Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Operating Memory Virus


  • This topic is locked This topic is locked
4 replies to this topic

#1 gakkbu

gakkbu

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 31 May 2012 - 04:46 AM

My anitivirus is ESET Nod32 5

Tried using aswMBR
This was the result.
also tried using Roguekiller but wasn't able to find the virus said above.
and i think also aswMBR.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-21 22:32:27
-----------------------------
22:32:27.343 OS Version: Windows x64 6.1.7601 Service Pack 1
22:32:27.343 Number of processors: 4 586 0x3A09
22:32:27.343 ComputerName: NIALL-PC UserName: Niall
22:32:31.383 Initialize success
22:41:12.984 AVAST engine defs: 12052100
22:41:37.824 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:41:37.834 Disk 0 Vendor: ST350041 CC35 Size: 476940MB BusType: 3
22:41:37.834 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
22:41:37.834 Disk 1 Vendor: ST350032 SD15 Size: 476940MB BusType: 3
22:41:37.844 Disk 0 MBR read successfully
22:41:37.844 Disk 0 MBR scan
22:41:37.854 Disk 0 Windows 7 default MBR code
22:41:37.854 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:41:37.864 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
22:41:37.884 Disk 0 scanning C:\Windows\system32\drivers
22:41:49.794 Service scanning
22:42:05.184 Modules scanning
22:42:05.184 Disk 0 trace - called modules:
22:42:05.214 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys sptd.sys hal.dll
22:42:05.214 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009dcc060]
22:42:05.224 3 CLASSPNP.SYS[fffff88001c5143f] -> nt!IofCallDriver -> [0xfffffa8007874620]
22:42:05.224 5 ACPI.sys[fffff880011a57a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8007876050]
22:42:18.804 AVAST engine scan C:\Windows
22:42:20.374 AVAST engine scan C:\Windows\system32
22:44:38.124 AVAST engine scan C:\Windows\system32\drivers
22:44:52.074 AVAST engine scan C:\Users\Niall
22:45:22.224 File: C:\Users\Niall\AppData\Roaming\Hacker.exe **INFECTED** Win32:Dropper-KXU [Drp]
22:49:49.084 AVAST engine scan C:\ProgramData
22:50:00.914 Scan finished successfully
22:50:34.425 Disk 0 MBR has been saved successfully to "C:\Users\Niall\Desktop\MBR.dat"
22:50:34.435 The log file has been saved successfully to "C:\Users\Niall\Desktop\aswMBR.txt"

any help will be appreciated. thanks.

BC AdBot (Login to Remove)

 


