Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects/trojan horse.Dropper.Generic_c.MMI


  • This topic is locked This topic is locked
19 replies to this topic

#1 Ch2is

Ch2is

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 21 July 2012 - 05:33 PM

was told to Create a topic here, here is my old thread for reference, http://www.bleepingcomputer.com/forums/topic461723.html/page__gopid__2774014#entry2774014





TDSSKiller log:

15:08:37.0684 2372 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
15:08:37.0965 2372 ============================================================
15:08:37.0965 2372 Current date / time: 2012/07/21 15:08:37.0965
15:08:37.0965 2372 SystemInfo:
15:08:37.0965 2372
15:08:37.0965 2372 OS Version: 6.1.7601 ServicePack: 1.0
15:08:37.0965 2372 Product type: Workstation
15:08:37.0965 2372 ComputerName: CHRIS-PC
15:08:37.0965 2372 UserName: Chris
15:08:37.0965 2372 Windows directory: C:\Windows
15:08:37.0965 2372 System windows directory: C:\Windows
15:08:37.0965 2372 Running under WOW64
15:08:37.0965 2372 Processor architecture: Intel x64
15:08:37.0965 2372 Number of processors: 3
15:08:37.0965 2372 Page size: 0x1000
15:08:37.0965 2372 Boot type: Normal boot
15:08:37.0965 2372 ============================================================
15:08:38.0932 2372 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:08:38.0947 2372 ============================================================
15:08:38.0947 2372 \Device\Harddisk0\DR0:
15:08:38.0947 2372 MBR partitions:
15:08:38.0947 2372 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:08:38.0947 2372 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
15:08:38.0947 2372 ============================================================
15:08:38.0963 2372 C: <-> \Device\Harddisk0\DR0\Partition1
15:08:38.0963 2372 ============================================================
15:08:38.0963 2372 Initialize success
15:08:38.0963 2372 ============================================================
15:09:03.0876 6364 ============================================================
15:09:03.0876 6364 Scan started
15:09:03.0876 6364 Mode: Manual; TDLFS;
15:09:03.0876 6364 ============================================================
15:09:04.0968 6364 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:09:04.0999 6364 1394ohci - ok
15:09:05.0046 6364 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:09:05.0046 6364 ACPI - ok
15:09:05.0077 6364 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:09:05.0077 6364 AcpiPmi - ok
15:09:05.0202 6364 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:09:05.0202 6364 AdobeARMservice - ok
15:09:05.0326 6364 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:09:05.0326 6364 AdobeFlashPlayerUpdateSvc - ok
15:09:05.0389 6364 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:09:05.0389 6364 adp94xx - ok
15:09:05.0420 6364 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:09:05.0420 6364 adpahci - ok
15:09:05.0436 6364 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:09:05.0436 6364 adpu320 - ok
15:09:05.0467 6364 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:09:05.0467 6364 AeLookupSvc - ok
15:09:05.0529 6364 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:09:05.0529 6364 AFD - ok
15:09:05.0545 6364 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:09:05.0560 6364 agp440 - ok
15:09:05.0560 6364 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:09:05.0560 6364 ALG - ok
15:09:05.0592 6364 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:09:05.0592 6364 aliide - ok
15:09:05.0592 6364 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:09:05.0592 6364 amdide - ok
15:09:05.0607 6364 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:09:05.0623 6364 AmdK8 - ok
15:09:05.0654 6364 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:09:05.0654 6364 AmdPPM - ok
15:09:05.0685 6364 amdsata (12a5062c06e03ff70db47800f91c7a13) C:\Windows\system32\DRIVERS\amdsata.sys
15:09:05.0685 6364 amdsata - ok
15:09:05.0716 6364 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:09:05.0716 6364 amdsbs - ok
15:09:05.0732 6364 amdxata (8a7f289b45ceacac761e14d5fac59eb9) C:\Windows\system32\DRIVERS\amdxata.sys
15:09:05.0732 6364 amdxata - ok
15:09:05.0779 6364 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:09:05.0779 6364 AppID - ok
15:09:05.0794 6364 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:09:05.0794 6364 AppIDSvc - ok
15:09:05.0857 6364 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:09:05.0857 6364 Appinfo - ok
15:09:05.0888 6364 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:09:05.0888 6364 AppMgmt - ok
15:09:05.0904 6364 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:09:05.0904 6364 arc - ok
15:09:05.0919 6364 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:09:05.0919 6364 arcsas - ok
15:09:06.0044 6364 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:09:06.0044 6364 aspnet_state - ok
15:09:06.0075 6364 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:09:06.0075 6364 AsyncMac - ok
15:09:06.0122 6364 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:09:06.0122 6364 atapi - ok
15:09:06.0169 6364 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
15:09:06.0169 6364 AtiPcie - ok
15:09:06.0231 6364 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:09:06.0231 6364 AudioEndpointBuilder - ok
15:09:06.0247 6364 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:09:06.0247 6364 AudioSrv - ok
15:09:06.0294 6364 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
15:09:06.0294 6364 AVGIDSHA - ok
15:09:06.0309 6364 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
15:09:06.0309 6364 Avgldx64 - ok
15:09:06.0325 6364 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
15:09:06.0325 6364 Avgmfx64 - ok
15:09:06.0372 6364 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
15:09:06.0372 6364 Avgrkx64 - ok
15:09:06.0481 6364 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
15:09:06.0481 6364 avgwd - ok
15:09:06.0528 6364 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:09:06.0543 6364 AxInstSV - ok
15:09:06.0574 6364 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:09:06.0574 6364 b06bdrv - ok
15:09:06.0606 6364 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:09:06.0606 6364 b57nd60a - ok
15:09:06.0652 6364 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:09:06.0652 6364 BDESVC - ok
15:09:06.0668 6364 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:09:06.0684 6364 Beep - ok
15:09:06.0715 6364 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:09:06.0730 6364 BITS - ok
15:09:06.0746 6364 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:09:06.0746 6364 blbdrive - ok
15:09:06.0793 6364 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:09:06.0793 6364 bowser - ok
15:09:06.0808 6364 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:09:06.0808 6364 BrFiltLo - ok
15:09:06.0824 6364 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:09:06.0824 6364 BrFiltUp - ok
15:09:06.0871 6364 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:09:06.0871 6364 Browser - ok
15:09:06.0886 6364 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:09:06.0902 6364 Brserid - ok
15:09:06.0902 6364 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:09:06.0902 6364 BrSerWdm - ok
15:09:06.0918 6364 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:09:06.0918 6364 BrUsbMdm - ok
15:09:06.0933 6364 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:09:06.0933 6364 BrUsbSer - ok
15:09:06.0933 6364 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:09:06.0949 6364 BTHMODEM - ok
15:09:06.0964 6364 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:09:06.0964 6364 bthserv - ok
15:09:06.0980 6364 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:09:06.0980 6364 cdfs - ok
15:09:07.0042 6364 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:09:07.0042 6364 cdrom - ok
15:09:07.0214 6364 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:09:07.0214 6364 CertPropSvc - ok
15:09:07.0214 6364 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:09:07.0214 6364 circlass - ok
15:09:07.0245 6364 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:09:07.0261 6364 CLFS - ok
15:09:07.0308 6364 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:09:07.0323 6364 clr_optimization_v2.0.50727_32 - ok
15:09:07.0370 6364 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:09:07.0370 6364 clr_optimization_v2.0.50727_64 - ok
15:09:07.0464 6364 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:09:07.0464 6364 clr_optimization_v4.0.30319_32 - ok
15:09:07.0510 6364 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:09:07.0526 6364 clr_optimization_v4.0.30319_64 - ok
15:09:07.0526 6364 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:09:07.0542 6364 CmBatt - ok
15:09:07.0573 6364 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:09:07.0573 6364 cmdide - ok
15:09:07.0620 6364 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
15:09:07.0620 6364 CNG - ok
15:09:07.0635 6364 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:09:07.0635 6364 Compbatt - ok
15:09:07.0651 6364 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:09:07.0651 6364 CompositeBus - ok
15:09:07.0666 6364 COMSysApp - ok
15:09:07.0682 6364 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:09:07.0682 6364 crcdisk - ok
15:09:07.0729 6364 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
15:09:07.0729 6364 CryptSvc - ok
15:09:07.0854 6364 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:09:07.0854 6364 CSC - ok
15:09:07.0916 6364 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:09:07.0916 6364 CscService - ok
15:09:07.0978 6364 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:09:07.0978 6364 DcomLaunch - ok
15:09:08.0025 6364 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:09:08.0025 6364 defragsvc - ok
15:09:08.0088 6364 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:09:08.0088 6364 DfsC - ok
15:09:08.0119 6364 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:09:08.0134 6364 Dhcp - ok
15:09:08.0150 6364 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:09:08.0150 6364 discache - ok
15:09:08.0181 6364 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:09:08.0181 6364 Disk - ok
15:09:08.0228 6364 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:09:08.0244 6364 Dnscache - ok
15:09:08.0290 6364 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:09:08.0290 6364 dot3svc - ok
15:09:08.0337 6364 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:09:08.0337 6364 DPS - ok
15:09:08.0353 6364 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:09:08.0353 6364 drmkaud - ok
15:09:08.0415 6364 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:09:08.0415 6364 DXGKrnl - ok
15:09:08.0446 6364 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:09:08.0446 6364 EapHost - ok
15:09:08.0556 6364 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:09:08.0587 6364 ebdrv - ok
15:09:08.0680 6364 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:09:08.0680 6364 EFS - ok
15:09:08.0758 6364 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:09:08.0758 6364 ehRecvr - ok
15:09:08.0790 6364 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:09:08.0790 6364 ehSched - ok
15:09:08.0836 6364 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:09:08.0836 6364 elxstor - ok
15:09:08.0883 6364 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:09:08.0883 6364 ErrDev - ok
15:09:08.0914 6364 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:09:08.0930 6364 EventSystem - ok
