsgkb.sys"
+ "cpuz135"    "CPUID Driver"    "CPUID"    "c:\windows\system32\drivers\cpuz135_x64.sys"
+ "dtsoftbus01"    "DAEMON Tools Virtual Bus Driver"    "DT Soft Ltd"    "c:\windows\system32\drivers\dtsoftbus01.sys"
+ "e1cexpress"    "Intel® Gigabit Adapter NDIS 6.x driver"    "Intel Corporation"    "c:\windows\system32\drivers\e1c62x64.sys"
+ "ebdrv"    "Broadcom NetXtreme II 10 GigE VBD"    "Broadcom Corporation"    "c:\windows\system32\drivers\evbda.sys"
+ "elxstor"    "Storport Miniport Driver for LightPulse HBAs"    "Emulex"    "c:\windows\system32\drivers\elxstor.sys"
+ "EverestDriver"    ""    ""    "c:\program files (x86)\lavalys\everest ultimate edition\kerneld.amd64"
+ "GEARAspiWDM"    "CD DVD Filter"    "GEAR Software Inc."    "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir"    "Hauppauge WinTV 885 Consumer IR Driver for eHome"    "Hauppauge Computer Works, Inc."    "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD"    "Smart Array SAS/SATA Controller Media Driver"    "Hewlett-Packard Company"    "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStorA"    "Intel Rapid Storage Technology Enterprise driver - x64"    "Intel Corporation"    "c:\windows\system32\drivers\iastora.sys"
+ "iaStorF"    "RSTe Filter Driver"    "Intel Corporation"    "c:\windows\system32\drivers\iastorf.sys"
+ "iaStorV"    "Intel Matrix Storage Manager driver - x64"    "Intel Corporation"    "c:\windows\system32\drivers\iastorv.sys"
+ "IDMWFP"    "Internet Download Manager WFP Driver"    "Tonec Inc."    "c:\windows\system32\drivers\idmwfp.sys"
+ "iirsp"    "Intel/ICP Raid Storport Driver"    "Intel Corp./ICP vortex GmbH"    "c:\windows\system32\drivers\iirsp.sys"
+ "IntcAzAudAddService"    "Realtek® High Definition Audio Function Driver"    "Realtek Semiconductor Corp."    "c:\windows\system32\drivers\rtkvhd64.sys"
+ "ivusb"    "Initio Default Vendor Specific Device Driver"    "Initio Corporation"    "c:\windows\system32\drivers\ivusb.sys"
+ "LSI_FC"    "LSI Fusion-MPT FC Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS"    "LSI Fusion-MPT SAS Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2"    "LSI SAS Gen2 Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI"    "LSI Fusion-MPT SCSI Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_scsi.sys"
+ "MBAMProtector"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\windows\system32\drivers\mbam.sys"
+ "megasas"    "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64"    "LSI Corporation"    "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR"    "LSI MegaRAID Software RAID Driver"    "LSI Corporation, Inc."    "c:\windows\system32\drivers\megasr.sys"
+ "Netaapl"    "Apple Mobile Device Ethernet"    "Apple Inc."    "c:\windows\system32\drivers\netaapl64.sys"
+ "netr28ux"    "Ralink 802.11n Wireless Adapter Driver"    "Ralink Technology Corp."    "c:\windows\system32\drivers\netr28ux.sys"
+ "nfrd960"    "IBM ServeRAID Controller Driver"    "IBM Corporation"    "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid"    "NVIDIA® nForce™ RAID Driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor"    "NVIDIA® nForce™ Sata Performance Driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvstor.sys"
+ "psdrv3"    "Prime Sensor Device Driver v3.0"    "Prime Sense Ltd."    "c:\windows\system32\drivers\psdrv3.sys"
+ "ql2300"    "QLogic Fibre Channel Stor Miniport Driver"    "QLogic Corporation"    "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx"    "QLogic iSCSI Storport Miniport Driver"    "QLogic Corporation"    "c:\windows\system32\drivers\ql40xx.sys"
+ "SaiK0CD7"    "Saitek Hid Driver"    "Saitek"    "c:\windows\system32\drivers\saik0cd7.sys"
+ "SaiMini"    "Saitek Magic Mini Driver"    "Saitek"    "c:\windows\system32\drivers\saimini.sys"
+ "SaiNtBus"    "Smart Technology Helpers"    "Saitek"    "c:\windows\system32\drivers\saibus.sys"
+ "SaiU0CD7"    "Saitek Usb Driver"    "Saitek"    "c:\windows\system32\drivers\saiu0cd7.sys"
+ "secdrv"    "Macrovision SECURITY Driver"    "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K."    "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2"    "SiS RAID Stor Miniport Driver"    "Silicon Integrated Systems Corp."    "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4"    "SiS AHCI Stor-Miniport Driver"    "Silicon Integrated Systems"    "c:\windows\system32\drivers\sisraid4.sys"
+ "stexstor"    "Promise  SuperTrak EX Series Driver for Windows "    "Promise Technology"    "c:\windows\system32\drivers\stexstor.sys"
+ "USBAAPL64"    "Apple Mobile Device USB Driver"    "Apple, Inc."    "c:\windows\system32\drivers\usbaapl64.sys"
+ "VGPU"    ""    ""    "File not found: System32\drivers\rdvgkmd.sys"
+ "viaide"    "VIA Generic PCI IDE Bus Driver"    "VIA Technologies, Inc."    "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid"    "VIA RAID DRIVER FOR AMD-X86-64"    "VIA Technologies Inc.,Ltd"    "c:\windows\system32\drivers\vsmraid.sys"
+ "WinRing0_1_2_0"    "WinRing0"    "OpenLibSys.org"    "c:\program files (x86)\realtemp\winring0x64.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid"    "Cinepak® Codec"    "Radius Inc."    "c:\windows\syswow64\iccvid.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"    ""    ""    ""
+ "AMD MJPEG Decoder"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI MPEG Audio Encoder"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI MPEG File Writer"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI MPEG Multiplexer"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI MPEG Video Decoder"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI MPEG Video Encoder"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI Video Rotation Filter"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI Video Scaler Filter"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"    ""    ""    ""
+ "AMD MJPEG Decoder"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG Audio Encoder"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG File Writer"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG Multiplexer"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG Video Decoder"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG Video Encoder"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI Ticker"    ""    ""    "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\ticker.ax"
+ "ATI Video Rotation Filter"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI Video Scaler Filter"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "Capture File Writer"    "Photo Gallery Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "MMACE Deinterlace"    ""    ""    "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE ProcAmp"    ""    ""    "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE SoftEmu"    ""    ""    "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "Record Queue"    "Photo Gallery Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WM VIH2 Fix"    "Photo Gallery Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter"    "Photo Gallery Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter"    "Photo Gallery Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter"    "Photo Gallery Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer"    "Photo Gallery Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source"    "Photo Gallery Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute"    ""    ""    ""
+ "C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart"    "AVG Resident Shield Service"    "AVG Technologies CZ, s.r.o."    "c:\program files (x86)\avg\avg2012\avgrsa.exe"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers"    ""    ""    ""
+ "WLIDCredentialProvider"    "Microsoft® Windows Live ID Credential Provider"    "Microsoft Corp."    "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKCU\Control Panel\Desktop\Scrnsave.exe"    ""    ""    ""
+ "C:\Windows\system32\ROG_VI~1.SCR"    ""    ""    "File not found: C:\Windows\system32\ROG_VI~1.SCR"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries"    ""    ""    ""
+ "mdnsNSP"    "Bonjour Namespace Provider"    "Apple Inc."    "c:\program files (x86)\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP"    "Microsoft® Windows Live ID Namespace Provider"    "Microsoft Corp."    "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP"    "Microsoft® Windows Live ID Namespace Provider"    "Microsoft Corp."    "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64"    ""    ""    ""
+ "mdnsNSP"    "Bonjour Namespace Provider"    "Apple Inc."    "c:\program files\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP"    "Microsoft® Windows Live ID Namespace Provider"    "Microsoft Corp."    "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP"    "Microsoft® Windows Live ID Namespace Provider"    "Microsoft Corp."    "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors"    ""    ""    ""
+ "PCL hpz3lw71"    "LanguageMonitor"    "Hewlett-Packard Corporation"    "c:\windows\system32\hpz3lw71.dll"