#2 gakkbu

gakkbu
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 31 May 2012 - 04:48 AM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Niall at 17:39:42 on 2012-05-31
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8088.6363 [GMT 8:00]
.
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ASRock\XFast LAN\spd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe
C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.exe
C:\Users\Niall\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Users\Niall\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\DFX\DFX.exe
C:\Users\Niall\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\XFastUSB\XFastUsb.exe
C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
C:\Program Files (x86)\DFX\Universal\Apps\dfxItunesSong.exe
C:\Program Files\Lucidlogix Technologies\VIRTU MVP\EKAG20NT.EXE
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Waterfox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - C:\Program Files (x86)\FlashGet\jccatch.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - C:\Program Files (x86)\FlashGet\getflash.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [ASRockXTU]
uRun: [zASRockInstantBoot]
uRun: [Google Update] "C:\Users\Niall\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Facebook Update] "C:\Users\Niall\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"
mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Niall\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Niall\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DFX.lnk - C:\Program Files (x86)\DFX\DFX.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm
IE: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{8EB3261E-0F17-4977-B0F1-D25AC683EC8E} : NameServer = 202.153.97.130,192.168.254.254
TCP: Interfaces\{8EB3261E-0F17-4977-B0F1-D25AC683EC8E} : DhcpNameServer = 192.168.254.254
AppInit_DLLs: C:\Windows\SysWOW64\appinit_dll.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: FGCatchUrl: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll
BHO-X64: flashget urlcatch - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FlashGet GetFlash Class: {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun-x64: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"
mRun-x64: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE-X64: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
IE-X64: {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files (x86)\StreamingStar\HiDownload_Platinum\HiDownloadPlatinum.exe
AppInit_DLLs-X64: C:\Windows\SysWOW64\appinit_dll.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Niall\AppData\Roaming\Mozilla\Firefox\Profiles\w26v9urq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
FF - plugin: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Users\Niall\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Niall\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll
FF - plugin: C:\Windows\system32\npDeployJava1.dll
FF - plugin: C:\Windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\system32\DRIVERS\asahci64.sys --> C:\Windows\system32\DRIVERS\asahci64.sys [?]
R0 AsrRamDisk;AsrRamDisk;C:\Windows\system32\DRIVERS\AsrRamDisk.sys --> C:\Windows\system32\DRIVERS\AsrRamDisk.sys [?]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\system32\DRIVERS\iusb3hcs.sys --> C:\Windows\system32\DRIVERS\iusb3hcs.sys [?]
R1 AsrAppCharger;AsrAppCharger;C:\Windows\system32\DRIVERS\AsrAppCharger.sys --> C:\Windows\system32\DRIVERS\AsrAppCharger.sys [?]
R1 FNETURPX;FNETURPX;C:\Windows\system32\drivers\FNETURPX.SYS --> C:\Windows\system32\drivers\FNETURPX.SYS [?]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944]
R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-5 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-5-5 121344]
R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2012-2-9 133632]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-5-5 161560]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-24 1262400]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-5 363800]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\system32\DRIVERS\ikbevent.sys --> C:\Windows\system32\DRIVERS\ikbevent.sys [?]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\system32\DRIVERS\imsevent.sys --> C:\Windows\system32\DRIVERS\imsevent.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\system32\DRIVERS\ISCTD64.sys --> C:\Windows\system32\DRIVERS\ISCTD64.sys [?]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\iusb3hub.sys --> C:\Windows\system32\DRIVERS\iusb3hub.sys [?]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\DRIVERS\iusb3xhc.sys --> C:\Windows\system32\DRIVERS\iusb3xhc.sys [?]