15:09:08.0946 6364 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:09:08.0946 6364 exfat - ok
15:09:08.0977 6364 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:09:08.0977 6364 fastfat - ok
15:09:09.0039 6364 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:09:09.0055 6364 Fax - ok
15:09:09.0070 6364 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:09:09.0070 6364 fdc - ok
15:09:09.0086 6364 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:09:09.0086 6364 fdPHost - ok
15:09:09.0102 6364 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:09:09.0102 6364 FDResPub - ok
15:09:09.0117 6364 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:09:09.0117 6364 FileInfo - ok
15:09:09.0133 6364 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:09:09.0133 6364 Filetrace - ok
15:09:09.0148 6364 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:09:09.0148 6364 flpydisk - ok
15:09:09.0164 6364 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:09:09.0180 6364 FltMgr - ok
15:09:09.0242 6364 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:09:09.0242 6364 FontCache - ok
15:09:09.0336 6364 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:09:09.0336 6364 FontCache3.0.0.0 - ok
15:09:09.0367 6364 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:09:09.0367 6364 FsDepends - ok
15:09:09.0398 6364 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:09:09.0398 6364 Fs_Rec - ok
15:09:09.0445 6364 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:09:09.0460 6364 fvevol - ok
15:09:09.0476 6364 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:09:09.0476 6364 gagp30kx - ok
15:09:09.0492 6364 GMSIPCI - ok
15:09:09.0554 6364 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:09:09.0570 6364 gpsvc - ok
15:09:09.0679 6364 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:09:09.0679 6364 gupdate - ok
15:09:09.0694 6364 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:09:09.0694 6364 gupdatem - ok
15:09:09.0788 6364 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:09:09.0788 6364 hcw85cir - ok
15:09:09.0850 6364 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:09:09.0850 6364 HdAudAddService - ok
15:09:09.0882 6364 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:09:09.0882 6364 HDAudBus - ok
15:09:09.0897 6364 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:09:09.0897 6364 HidBatt - ok
15:09:09.0913 6364 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:09:09.0913 6364 HidBth - ok
15:09:09.0928 6364 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:09:09.0928 6364 HidIr - ok
15:09:09.0944 6364 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:09:09.0944 6364 hidserv - ok
15:09:09.0975 6364 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\drivers\hidusb.sys
15:09:09.0975 6364 HidUsb - ok
15:09:10.0053 6364 HiPatchService (8d1f00f4254c3ef428b715484940427c) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
15:09:10.0053 6364 HiPatchService - ok
15:09:10.0100 6364 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:09:10.0100 6364 hkmsvc - ok
15:09:10.0147 6364 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:09:10.0147 6364 HomeGroupListener - ok
15:09:10.0272 6364 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:09:10.0287 6364 HomeGroupProvider - ok
15:09:10.0381 6364 HP8207_8307 (3015b37029ad15c67ebca5053c422f90) C:\Windows\system32\DRIVERS\HP8207_8307.sys
15:09:10.0412 6364 HP8207_8307 - ok
15:09:10.0521 6364 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:09:10.0521 6364 HpSAMD - ok
15:09:10.0584 6364 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:09:10.0584 6364 HTTP - ok
15:09:10.0599 6364 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:09:10.0599 6364 hwpolicy - ok
15:09:10.0646 6364 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:09:10.0646 6364 i8042prt - ok
15:09:10.0708 6364 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:09:10.0724 6364 iaStorV - ok
15:09:10.0818 6364 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:09:10.0818 6364 idsvc - ok
15:09:10.0849 6364 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:09:10.0849 6364 iirsp - ok
15:09:10.0896 6364 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:09:10.0911 6364 IKEEXT - ok
15:09:10.0927 6364 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:09:10.0927 6364 intelide - ok
15:09:10.0958 6364 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:09:10.0958 6364 intelppm - ok
15:09:10.0974 6364 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:09:10.0974 6364 IPBusEnum - ok
15:09:11.0020 6364 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:09:11.0020 6364 IpFilterDriver - ok
15:09:11.0067 6364 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:09:11.0067 6364 IPMIDRV - ok
15:09:11.0083 6364 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:09:11.0083 6364 IPNAT - ok
15:09:11.0114 6364 irda (05360b1ea5a2abf620d1d96ebd8bd8f1) C:\Windows\system32\DRIVERS\irda.sys
15:09:11.0114 6364 irda - ok
15:09:11.0130 6364 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:09:11.0130 6364 IRENUM - ok
15:09:11.0145 6364 Irmon (3848384ab383f0a8f506c4370635c1f9) C:\Windows\System32\irmon.dll
15:09:11.0145 6364 Irmon - ok
15:09:11.0176 6364 irsir (d2ca12736624ba636f8357dc3ef0757e) C:\Windows\system32\DRIVERS\irsir.sys
15:09:11.0176 6364 irsir - ok
15:09:11.0208 6364 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:09:11.0208 6364 isapnp - ok
15:09:11.0223 6364 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:09:11.0239 6364 iScsiPrt - ok
15:09:11.0254 6364 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:09:11.0254 6364 kbdclass - ok
15:09:11.0286 6364 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\drivers\kbdhid.sys
15:09:11.0286 6364 kbdhid - ok
15:09:11.0410 6364 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:09:11.0410 6364 KeyIso - ok
15:09:11.0800 6364 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
15:09:11.0832 6364 KSecDD - ok
15:09:12.0144 6364 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
15:09:12.0159 6364 KSecPkg - ok
15:09:12.0398 6364 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:09:12.0408 6364 ksthunk - ok
15:09:12.0798 6364 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:09:12.0818 6364 KtmRm - ok
15:09:13.0020 6364 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:09:13.0036 6364 LanmanServer - ok
15:09:13.0114 6364 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:09:13.0130 6364 LanmanWorkstation - ok
15:09:13.0254 6364 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:09:13.0270 6364 lltdio - ok
15:09:13.0535 6364 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:09:13.0535 6364 lltdsvc - ok
15:09:13.0551 6364 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:09:13.0566 6364 lmhosts - ok
15:09:13.0738 6364 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:09:13.0754 6364 LSI_FC - ok
15:09:13.0878 6364 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:09:13.0894 6364 LSI_SAS - ok
15:09:13.0941 6364 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:09:13.0941 6364 LSI_SAS2 - ok
15:09:14.0019 6364 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:09:14.0019 6364 LSI_SCSI - ok
15:09:14.0206 6364 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:09:14.0206 6364 luafv - ok
15:09:14.0378 6364 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
15:09:14.0393 6364 LVPr2M64 - ok
15:09:14.0424 6364 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
15:09:14.0424 6364 LVPr2Mon - ok
15:09:14.0736 6364 LVPrcS64 (9cd0dc863be5d40a762f7d84f11a8471) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
15:09:14.0752 6364 LVPrcS64 - ok
15:09:14.0970 6364 LVRS64 (803085f59ec92b3827cc4d90fcbfd335) C:\Windows\system32\DRIVERS\lvrs64.sys
15:09:14.0986 6364 LVRS64 - ok
15:09:17.0217 6364 LVUVC64 (a8d7c97016e6b76ef472a4c7ab357ee3) C:\Windows\system32\DRIVERS\lvuvc64.sys
15:09:17.0279 6364 LVUVC64 - ok
15:09:18.0293 6364 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
15:09:18.0293 6364 ManyCam - ok
15:09:18.0434 6364 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:09:18.0434 6364 Mcx2Svc - ok
15:09:18.0527 6364 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:09:18.0527 6364 megasas - ok
15:09:19.0338 6364 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:09:19.0354 6364 MegaSR - ok
15:09:19.0448 6364 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:09:19.0448 6364 MMCSS - ok
15:09:19.0588 6364 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:09:19.0604 6364 Modem - ok
15:09:19.0728 6364 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:09:19.0728 6364 monitor - ok
15:09:19.0884 6364 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
15:09:19.0916 6364 mouclass - ok
15:09:19.0994 6364 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:09:19.0994 6364 mouhid - ok
15:09:20.0165 6364 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:09:20.0165 6364 mountmgr - ok
15:09:20.0446 6364 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:09:20.0446 6364 MozillaMaintenance - ok
15:09:20.0477 6364 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:09:20.0493 6364 mpio - ok
15:09:20.0508 6364 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:09:20.0508 6364 mpsdrv - ok
15:09:20.0555 6364 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:09:20.0555 6364 MRxDAV - ok
15:09:20.0586 6364 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:09:20.0586 6364 mrxsmb - ok
15:09:20.0633 6364 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:09:20.0633 6364 mrxsmb10 - ok
15:09:20.0649 6364 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:09:20.0649 6364 mrxsmb20 - ok
15:09:20.0664 6364 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:09:20.0664 6364 msahci - ok
15:09:20.0696 6364 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:09:20.0696 6364 msdsm - ok
15:09:20.0727 6364 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:09:20.0727 6364 MSDTC - ok
15:09:20.0742 6364 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:09:20.0742 6364 Msfs - ok
15:09:20.0758 6364 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:09:20.0758 6364 mshidkmdf - ok
15:09:20.0789 6364 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:09:20.0789 6364 msisadrv - ok
15:09:20.0836 6364 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:09:20.0836 6364 MSiSCSI - ok
15:09:20.0836 6364 msiserver - ok
15:09:20.0867 6364 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:09:20.0867 6364 MSKSSRV - ok
15:09:20.0883 6364 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:09:20.0883 6364 MSPCLOCK - ok
15:09:20.0914 6364 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:09:20.0914 6364 MSPQM - ok
15:09:20.0961 6364 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:09:20.0961 6364 MsRPC - ok
15:09:20.0992 6364 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:09:20.0992 6364 mssmbios - ok
15:09:21.0008 6364 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:09:21.0008 6364 MSTEE - ok
15:09:21.0023 6364 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:09:21.0023 6364 MTConfig - ok
15:09:21.0054 6364 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:09:21.0054 6364 Mup - ok
15:09:21.0101 6364 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:09:21.0101 6364 napagent - ok
15:09:21.0148 6364 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:09:21.0148 6364 NativeWifiP - ok
15:09:21.0195 6364 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:09:21.0210 6364 NDIS - ok
15:09:21.0226 6364 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:09:21.0226 6364 NdisCap - ok