Edited by mitch650, 11 February 2013 - 06:57 PM.


#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:48 PM

Posted 11 February 2013 - 12:09 PM

Can you edit your previous post and remove combofix log?

 

Combofix logs are not allowed here.It is important not to run any other tools when you are being assisted.

 

Any other issues?



#9 mitch650

mitch650
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 11 February 2013 - 06:58 PM

sorry about that, that was an older log from before getting assistance here, has been replaced with correct minitoolbox log.


No, the only issue is that some instances of svchost have a very high memory usage. One of which continues to rise throughout the course of the computer being on until it goes past 300mb even 400mb

Cheers.



#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:48 PM

Posted 11 February 2013 - 11:05 PM

It should probably be due to antivirus.Lets try a clean boot

 

http://www.askdrtech.com/solutions/post/How-to-perform-a-clean-startup-%28clean-boot%29-in-Windows-7.aspx

 

Any changes?

 

Download

 

http://download.sysinternals.com/files/ProcessExplorer.zip

 

Extract and launch it.

 

Find out the svchost.exe process that has high CPU usage.



#11 mitch650

mitch650
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 11 February 2013 - 11:52 PM

the command line is 

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

The services are

Windows Audio Endpoint Builder
Offline Files
Human Interface Device Access
HomeGroup Listener
Network Connections
Program Compatibility Assistant Service
Superfetch
Distributed Link Tracking Client
Desktop Window Manager Session Manager
WLAN AutoConfig
Windows Driver Foundation - User-mode Driver Framework

In safe mode there was no high usage svchost.exe if that helps.

 

thanks.



#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:48 PM

Posted 12 February 2013 - 09:05 AM

Press Windows+R key and type

 

services.msc and click ok

 

Stop the services one by one

 

Check at the CPU Usage now.See which one is causing high amount of CPU Usage.Start from Windows Audio highpoint builder which is known to cause this issue.



#13 mitch650

mitch650
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 12 February 2013 - 10:59 AM

Press Windows+R key and type

 

services.msc and click ok

 

Stop the services one by one

 

Check at the CPU Usage now.See which one is causing high amount of CPU Usage.Start from Windows Audio highpoint builder which is known to cause this issue.

Found the culprit,

It's the superfetch process.

Is this a necessary service or can it stay disabled?

Thanks 



#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:48 PM

Posted 12 February 2013 - 11:07 AM

For 16 GB RAM it should be ok to turn it off.Turn it off and let me know how system behaves especially bootup time and application loading speed.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users