R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-27 14648]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 VirtuWDDM;VirtuWDDM;C:\Windows\system32\DRIVERS\VirtuWDDM.sys --> C:\Windows\system32\DRIVERS\VirtuWDDM.sys [?]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\system32\drivers\WPRO_41_2001.sys --> C:\Windows\system32\drivers\WPRO_41_2001.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 FNETTBOH_305;FNETTBOH_305;C:\Windows\system32\drivers\FNETTBOH_305.SYS --> C:\Windows\system32\drivers\FNETTBOH_305.SYS [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem [2012-5-24 670816]
.
=============== Created Last 30 ================
.
2012-05-29 16:41:44 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3AF76D71-4222-4CB2-84AC-58A046AFDDE2}\mpengine.dll
2012-05-25 17:44:46 -------- d-----w- C:\Program Files\CCleaner
2012-05-24 08:07:08 -------- d-----w- C:\Windows\SysWow64\NV
2012-05-24 08:07:08 -------- d-----w- C:\Windows\System32\NV
2012-05-24 08:04:38 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-05-24 08:04:38 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-05-24 08:04:38 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-05-24 08:04:38 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-05-24 08:04:38 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-05-24 08:04:38 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-05-24 08:04:38 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-05-24 08:04:20 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-05-23 18:03:58 670816 ----a-w- C:\Windows\SysWow64\xsherlock.xem
2012-05-23 17:39:25 230920 ----a-w- C:\Windows\SysWow64\EPWZCmnCtrl.dll
2012-05-23 12:50:02 -------- d-----w- C:\ProgramData\WEBZEN
2012-05-23 12:45:55 -------- d-----w- C:\Windows\DEA314C409294250BC9298E4C105F28D.TMP
2012-05-23 12:45:36 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-05-23 12:39:26 -------- d-----w- C:\Program Files (x86)\WEBZEN
2012-05-23 02:19:33 -------- d-----w- C:\Downloads
2012-05-23 02:01:47 -------- d-----w- C:\Users\Niall\AppData\Roaming\FlashGet
2012-05-23 02:01:43 -------- d-----w- C:\Program Files (x86)\FlashGet
2012-05-18 23:09:17 66336 ----a-w- C:\Windows\System32\drivers\VirtuWDDM.sys
2012-05-18 23:09:16 475424 ----a-w- C:\Windows\System32\appinit_dll.dll
2012-05-18 23:09:16 429856 ----a-w- C:\Windows\SysWow64\appinit_dll.dll
2012-05-18 23:09:16 -------- d-----w- C:\Program Files\Lucidlogix Technologies
2012-05-18 22:29:05 -------- d-----w- C:\Users\Niall\AppData\Roaming\dclogs
2012-05-18 20:29:18 -------- d-----w- C:\Program Files (x86)\Nicolas Games
2012-05-16 16:11:25 23816 ----a-w- C:\Windows\System32\drivers\cpuz135_x64.sys
2012-05-16 16:11:24 -------- d-----w- C:\Program Files\CPUID
2012-05-15 00:59:14 -------- d-----w- C:\Users\Niall\AppData\Local\DFX
2012-05-15 00:58:57 -------- d-----w- C:\ProgramData\DFX
2012-05-15 00:58:56 -------- d-----w- C:\Program Files (x86)\DFX
2012-05-15 00:58:56 -------- d-----w- C:\Program Files (x86)\Common Files\DFX
2012-05-14 18:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-05-14 12:23:44 955848 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-05-14 12:23:44 839112 ----a-w- C:\Windows\System32\deployJava1.dll
2012-05-14 09:00:24 -------- d-----w- C:\Users\Niall\AppData\Local\Facebook
2012-05-12 12:46:06 -------- d-----w- C:\Games
2012-05-12 12:44:21 -------- d-----w- C:\Users\Niall\AppData\Local\Black_Tree_Gaming
2012-05-12 12:44:19 -------- d-----w- C:\Program Files\Nexus Mod Manager
2012-05-12 10:48:04 -------- d-----w- C:\Users\Niall\AppData\Local\ElevatedDiagnostics
2012-05-12 08:59:17 -------- d-----w- C:\Users\Niall\AppData\Roaming\Splashtop
2012-05-11 15:06:54 -------- d-----w- C:\Users\Niall\AppData\Roaming\Mirillis
2012-05-11 15:06:54 -------- d-----w- C:\Users\Niall\AppData\Local\Mirillis
2012-05-11 15:06:54 -------- d-----w- C:\ProgramData\Mirillis
2012-05-11 15:05:20 -------- d-----w- C:\Program Files (x86)\Mirillis
2012-05-10 09:28:08 94656 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmp
2012-05-09 11:16:48 -------- d-----w- C:\Program Files (x86)\Tantra-Extreme
2012-05-08 15:10:14 -------- d-----w- C:\Users\Niall\AppData\Local\Microsoft Games
2012-05-07 17:20:51 -------- d-----w- C:\Program Files (x86)\CherryDeGames
2012-05-07 13:53:39 -------- d-----w- C:\Users\Niall\AppData\Local\ESET
2012-05-07 04:48:02 -------- d-----w- C:\Users\Niall\AppData\Local\SKIDROW
2012-05-07 04:37:18 -------- d-----w- C:\Program Files (x86)\Black_Box
2012-05-07 04:21:18 -------- d-----w- C:\Windows\SysWow64\xlive
2012-05-07 04:21:16 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-05-07 04:16:03 -------- d-----w- C:\Program Files (x86)\Capcom
2012-05-06 23:17:55 -------- d-----w- C:\Program Files (x86)\Duke Nukem Forever
2012-05-06 23:14:58 -------- d-----w- C:\Program Files (x86)\Total Video Converter
2012-05-06 23:11:18 -------- d-----w- C:\Program Files (x86)\WinPcap
2012-05-06 23:10:09 -------- d-----w- C:\Program Files (x86)\StreamingStar
2012-05-06 10:53:59 -------- d-----w- C:\Windows\System32\appmgmt
2012-05-06 10:26:03 -------- d-----w- C:\Users\Niall\AppData\Local\CrashDumps
2012-05-06 10:25:49 60416 ----a-w- C:\Windows\ALCFDRTM.VER
2012-05-06 09:55:39 -------- d-----w- C:\Users\Niall\AppData\Local\EA Games
2012-05-06 09:33:44 -------- d-----w- C:\Users\Niall\AppData\Roaming\WinZip
2012-05-06 09:30:33 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-05-06 09:29:27 -------- d-----w- C:\Users\Niall\AppData\Roaming\uTorrent
2012-05-05 18:52:45 -------- d-----w- C:\Program Files (x86)\MSI Kombustor
2012-05-05 18:44:18 110592 ----a-w- C:\Windows\System32\rtvcvfw32.dll
2012-05-05 18:44:15 -------- d-----w- C:\Program Files (x86)\MSI Afterburner
2012-05-05 18:14:38 -------- d-----w- C:\Program Files (x86)\Winamp Detect
2012-05-05 18:14:31 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2012-05-05 18:13:16 -------- d-----w- C:\Program Files\Media Player Classic - Home Cinema
2012-05-05 18:05:18 -------- d-----w- C:\Users\Niall\AppData\Local\Skyrim
2012-05-05 18:03:16 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
2012-05-05 18:03:16 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
2012-05-05 18:03:16 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll
2012-05-05 18:03:16 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
2012-05-05 18:03:15 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll
2012-05-05 18:03:15 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2012-05-05 17:59:51 -------- d-----w- C:\Program Files (x86)\The Elder Scrolls V Skyrim
2012-05-05 17:56:38 513080 ----a-w- C:\Windows\System32\drivers\sptd.sys
2012-05-05 17:56:30 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2012-05-05 17:55:27 -------- d-----w- C:\Users\Niall\AppData\Roaming\DAEMON Tools Lite
2012-05-05 17:55:27 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2012-05-05 17:53:01 -------- d-----w- C:\Windows\SysWow64\Adobe
2012-05-05 17:38:01 -------- d-----w- C:\Users\Niall\AppData\Roaming\NVIDIA
2012-05-05 17:19:27 -------- d-----w- C:\Windows\Panther
2012-05-05 11:50:00 -------- d-----w- C:\Windows\SysWow64\directx
2012-05-05 11:36:21 -------- d-----w- C:\NVIDIA
2012-05-05 10:48:44 -------- d-----w- C:\Program Files\ESET
2012-05-05 06:06:29 -------- d-----w- C:\Users\Niall\AppData\Local\Mozilla
2012-05-05 06:06:26 -------- d-----w- C:\Program Files\Waterfox
2012-05-05 06:05:51 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-05 06:05:51 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-05 06:01:40 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 06:01:40 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 05:49:48 -------- d-----w- C:\Program Files (x86)\Yahoo!
2012-05-05 04:55:11 -------- d-----w- C:\Windows\SysWow64\Wat
2012-05-05 04:55:11 -------- d-----w- C:\Windows\System32\Wat
2012-05-05 03:18:26 -------- d-----w- C:\Users\Niall\AppData\Local\Adobe
2012-05-05 03:14:48 -------- d-sha-r- C:\ProgramData\Key-Base
2012-05-05 03:11:02 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-05-05 03:11:01 -------- d-----w- C:\Program Files\NVIDIA Corporation