15:09:21.0242 6364 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:09:21.0242 6364 NdisTapi - ok
15:09:21.0273 6364 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:09:21.0288 6364 Ndisuio - ok
15:09:21.0320 6364 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:09:21.0320 6364 NdisWan - ok
15:09:21.0366 6364 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:09:21.0366 6364 NDProxy - ok
15:09:21.0382 6364 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:09:21.0382 6364 NetBIOS - ok
15:09:21.0429 6364 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:09:21.0429 6364 NetBT - ok
15:09:21.0460 6364 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:09:21.0460 6364 Netlogon - ok
15:09:21.0678 6364 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:09:21.0694 6364 Netman - ok
15:09:21.0803 6364 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:09:21.0803 6364 NetMsmqActivator - ok
15:09:21.0819 6364 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:09:21.0819 6364 NetPipeActivator - ok
15:09:21.0881 6364 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:09:21.0881 6364 netprofm - ok
15:09:21.0881 6364 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:09:21.0881 6364 NetTcpActivator - ok
15:09:21.0881 6364 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:09:21.0897 6364 NetTcpPortSharing - ok
15:09:21.0944 6364 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:09:21.0944 6364 nfrd960 - ok
15:09:21.0990 6364 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:09:21.0990 6364 NlaSvc - ok
15:09:22.0022 6364 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:09:22.0022 6364 Npfs - ok
15:09:22.0022 6364 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:09:22.0022 6364 nsi - ok
15:09:22.0037 6364 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:09:22.0037 6364 nsiproxy - ok
15:09:22.0131 6364 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:09:22.0146 6364 Ntfs - ok
15:09:22.0224 6364 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:09:22.0224 6364 Null - ok
15:09:22.0287 6364 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
15:09:22.0287 6364 NVHDA - ok
15:09:22.0692 6364 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:09:22.0802 6364 nvlddmkm - ok
15:09:22.0880 6364 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:09:22.0880 6364 nvraid - ok
15:09:22.0895 6364 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:09:22.0911 6364 nvstor - ok
15:09:22.0989 6364 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
15:09:23.0004 6364 nvsvc - ok
15:09:23.0160 6364 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:09:23.0192 6364 nvUpdatusService - ok
15:09:23.0223 6364 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:09:23.0223 6364 nv_agp - ok
15:09:23.0254 6364 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:09:23.0254 6364 ohci1394 - ok
15:09:23.0316 6364 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:09:23.0316 6364 p2pimsvc - ok
15:09:23.0348 6364 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:09:23.0363 6364 p2psvc - ok
15:09:23.0379 6364 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:09:23.0379 6364 Parport - ok
15:09:23.0426 6364 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:09:23.0426 6364 partmgr - ok
15:09:23.0441 6364 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:09:23.0441 6364 PcaSvc - ok
15:09:23.0504 6364 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:09:23.0504 6364 pci - ok
15:09:23.0535 6364 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:09:23.0535 6364 pciide - ok
15:09:23.0550 6364 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:09:23.0550 6364 pcmcia - ok
15:09:23.0582 6364 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:09:23.0582 6364 pcw - ok
15:09:23.0613 6364 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:09:23.0613 6364 PEAUTH - ok
15:09:23.0675 6364 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:09:23.0691 6364 PeerDistSvc - ok
15:09:23.0769 6364 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:09:23.0769 6364 PerfHost - ok
15:09:23.0894 6364 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:09:23.0909 6364 pla - ok
15:09:24.0003 6364 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:09:24.0003 6364 PlugPlay - ok
15:09:24.0034 6364 PnkBstrA - ok
15:09:24.0081 6364 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:09:24.0081 6364 PNRPAutoReg - ok
15:09:24.0112 6364 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:09:24.0112 6364 PNRPsvc - ok
15:09:24.0128 6364 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:09:24.0143 6364 PolicyAgent - ok
15:09:24.0174 6364 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:09:24.0174 6364 Power - ok
15:09:24.0237 6364 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:09:24.0237 6364 PptpMiniport - ok
15:09:24.0268 6364 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:09:24.0268 6364 Processor - ok
15:09:24.0315 6364 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
15:09:24.0315 6364 ProfSvc - ok
15:09:24.0362 6364 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:09:24.0362 6364 ProtectedStorage - ok
15:09:24.0408 6364 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:09:24.0408 6364 Psched - ok
15:09:24.0471 6364 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:09:24.0486 6364 ql2300 - ok
15:09:24.0564 6364 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:09:24.0564 6364 ql40xx - ok
15:09:24.0580 6364 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:09:24.0596 6364 QWAVE - ok
15:09:24.0596 6364 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:09:24.0596 6364 QWAVEdrv - ok
15:09:24.0611 6364 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:09:24.0611 6364 RasAcd - ok
15:09:24.0642 6364 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:09:24.0642 6364 RasAgileVpn - ok
15:09:24.0658 6364 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:09:24.0658 6364 RasAuto - ok
15:09:24.0783 6364 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:09:24.0783 6364 Rasl2tp - ok
15:09:24.0845 6364 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:09:24.0845 6364 RasMan - ok
15:09:24.0861 6364 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:09:24.0861 6364 RasPppoe - ok
15:09:24.0876 6364 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:09:24.0876 6364 RasSstp - ok
15:09:24.0892 6364 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:09:24.0892 6364 rdbss - ok
15:09:24.0923 6364 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:09:24.0923 6364 rdpbus - ok
15:09:24.0923 6364 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:09:24.0923 6364 RDPCDD - ok
15:09:25.0001 6364 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:09:25.0001 6364 RDPDR - ok
15:09:25.0017 6364 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:09:25.0017 6364 RDPENCDD - ok
15:09:25.0032 6364 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:09:25.0032 6364 RDPREFMP - ok
15:09:25.0110 6364 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
15:09:25.0110 6364 RdpVideoMiniport - ok
15:09:25.0220 6364 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
15:09:25.0220 6364 RDPWD - ok
15:09:25.0266 6364 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:09:25.0282 6364 rdyboost - ok
15:09:25.0313 6364 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:09:25.0313 6364 RemoteAccess - ok
15:09:25.0329 6364 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:09:25.0329 6364 RemoteRegistry - ok
15:09:25.0329 6364 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:09:25.0344 6364 RpcEptMapper - ok
15:09:25.0344 6364 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:09:25.0344 6364 RpcLocator - ok
15:09:25.0407 6364 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:09:25.0407 6364 RpcSs - ok
15:09:25.0469 6364 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:09:25.0469 6364 rspndr - ok
15:09:25.0500 6364 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:09:25.0500 6364 RTL8167 - ok
15:09:25.0547 6364 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:09:25.0547 6364 s3cap - ok
15:09:25.0594 6364 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:09:25.0594 6364 SamSs - ok
15:09:25.0625 6364 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:09:25.0625 6364 sbp2port - ok
15:09:25.0656 6364 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:09:25.0672 6364 SCardSvr - ok
15:09:25.0703 6364 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:09:25.0703 6364 scfilter - ok
15:09:25.0781 6364 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:09:25.0781 6364 Schedule - ok
15:09:25.0828 6364 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:09:25.0828 6364 SCPolicySvc - ok
15:09:25.0875 6364 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:09:25.0875 6364 SDRSVC - ok
15:09:25.0906 6364 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:09:25.0906 6364 secdrv - ok
15:09:25.0937 6364 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:09:25.0937 6364 seclogon - ok
15:09:25.0953 6364 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:09:25.0953 6364 SENS - ok
15:09:25.0953 6364 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:09:25.0968 6364 SensrSvc - ok
15:09:25.0984 6364 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:09:25.0984 6364 Serenum - ok
15:09:26.0000 6364 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:09:26.0000 6364 Serial - ok
15:09:26.0046 6364 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:09:26.0046 6364 sermouse - ok
15:09:26.0093 6364 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:09:26.0093 6364 SessionEnv - ok
15:09:26.0109 6364 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:09:26.0109 6364 sffdisk - ok
15:09:26.0124 6364 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:09:26.0124 6364 sffp_mmc - ok
15:09:26.0140 6364 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:09:26.0140 6364 sffp_sd - ok
15:09:26.0171 6364 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:09:26.0171 6364 sfloppy - ok
15:09:26.0234 6364 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:09:26.0234 6364 ShellHWDetection - ok
15:09:26.0249 6364 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:09:26.0249 6364 SiSRaid2 - ok
15:09:26.0265 6364 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:09:26.0280 6364 SiSRaid4 - ok
15:09:26.0390 6364 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
15:09:26.0390 6364 SkypeUpdate - ok
15:09:26.0421 6364 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:09:26.0421 6364 Smb - ok
15:09:26.0468 6364 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:09:26.0468 6364 SNMPTRAP - ok
15:09:26.0468 6364 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:09:26.0468 6364 spldr - ok
15:09:26.0499 6364 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:09:26.0514 6364 Spooler - ok
15:09:26.0639 6364 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:09:26.0670 6364 sppsvc - ok
15:09:26.0748 6364 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:09:26.0764 6364 sppuinotify - ok
15:09:26.0826 6364 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:09:26.0826 6364 srv - ok
15:09:26.0873 6364 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:09:26.0873 6364 srv2 - ok
15:09:26.0889 6364 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:09:26.0904 6364 srvnet - ok
15:09:26.0936 6364 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:09:26.0936 6364 SSDPSRV - ok
15:09:26.0951 6364 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:09:26.0951 6364 SstpSvc - ok
15:09:26.0998 6364 Steam Client Service - ok
15:09:27.0123 6364 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:09:27.0123 6364 Stereo Service - ok
15:09:27.0138 6364 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:09:27.0154 6364 stexstor - ok
15:09:27.0216 6364 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:09:27.0232 6364 stisvc - ok
15:09:27.0263 6364 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:09:27.0263 6364 storflt - ok
15:09:27.0279 6364 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:09:27.0294 6364 storvsc - ok
15:09:27.0310 6364 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:09:27.0310 6364 swenum - ok
15:09:27.0357 6364 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:09:27.0357 6364 swprv - ok
15:09:27.0372 6364 Synth3dVsc - ok
15:09:27.0450 6364 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:09:27.0466 6364 SysMain - ok
15:09:27.0840 6364 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:09:27.0840 6364 TabletInputService - ok
15:09:27.0856 6364 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:09:27.0872 6364 TapiSrv - ok
15:09:27.0872 6364 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:09:27.0887 6364 TBS - ok
15:09:27.0981 6364 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:09:27.0996 6364 Tcpip - ok
15:09:28.0090 6364 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:09:28.0106 6364 TCPIP6 - ok
15:09:28.0168 6364 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:09:28.0168 6364 tcpipreg - ok
15:09:28.0199 6364 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:09:28.0199 6364 TDPIPE - ok
15:09:28.0215 6364 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:09:28.0215 6364 TDTCP - ok
15:09:28.0246 6364 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:09:28.0246 6364 tdx - ok
15:09:28.0262 6364 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:09:28.0277 6364 TermDD - ok
15:09:28.0324 6364 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:09:28.0340 6364 TermService - ok
15:09:28.0355 6364 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:09:28.0355 6364 Themes - ok
15:09:28.0386 6364 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:09:28.0386 6364 THREADORDER - ok
15:09:28.0402 6364 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:09:28.0402 6364 TrkWks - ok
15:09:28.0449 6364 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:09:28.0449 6364 TrustedInstaller - ok
15:09:28.0527 6364 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:09:28.0527 6364 tssecsrv - ok
15:09:28.0574 6364 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:09:28.0574 6364 TsUsbFlt - ok
15:09:28.0574 6364 tsusbhub - ok
15:09:28.0636 6364 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:09:28.0636 6364 tunnel - ok
15:09:28.0652 6364 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:09:28.0652 6364 uagp35 - ok
15:09:28.0698 6364 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:09:28.0698 6364 udfs - ok
15:09:28.0730 6364 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:09:28.0730 6364 UI0Detect - ok
15:09:28.0745 6364 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:09:28.0745 6364 uliagpkx - ok
15:09:28.0792 6364 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:09:28.0792 6364 umbus - ok
15:09:28.0823 6364 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:09:28.0823 6364 UmPass - ok
15:09:28.0839 6364 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
15:09:28.0854 6364 UmRdpService - ok
15:09:28.0870 6364 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:09:28.0886 6364 upnphost - ok
15:09:28.0901 6364 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:09:28.0917 6364 usbaudio - ok
15:09:28.0917 6364 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
15:09:28.0932 6364 usbccgp - ok
15:09:28.0948 6364 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:09:28.0948 6364 usbcir - ok
15:09:28.0964 6364 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:09:28.0964 6364 usbehci - ok
15:09:28.0995 6364 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:09:28.0995 6364 usbhub - ok
15:09:29.0010 6364 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
15:09:29.0010 6364 usbohci - ok
15:09:29.0026 6364 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:09:29.0026 6364 usbprint - ok
15:09:29.0073 6364 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:09:29.0073 6364 usbscan - ok
15:09:29.0088 6364 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
15:09:29.0088 6364 USBSTOR - ok
15:09:29.0104 6364 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:09:29.0120 6364 usbuhci - ok
15:09:29.0135 6364 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:09:29.0135 6364 UxSms - ok
15:09:29.0166 6364 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:09:29.0166 6364 VaultSvc - ok
15:09:29.0182 6364 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:09:29.0182 6364 vdrvroot - ok
15:09:29.0229 6364 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:09:29.0244 6364 vds - ok
15:09:29.0260 6364 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:09:29.0260 6364 vga - ok
15:09:29.0276 6364 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:09:29.0276 6364 VgaSave - ok
15:09:29.0291 6364 VGPU - ok
15:09:29.0322 6364 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:09:29.0338 6364 vhdmp - ok
15:09:29.0369 6364 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:09:29.0369 6364 viaide - ok
15:09:29.0400 6364 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:09:29.0400 6364 vmbus - ok
15:09:29.0447 6364 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:09:29.0447 6364 VMBusHID - ok
15:09:29.0478 6364 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:09:29.0478 6364 volmgr - ok
15:09:29.0556 6364 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:09:29.0556 6364 volmgrx - ok
15:09:29.0588 6364 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:09:29.0588 6364 volsnap - ok
15:09:29.0619 6364 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:09:29.0619 6364 vsmraid - ok
15:09:29.0697 6364 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:09:29.0712 6364 VSS - ok
15:09:29.0822 6364 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:09:29.0822 6364 vwifibus - ok
15:09:29.0868 6364 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:09:29.0868 6364 W32Time - ok
15:09:29.0900 6364 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:09:29.0900 6364 WacomPen - ok
15:09:30.0149 6364 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:09:30.0149 6364 WANARP - ok
15:09:30.0196 6364 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:09:30.0196 6364 Wanarpv6 - ok
15:09:30.0274 6364 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:09:30.0383 6364 Suspicious file (NoAccess): C:\Windows\system32\Wat\WatAdminSvc.exe. md5: 3cec96de223e49eaae3651fcf8faea6c
15:09:30.0383 6364 WatAdminSvc ( LockedFile.Multi.Generic ) - warning
15:09:30.0383 6364 WatAdminSvc - detected LockedFile.Multi.Generic (1)
15:09:30.0477 6364 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:09:30.0492 6364 wbengine - ok
15:09:30.0539 6364 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:09:30.0539 6364 WbioSrvc - ok
15:09:30.0586 6364 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:09:30.0586 6364 wcncsvc - ok
15:09:30.0586 6364 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:09:30.0602 6364 WcsPlugInService - ok
15:09:30.0617 6364 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:09:30.0617 6364 Wd - ok
15:09:30.0648 6364 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:09:30.0648 6364 Wdf01000 - ok
15:09:30.0680 6364 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:09:30.0680 6364 WdiServiceHost - ok
15:09:30.0680 6364 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:09:30.0680 6364 WdiSystemHost - ok
15:09:30.0726 6364 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:09:30.0726 6364 WebClient - ok
15:09:30.0742 6364 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:09:30.0758 6364 Wecsvc - ok
15:09:30.0758 6364 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:09:30.0773 6364 wercplsupport - ok
15:09:30.0773 6364 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:09:30.0789 6364 WerSvc - ok
15:09:30.0804 6364 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:09:30.0804 6364 WfpLwf - ok
15:09:30.0820 6364 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:09:30.0820 6364 WIMMount - ok
15:09:30.0836 6364 WinHttpAutoProxySvc - ok
15:09:30.0882 6364 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:09:30.0882 6364 Winmgmt - ok
15:09:30.0976 6364 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:09:31.0007 6364 WinRM - ok
15:09:31.0116 6364 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
15:09:31.0116 6364 WinUSB - ok
15:09:31.0179 6364 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:09:31.0179 6364 Wlansvc - ok
15:09:31.0350 6364 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:09:31.0366 6364 wlidsvc - ok
15:09:31.0397 6364 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:09:31.0397 6364 WmiAcpi - ok
15:09:31.0413 6364 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:09:31.0428 6364 wmiApSrv - ok
15:09:31.0460 6364 WMPNetworkSvc - ok
15:09:31.0616 6364 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) c:\Program Files\Zune\WMZuneComm.exe
15:09:31.0616 6364 WMZuneComm - ok
15:09:31.0647 6364 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:09:31.0662 6364 WPCSvc - ok
15:09:31.0756 6364 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:09:31.0772 6364 WPDBusEnum - ok
15:09:31.0803 6364 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:09:31.0803 6364 ws2ifsl - ok
15:09:31.0803 6364 WSearch - ok
15:09:31.0974 6364 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:09:31.0990 6364 wuauserv - ok
15:09:32.0052 6364 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:09:32.0052 6364 WudfPf - ok
15:09:32.0084 6364 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:09:32.0084 6364 WUDFRd - ok
15:09:32.0130 6364 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:09:32.0130 6364 wudfsvc - ok
15:09:32.0162 6364 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:09:32.0162 6364 WwanSvc - ok
15:09:32.0240 6364 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
15:09:32.0240 6364 xnacc - ok
15:09:32.0318 6364 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
15:09:32.0318 6364 xusb21 - ok
15:09:32.0583 6364 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) c:\Program Files\Zune\ZuneNss.exe
15:09:32.0630 6364 ZuneNetworkSvc - ok
15:09:32.0708 6364 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) c:\Program Files\Zune\ZuneWlanCfgSvc.exe
15:09:32.0708 6364 ZuneWlanCfgSvc - ok
15:09:32.0739 6364 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:09:32.0895 6364 \Device\Harddisk0\DR0 - ok
15:09:32.0910 6364 Boot (0x1200) (9db8fc1bcb62cd8cb56e3b4d5c572d76) \Device\Harddisk0\DR0\Partition0
15:09:32.0910 6364 \Device\Harddisk0\DR0\Partition0 - ok
15:09:32.0910 6364 Boot (0x1200) (64f6d629287e0aaa9caf10b32d438dcb) \Device\Harddisk0\DR0\Partition1
15:09:32.0910 6364 \Device\Harddisk0\DR0\Partition1 - ok
15:09:32.0910 6364 ============================================================
15:09:32.0910 6364 Scan finished
15:09:32.0910 6364 ============================================================
15:09:32.0926 4092 Detected object count: 1
15:09:32.0926 4092 Actual detected object count: 1
15:10:47.0600 4092 WatAdminSvc ( LockedFile.Multi.Generic ) - skipped by user
15:10:47.0600 4092 WatAdminSvc ( LockedFile.Multi.Generic ) - User select action: Skip


aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-21 15:14:47
-----------------------------
15:14:47.530 OS Version: Windows x64 6.1.7601 Service Pack 1
15:14:47.530 Number of processors: 3 586 0x503
15:14:47.530 ComputerName: CHRIS-PC UserName: Chris
15:14:49.651 Initialize success
15:15:57.616 AVAST engine defs: 12072100
15:16:13.419 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000059
15:16:13.419 Disk 0 Vendor: SAMSUNG_ 1AJ1 Size: 953869MB BusType: 11
15:16:13.419 Disk 0 MBR read successfully
15:16:13.419 Disk 0 MBR scan
15:16:13.434 Disk 0 Windows 7 default MBR code
15:16:13.434 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:16:13.450 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
15:16:13.466 Disk 0 scanning C:\Windows\system32\drivers
15:16:23.496 Service scanning
15:16:28.364 Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
15:16:41.686 Modules scanning
15:16:41.686 Disk 0 trace - called modules:
15:16:41.702 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
15:16:42.201 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80079a6060]
15:16:42.201 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa80078d4b70]
15:16:42.201 5 amdxata.sys[fffff880010a28b9] -> nt!IofCallDriver -> \Device\00000059[0xfffffa80078d07c0]
15:16:45.025 AVAST engine scan C:\Windows
15:16:47.411 AVAST engine scan C:\Windows\system32
15:18:47.644 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
15:18:50.062 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
15:20:45.862 AVAST engine scan C:\Windows\system32\drivers
15:21:25.003 AVAST engine scan C:\Users\Chris
15:39:25.750 AVAST engine scan C:\ProgramData
15:53:01.696 Scan finished successfully
15:54:06.189 Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
15:54:06.194 The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"