2012-05-05 03:05:15 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-05-05 03:05:15 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-05-05 03:05:15 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-05-05 03:05:14 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-05-05 03:05:14 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-05-05 03:05:14 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-05-05 03:05:14 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-05-05 02:05:20 -------- d-----w- C:\Users\Niall\AppData\Local\Google
2012-05-05 02:04:52 -------- d-----w- C:\Users\Niall\AppData\Local\Deployment
2012-05-05 02:04:52 -------- d-----w- C:\Users\Niall\AppData\Local\Apps
2012-05-05 02:00:07 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2012-05-05 02:00:07 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
2012-05-05 02:00:07 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2012-05-05 02:00:07 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2012-05-05 02:00:07 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2012-05-05 02:00:07 1118720 ----a-w- C:\Windows\System32\sbe.dll
2012-05-05 01:58:59 642944 ----a-w- C:\Windows\System32\winload.efi
2012-05-05 01:44:10 32320 ----a-w- C:\Windows\System32\drivers\FNETTBOH_305.SYS
2012-05-05 01:43:52 -------- d-----w- C:\ProgramData\DeviceVM
2012-05-05 01:42:38 -------- d-----w- C:\ProgramData\Norton
2012-05-05 01:42:16 -------- d-----w- C:\ProgramData\NortonInstaller
2012-05-05 01:42:13 -------- d--h--w- C:\ProgramData\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3}
2012-05-05 01:42:13 -------- d-----w- C:\Users\Niall\AppData\Roaming\DeviceVm
2012-05-05 01:41:56 -------- d-----w- C:\Users\Niall\AppData\Local\Cyberlink
2012-05-05 01:38:54 1632128 ----a-w- C:\Windows\System32\drivers\cfosspeed6.sys
2012-05-05 01:38:54 -------- d-----w- C:\Users\Niall\AppData\Local\cFos
2012-05-05 01:38:54 -------- d-----w- C:\Program Files\ASRock
2012-05-05 01:38:48 -------- d-----w- C:\ProgramData\cFos
2012-05-05 01:38:45 15936 ----a-w- C:\Windows\System32\drivers\FNETURPX.SYS
2012-05-05 01:38:45 -------- d-----w- C:\ProgramData\FNET
2012-05-05 01:38:41 -------- d-----w- C:\Program Files (x86)\XFastUSB
2012-05-05 01:38:38 31016 ----a-w- C:\Windows\System32\drivers\AsrRamDisk.sys
2012-05-05 01:38:30 -------- d-----w- C:\Program Files (x86)\ASRock Utility
2012-05-05 01:38:25 17192 ----a-w- C:\Windows\System32\drivers\AsrAppCharger.sys
2012-05-05 01:38:25 -------- d-----w- C:\Program Files\ASRock Utility
2012-05-05 01:37:35 -------- d-----w- C:\Users\Niall\Lucidlogix
2012-05-05 01:37:19 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys
2012-05-05 01:35:52 -------- d-----w- C:\Program Files (x86)\ASM106xSATA
2012-05-05 01:35:35 41984 ----a-w- C:\Windows\System32\drivers\USB3Ver.dll
2012-05-05 01:34:13 15128 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2012-05-05 01:33:35 -------- d-sh--w- C:\Windows\Installer
2012-05-05 01:33:24 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2012-05-05 01:33:22 60184 ----a-w- C:\Windows\System32\drivers\HECIx64.sys
2012-05-05 01:33:14 -------- d-----w- C:\Users\Niall\AppData\Roaming\Intel Corporation
2012-05-05 01:31:26 568600 ----a-w- C:\Windows\System32\drivers\iaStor.sys
2012-05-05 01:29:27 -------- d-----w- C:\Program Files\Common Files\Intel
2012-05-05 01:29:25 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2012-05-05 01:27:40 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2012-05-05 01:27:36 -------- d-----w- C:\Intel
2012-05-05 01:06:53 -------- d-----w- C:\dl4
2012-05-04 10:51:09 331264 ----a-w- C:\Windows\System32\drivers\IntcDAud.sys
2012-05-04 10:51:09 14848 ----a-w- C:\Windows\System32\IntcDAuC.dll
2012-05-04 10:50:52 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2618.dll
2012-05-04 10:50:52 524800 ----a-w- C:\Windows\System32\iglhsip64.dll
2012-05-04 10:50:52 519680 ----a-w- C:\Windows\SysWow64\iglhsip32.dll
2012-05-04 10:50:50 63488 ----a-w- C:\Windows\System32\igfxsrvc.dll
2012-05-04 10:50:46 386560 ----a-w- C:\Windows\System32\igfxpph.dll
2012-05-04 10:50:45 434688 ----a-w- C:\Windows\System32\igfxdev.dll
2012-05-04 10:50:19 94208 ----a-w- C:\Windows\System32\IccLibDll_x64.dll
2012-05-04 10:50:19 110592 ----a-w- C:\Windows\System32\hccutils.dll
2012-05-04 10:50:10 787736 ----a-w- C:\Windows\System32\drivers\iusb3xhc.sys
2012-05-04 10:50:09 356120 ----a-w- C:\Windows\System32\drivers\iusb3hub.sys
2012-05-04 10:50:09 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2012-05-04 10:50:09 16152 ----a-w- C:\Windows\System32\drivers\iusb3hcs.sys
.
==================== Find3M ====================