ESET Online Scanner:

C:\$Recycle.Bin\S-1-5-21-3334649884-616049681-2364208559-1000\$RFN3DVZ.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3334649884-616049681-2364208559-1000\$RIF3Y6H.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Chris\AppData\Local\Apps\AOL\sbcynul.dll a variant of Win32/Kryptik.AIGL trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3600OG2V\PCSpeedMaximizer-auto[1].exe a variant of Win32/SpeedingUpMyPC application cleaned by deleting - quarantined
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PEUU9P1Z\yontoo-b1[1].exe probably a variant of Win32/Adware.GTYBXKQ application cleaned by deleting - quarantined
C:\Users\Chris\AppData\Local\Temp\air18CA.exe a variant of Win32/SpeedingUpMyPC application cleaned by deleting - quarantined
C:\Users\Chris\AppData\Local\Temp\airF1E5.exe probably a variant of Win32/Adware.GTYBXKQ application cleaned by deleting - quarantined
C:\Users\Chris\AppData\Local\Temp\NODFC7E.tmp a variant of Win32/Kryptik.AIGL trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\Chris\AppData\Local\Temp\ICReinstall\cnet2_wcdv_2_1_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-62f33d1a Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Windows\Installer\{1113e04a-9e9d-f085-58fc-05e365fdb631}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{1113e04a-9e9d-f085-58fc-05e365fdb631}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
C:\Windows\Installer\{1113e04a-9e9d-f085-58fc-05e365fdb631}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
Operating memory multiple threats

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:47 PM

Posted 23 July 2012 - 12:59 AM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flash-drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Ch2is

Ch2is
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 23 July 2012 - 02:35 AM

Hi Gringo!

Here here are the text files as you request =]


Scan result of Farbar Recovery Scan Tool Version: 20-07-2012 01
Ran by SYSTEM at 23-07-2012 03:19:00
Running from F:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Mouse Suite 98 Daemon] ICO.EXE [x]
HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [165208 2010-05-07] (Logitech Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [x]
HKLM-x32\...\Run: [OWCWebCamDV] C:\Windows\system\wcdvtray.exe [x]
HKLM-x32\...\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [217256 2011-07-29] (Visicom Media Inc. (Powered by Panda Security))
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKU\Chris\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-08-07] (Valve Corporation)
HKU\Chris\...\Run: [Google Update] "C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-08] (Google Inc.)
HKU\Chris\...\Run: [Facebook Update] "C:\Users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
HKU\Chris\...\Run: [PlayNC Launcher] [x]
HKU\Chris\...\Run: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe" [x]
HKU\Chris\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [x]
HKU\Chris\...\Run: [AOL] rundll32.exe "C:\Users\Chris\AppData\Local\Apps\AOL\sbcynul.dll",CreateInstance [x]
HKU\Chris\...\Run: [The Creative Assembly] rundll32.exe "C:\Users\Chris\AppData\Local\The Creative Assembly\aeubeodr.dll",CPPDebug [303104 2011-11-20] (flashget)
HKU\Mcx1-CHRIS-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 74.128.19.102 74.128.17.114
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HPMonitor.exe.lnk
ShortcutTarget: HPMonitor.exe.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Mouse Suite\hpMonitor.exe (Hewlett-Packard)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\hpwjd.exe.lnk
ShortcutTarget: hpwjd.exe.lnk -> C:\ProgramData\HP Mouse Suite Config\hpwjd.exe (Hewlett-Packard )
Startup: C:\Users\All Users\Start Menu\Programs\Startup\hpwmsd.exe.lnk
ShortcutTarget: hpwmsd.exe.lnk -> C:\ProgramData\HP Mouse Suite Config\hpwmsd.exe (Hewlett-Packard )