.
2012-05-05 04:54:12 91648 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe
2012-04-18 17:08:08 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-04-18 17:08:03 188736 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-04-18 17:08:02 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2012-04-08 23:47:14 92160 ----a-w- C:\Windows\System32\ff_vfw.dll
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-27 09:03:36 4015592 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2012-03-20 02:47:20 3608680 ----a-w- C:\Windows\System32\RtkAPO64.dll
2012-03-19 15:44:20 5888792 ----a-w- C:\Windows\System32\GfxUI.exe
2012-03-19 15:44:20 509720 ----a-w- C:\Windows\System32\igfxsrvc.exe
2012-03-19 15:44:20 439064 ----a-w- C:\Windows\System32\igfxpers.exe
2012-03-19 15:44:20 398616 ----a-w- C:\Windows\System32\hkcmd.exe
2012-03-19 15:44:20 276248 ----a-w- C:\Windows\SysWow64\IntelCpHeciSvc.exe
2012-03-19 15:44:20 250136 ----a-w- C:\Windows\System32\igfxext.exe
2012-03-19 15:44:20 184600 ----a-w- C:\Windows\System32\difx64.exe
2012-03-19 15:44:20 170264 ----a-w- C:\Windows\System32\igfxtray.exe
2012-03-19 15:42:08 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2696.dll
2012-03-19 15:37:12 755188 ----a-w- C:\Windows\SysWow64\igkrng700.bin
2012-03-19 15:37:12 755188 ----a-w- C:\Windows\System32\igkrng700.bin
2012-03-19 15:37:12 561508 ----a-w- C:\Windows\SysWow64\igfcg700m.bin
2012-03-19 15:37:12 561508 ----a-w- C:\Windows\System32\igfcg700m.bin
2012-03-19 15:32:04 14745600 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys
2012-03-19 15:31:56 8087040 ----a-w- C:\Windows\System32\igdumd64.dll
2012-03-19 15:31:14 79360 ----a-w- C:\Windows\System32\igdde64.dll
2012-03-19 15:26:56 6120960 ----a-w- C:\Windows\SysWow64\igdumd32.dll
2012-03-19 15:25:58 58880 ----a-w- C:\Windows\SysWow64\igdde32.dll
2012-03-19 15:22:10 9605632 ----a-w- C:\Windows\System32\igd10umd64.dll
2012-03-19 15:11:38 7795200 ----a-w- C:\Windows\SysWow64\igd10umd32.dll
2012-03-19 15:03:34 3749888 ----a-w- C:\Windows\System32\igdbcl64.dll
2012-03-19 15:03:32 591872 ----a-w- C:\Windows\System32\igdrcl64.dll
2012-03-19 15:03:30 236544 ----a-w- C:\Windows\System32\IntelOpenCL64.dll
2012-03-19 15:00:46 518144 ----a-w- C:\Windows\SysWow64\igdrcl32.dll
2012-03-19 15:00:32 2866688 ----a-w- C:\Windows\SysWow64\igdbcl32.dll
2012-03-19 15:00:28 188416 ----a-w- C:\Windows\SysWow64\IntelOpenCL32.dll
2012-03-19 14:55:04 28992000 ----a-w- C:\Windows\System32\igdfcl64.dll
2012-03-19 14:43:16 23460864 ----a-w- C:\Windows\SysWow64\igdfcl32.dll
2012-03-19 14:33:42 17226240 ----a-w- C:\Windows\System32\ig7icd64.dll
2012-03-19 14:23:38 13024256 ----a-w- C:\Windows\SysWow64\ig7icd32.dll
2012-03-19 14:17:56 28672 ----a-w- C:\Windows\System32\igfxexps.dll
2012-03-19 14:17:14 9216 ----a-w- C:\Windows\System32\IGFXDEVLib.dll
2012-03-19 14:17:14 172032 ----a-w- C:\Windows\System32\gfxSrvc.dll
2012-03-19 14:16:40 286208 ----a-w- C:\Windows\System32\igfxrenu.lrc
2012-03-19 14:16:38 142336 ----a-w- C:\Windows\System32\igfxdo.dll
2012-03-19 14:16:36 9007616 ----a-w- C:\Windows\System32\igfxress.dll
2012-03-19 14:12:06 25088 ----a-w- C:\Windows\SysWow64\igfxexps32.dll
2012-03-19 14:11:22 325120 ----a-w- C:\Windows\SysWow64\igfxdv32.dll
2012-03-19 14:09:08 2967040 ----a-w- C:\Windows\System32\igfxcmjit64.dll
2012-03-19 14:09:08 237056 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll
2012-03-19 14:09:08 2321408 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll
2012-03-19 14:09:08 213504 ----a-w- C:\Windows\System32\iglhcp64.dll
2012-03-19 14:09:08 193024 ----a-w- C:\Windows\System32\igfxcmrt64.dll
2012-03-19 14:09:08 177152 ----a-w- C:\Windows\SysWow64\iglhcp32.dll
2012-03-19 11:01:20 102504 ----a-w- C:\Windows\System32\RCoInstII64.dll
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-03-16 08:25:58 2670696 ----a-w- C:\Windows\System32\RtPgEx64.dll
2012-03-13 03:21:10 1251432 ----a-w- C:\Windows\System32\RTCOM64.dll
2012-03-08 03:47:24 108640 ----a-w- C:\Windows\System32\AERTAR64.dll
2012-03-08 03:47:08 202336 ----a-w- C:\Windows\System32\AERTAC64.dll
2012-03-07 03:09:28 824424 ----a-w- C:\Windows\System32\RtkApi64.dll
2012-03-03 06:35:38 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-03 05:31:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
.
============= FINISH: 17:40:24.64 ===============

#3 gakkbu

gakkbu
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 31 May 2012 - 04:50 AM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 5/5/2012 9:24:21 AM
System Uptime: 5/31/2012 5:36:27 PM (0 hours ago)
.
Motherboard: ASRock | | H77 Pro4/MVP
Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz | CPUSocket | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 258.403 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 152.839 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP47: 5/19/2012 4:29:13 AM - Installed Afterfall InSanity.
RP48: 5/22/2012 2:43:18 PM - Windows Update
RP49: 5/23/2012 8:45:41 PM - Installed NVIDIA PhysX
RP50: 5/23/2012 8:50:03 PM - Installed WEBZEN Browser Extension
RP51: 5/24/2012 1:08:34 AM - Restore Operation
RP52: 5/24/2012 1:39:16 AM - Installed WEBZEN Browser Extension
RP53: 5/25/2012 4:51:15 PM - Windows Update
RP54: 5/30/2012 12:41:30 AM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.1
Adobe Shockwave Player 11.5
Afterfall InSanity
Asmedia ASM106x SATA Host Controller Driver
ASRock eXtreme Tuner v0.1.188
ASRock InstantBoot v1.29
Binary Domain version 1.02
C9
CyberLink MediaEspresso
DAEMON Tools Lite
DFX
Facebook Messenger 2.1.4520.0
FlashGet 1.9.6.1073
Google Chrome
HiDownloadPlatinum
Intel® Control Center
Intel® Manageability Engine Firmware Recovery Agent
Intel® Management Engine Components
Intel® OpenCL CPU Runtime
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® USB 3.0 eXtensible Host Controller Driver
Java Auto Updater
Java™ 6 Update 32
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSI Afterburner 2.1.0
MSI Kombustor 2.0.0
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Resident Evil: Operation Raccoon City
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Splash PRO EX
THX TruStudio
Total Video Converter 3.71 100812
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
WEBZEN Browser Extension
Winamp
Winamp Detector Plug-in
WinPcap 4.1.1
XFastUSB
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
5/31/2012 5:37:24 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
5/31/2012 5:36:54 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/31/2012 5:36:54 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
5/31/2012 5:36:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
5/30/2012 9:04:22 PM, Error: Service Control Manager [7000] - The vtany service failed to start due to the following error: This driver has been blocked from loading
5/30/2012 9:04:22 PM, Error: Application Popup [1060] - \??\C:\Windows\vtany.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
5/28/2012 6:14:53 AM, Error: Disk [11] - The driver detected a controller error on \...\DR2.
5/24/2012 2:09:08 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
5/24/2012 12:59:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/24/2012 12:58:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
5/24/2012 12:56:27 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
5/24/2012 12:56:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/24/2012 12:56:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/24/2012 12:56:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/24/2012 12:56:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/24/2012 12:56:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/24/2012 12:56:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/24/2012 12:56:12 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsrAppCharger cdrom cFosSpeed CSC DfsC discache ehdrv NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf
5/24/2012 12:56:12 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/24/2012 12:56:12 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/24/2012 12:56:12 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/24/2012 12:56:12 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/24/2012 12:56:12 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/24/2012 12:56:12 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
5/24/2012 12:56:12 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/24/2012 12:56:12 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/24/2012 12:56:12 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/24/2012 12:56:12 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/24/2012 12:55:50 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
5/24/2012 1:08:49 AM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
5/24/2012 1:08:49 AM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
5/24/2012 1:08:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
5/24/2012 1:08:16 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
.
==== End Of File ===========================

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:33 PM

Posted 03 June 2012 - 12:44 PM

Hi,

Please run the following:


download Farbar Recovery Scan Tool and save it to a flash drive.

(you need the 64bit version)

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:33 PM

Posted 08 June 2012 - 07:52 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users