==================== Services (Whitelisted) ======

2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 Irmon; C:\Windows\System32\irmon.dll [23552 2009-07-13] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-02-14] ()
3 WatAdminSvc; C:\Windows\System32\Wat\WatAdminSvc.exe [1255736 2011-01-12] ()
3 WMZuneComm; "C:\Program Files\Zune\WMZuneComm.exe" [306400 2011-08-05] (Microsoft Corporation)
3 ZuneNetworkSvc; "C:\Program Files\Zune\ZuneNss.exe" [8277728 2011-08-05] (Microsoft Corporation)
3 ZuneWlanCfgSvc; "C:\Program Files\Zune\ZuneWlanCfgSvc.exe" [467680 2011-08-05] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
3 HP8207_8307; C:\Windows\System32\Drivers\HP8207_8307.sys [15360 2010-02-04] (Windows ® Win 7 DDK provider)
2 irda; C:\Windows\System32\Drivers\irda.sys [120320 2009-07-13] (Microsoft Corporation)
3 irsir; C:\Windows\System32\Drivers\irsir.sys [27648 2008-01-19] (Microsoft Corporation)
3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30304 2010-05-07] ()
3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-22 23:09 - 2012-07-23 03:19 - 00000000 ____D C:\FRST
2012-07-22 23:08 - 2012-07-22 23:08 - 01437781 ____A (Farbar) C:\Users\Chris\Downloads\FRST64.exe
2012-07-22 23:00 - 2012-07-22 23:00 - 00004369 ____A C:\Users\Chris\Desktop\instructions.txt
2012-07-21 22:51 - 2012-05-15 02:48 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-07-21 22:51 - 2012-05-15 02:48 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-07-21 22:51 - 2012-05-15 02:48 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-07-21 22:51 - 2012-05-15 02:48 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-07-21 22:51 - 2012-05-15 02:48 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-07-21 22:51 - 2012-05-15 02:48 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-07-21 22:51 - 2012-05-15 02:48 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-07-21 22:51 - 2012-05-15 02:48 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-07-21 22:51 - 2012-05-15 02:48 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-07-21 22:51 - 2012-05-15 02:48 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-07-21 22:51 - 2012-05-15 02:48 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-07-21 22:51 - 2012-05-15 02:48 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-07-21 22:51 - 2012-05-15 02:48 - 00818496 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2012-07-21 22:51 - 2012-05-15 02:48 - 00364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll
2012-07-21 22:51 - 2012-05-15 02:48 - 00301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
2012-07-21 22:51 - 2012-05-15 02:48 - 00246592 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2012-07-21 22:51 - 2012-05-15 02:48 - 00202048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2012-07-21 22:51 - 2012-04-18 09:08 - 00188736 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2012-07-21 22:51 - 2012-04-18 09:08 - 00031040 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2012-07-21 22:48 - 2012-07-21 22:50 - 168454136 ____A (NVIDIA Corporation) C:\Users\Chris\Downloads\301.42-desktop-win7-winvista-64bit-english-whql.exe
2012-07-21 16:05 - 2012-07-21 16:05 - 00009477 ____A C:\Users\Chris\.recently-used.xbel
2012-07-21 13:15 - 2012-07-21 13:15 - 00002024 ____A C:\Users\Chris\Desktop\es.txt
2012-07-21 11:54 - 2012-07-21 11:54 - 00002165 ____A C:\Users\Chris\Desktop\aswMBR.txt
2012-07-21 11:54 - 2012-07-21 11:54 - 00000512 ____A C:\Users\Chris\Desktop\MBR.dat
2012-07-21 11:37 - 2012-07-21 11:37 - 00000000 ____D C:\Program Files (x86)\ESET
2012-07-21 11:24 - 2012-07-21 11:24 - 02322184 ____A (ESET) C:\Users\Chris\Downloads\esetsmartinstaller_enu.exe
2012-07-21 11:09 - 2012-07-21 11:09 - 04731392 ____A (AVAST Software) C:\Users\Chris\Downloads\aswMBR.exe
2012-07-21 11:08 - 2012-07-21 11:08 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Chris\Downloads\tdsskiller.exe
2012-07-21 00:34 - 2012-07-21 00:34 - 16801656 ____A (Mozilla) C:\Users\Chris\Downloads\Firefox Setup 14.0.1.exe
2012-07-20 22:11 - 2012-07-20 23:50 - 00057234 ____A C:\Users\Chris\Desktop\avgrep.txt
2012-07-20 00:01 - 2007-01-18 19:47 - 00239640 ____A (Primax Electronics Ltd.) C:\Windows\System32\PMUNINST.EXE
2012-07-20 00:01 - 2007-01-11 16:55 - 00202504 ____A C:\Windows\System32\x64.cab
2012-07-20 00:01 - 2007-01-07 19:59 - 00011750 ____A C:\Windows\System32\x64.cat
2012-07-20 00:01 - 2007-01-05 00:33 - 01126912 ____A (Primax Electronics Ltd.) C:\Windows\System32\HPPPM.DLL
2012-07-20 00:01 - 2006-12-05 00:46 - 00007269 ____A C:\Windows\System32\Setup2k.ini
2012-07-20 00:01 - 2006-11-20 22:23 - 01220096 ____A C:\Windows\System32\HPWHEEL.DLL
2012-07-20 00:01 - 2006-11-17 01:23 - 00109568 ____A (Primax Electronics Ltd.) C:\Windows\System32\PELZOOM.DLL
2012-07-20 00:01 - 2006-11-17 00:42 - 01660416 ____A (Primax Electronics Ltd.) C:\Windows\System32\HPBDO.DLL
2012-07-20 00:01 - 2006-11-16 21:00 - 02717696 ____A C:\Windows\System32\XMOUSE.CPL
2012-07-20 00:01 - 2006-11-12 20:18 - 00180224 ____A (Primax Electronics Ltd.) C:\Windows\System32\PELSCRLL.DLL
2012-07-20 00:01 - 2006-11-12 20:14 - 00054272 ____A (Primax Electronics Ltd.) C:\Windows\System32\PELCOMM.DLL
2012-07-20 00:01 - 2006-11-12 20:13 - 00269312 ____A (Primax Electronics Ltd.) C:\Windows\System32\PELUTIL.DLL
2012-07-20 00:01 - 2006-11-12 20:13 - 00189440 ____A (Primax Electronics Ltd.) C:\Windows\System32\PELMICED.EXE
2012-07-20 00:01 - 2006-11-12 20:12 - 00098816 ____A (Primax Electronics Ltd.) C:\Windows\System32\PELHOOKS.DLL
2012-07-20 00:01 - 2006-11-09 02:39 - 00000181 ____A C:\Windows\System32\presetup.ini
2012-07-20 00:01 - 2006-11-09 00:04 - 00027648 ____A (Primax Electronics Ltd.) C:\Windows\System32\Drivers\PELPS2M.SYS
2012-07-20 00:01 - 2006-11-09 00:04 - 00026112 ____A (Primax Electronics Ltd.) C:\Windows\System32\Drivers\PELMOUSE.SYS
2012-07-20 00:01 - 2006-11-09 00:04 - 00023040 ____A (Primax Electronics Ltd.) C:\Windows\System32\Drivers\PELUSBlf.SYS
2012-07-20 00:01 - 2006-10-12 22:47 - 00048128 ____A (Primax Electronics Ltd.) C:\Windows\System32\PMUNINNT.EXE
2012-07-20 00:01 - 2006-09-28 21:37 - 00090624 ____A (Primax Electronics Ltd.) C:\Windows\System32\ICONSPY.EXE
2012-07-20 00:01 - 2006-09-28 21:37 - 00090624 ____A (Primax Electronics Ltd.) C:\Windows\System32\ICO.EXE
2012-07-20 00:01 - 2006-08-07 06:20 - 00009600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\HIDUSB.0
2012-07-20 00:01 - 2006-08-07 06:19 - 00045056 ____A (Primax Electronics Ltd.) C:\Windows\System32\PELRESS.DLL
2012-07-20 00:01 - 2006-08-07 06:19 - 00024576 ____A (Primax Electronics Ltd.) C:\Windows\System32\PELSETUP.DLL
2012-07-20 00:01 - 2005-11-05 15:54 - 00471040 ____A (TODO: <Company name>) C:\Windows\System32\NOTIFIER.DLL
2012-07-20 00:01 - 2005-11-05 15:54 - 00159854 ____A (Primax Electronics Ltd.) C:\Windows\System32\PMARIA.DLL
2012-07-20 00:01 - 2005-11-05 15:54 - 00077824 ____A (Primax Electronics Ltd.) C:\Windows\System32\PMPoPo.DLL
2012-07-20 00:01 - 2005-11-05 15:54 - 00065536 ____A (Primax Electronics Ltd.) C:\Windows\System32\PMIBM.DLL
2012-07-20 00:01 - 2005-11-05 15:54 - 00040960 ____A (Primax Electronics Ltd.) C:\Windows\System32\PMTilt3.DLL
2012-07-20 00:01 - 2005-11-05 15:54 - 00040960 ____A (Primax Electronics Ltd.) C:\Windows\System32\PMPOPO2.dll
2012-07-20 00:01 - 2005-11-05 15:54 - 00003099 ____A C:\Windows\System32\HPMICE.PCX
2012-07-20 00:00 - 2012-07-20 00:00 - 18635048 ____A (Hewlett-Packard ) C:\Users\Chris\Downloads\sp35208.exe
2012-07-20 00:00 - 2012-07-20 00:00 - 00000000 ____D C:\Program Files (x86)\HP Optical USB Mobile Mouse
2012-07-19 23:05 - 2012-07-02 23:19 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-19 21:33 - 2012-07-19 21:33 - 00000000 ____D C:\Windows\System32\SPReview
2012-07-19 21:31 - 2012-07-19 21:31 - 00000000 ____D C:\Windows\System32\EventProviders
2012-07-19 20:02 - 2012-07-19 20:02 - 00000965 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-07-19 20:02 - 2012-07-19 20:02 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-07-19 19:57 - 2012-07-19 19:57 - 03879800 ____A (AVG Technologies) C:\Users\Chris\Downloads\avg_free_stb_all_2012_2197_cnet.exe
2012-07-18 20:47 - 2012-07-18 20:47 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-17 19:51 - 2012-07-19 20:07 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2012-07-17 19:51 - 2012-07-17 19:51 - 00439704 ____A (Yahoo! Inc.) C:\Users\Chris\Downloads\msgr11us.exe
2012-07-17 15:39 - 2012-07-17 15:39 - 00000000 ____D C:\Users\Chris\Documents\Rockstar Games
2012-07-17 15:32 - 2012-07-17 15:32 - 00000000 __SHD C:\Users\All Users\SecuROM
2012-07-17 15:25 - 2012-07-17 15:32 - 00000000 ____D C:\Users\Chris\AppData\Local\Rockstar Games
2012-07-17 15:25 - 2012-07-17 15:25 - 00178800 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2012-07-14 21:07 - 2012-07-15 21:53 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Tropico 4
2012-07-14 20:57 - 2012-07-14 20:57 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Kalypso Media
2012-07-11 23:03 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 23:01 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 23:01 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 23:01 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 23:01 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 23:01 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 23:01 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 23:01 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 23:01 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 23:01 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 23:01 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 23:01 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 23:01 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 23:01 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 23:01 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 23:01 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 23:01 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 23:01 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 23:01 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 23:01 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 23:01 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 23:01 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 23:01 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 23:01 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 23:01 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 23:01 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 23:01 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 23:01 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 23:01 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 23:29 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 23:29 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 23:29 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 23:29 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 23:29 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 23:29 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-10 23:28 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 23:28 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 23:28 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 23:28 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 23:28 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 23:28 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 23:28 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 23:28 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 23:28 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 23:28 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 23:28 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 23:28 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 23:28 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-08 14:37 - 2012-07-21 12:34 - 00000000 ____D C:\Users\Chris\AppData\Local\Apps\AOL
2012-07-06 19:50 - 2012-07-06 19:50 - 00000000 ____D C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2012-07-06 19:50 - 2012-07-06 19:50 - 00000000 ____D C:\Users\Chris\AppData\Local\Downloaded Installations
2012-07-06 19:50 - 2012-07-06 19:50 - 00000000 ____D C:\Program Files (x86)\AMD
2012-07-06 19:49 - 2008-07-12 04:18 - 04992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
2012-07-06 19:49 - 2008-07-12 04:18 - 01942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
2012-07-06 19:49 - 2008-07-12 04:18 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
2012-07-05 15:41 - 2012-07-05 15:41 - 00000020 ___SH C:\Users\Mcx1-CHRIS-PC\ntuser.ini
2012-07-05 15:41 - 2012-07-05 15:41 - 00000000 ____D C:\users\Mcx1-CHRIS-PC
2012-07-05 15:41 - 2011-01-16 17:03 - 00000000 ____D C:\Users\Mcx1-CHRIS-PC\AppData\Roaming\Macromedia
2012-06-28 14:09 - 2012-06-28 14:09 - 00000000 ____D C:\Riot Games
2012-06-28 13:32 - 2012-06-29 22:29 - 00000000 ____D C:\Users\Chris\Desktop\LeagueOfLegends
2012-06-28 13:31 - 2012-07-22 21:00 - 00000000 ____D C:\Users\Chris\AppData\Local\PMB Files
2012-06-28 13:31 - 2012-07-22 21:00 - 00000000 ____D C:\Users\All Users\PMB Files
2012-06-26 20:47 - 2012-07-17 21:13 - 00000000 ____D C:\Users\All Users\Yahoo!
2012-06-26 20:42 - 2012-06-26 20:47 - 00000000 ____D C:\Users\Chris\AppData\Roaming\.purple
2012-06-26 20:42 - 2012-06-26 20:42 - 00001161 ____A C:\Users\UpdatusUser\Desktop\Chat Messenger.lnk
2012-06-26 20:41 - 2012-07-21 11:02 - 00000000 ____D C:\Users\All Users\Anti-phishing Domain Advisor
2012-06-26 20:41 - 2012-06-26 20:42 - 00000000 ____D C:\Users\Chris\AppData\Local\antiphishing-vmninternethelper1_1dn
2012-06-25 10:09 - 2012-07-13 01:25 - 00000003 ____A C:\Windows\System32\HRUPPROG.TXT
2012-06-25 10:09 - 2012-06-25 10:09 - 00000003 ____A C:\Windows\System32\HRUPPROG.DIE.NOW
2012-06-24 22:45 - 2012-05-31 08:25 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-06-24 19:41 - 2012-06-24 19:41 - 00268720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-06-24 19:41 - 2012-06-24 19:41 - 00189360 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-24 19:41 - 2012-06-24 19:41 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-24 19:41 - 2012-06-24 19:41 - 00000000 ____D C:\Program Files\Java

============ 3 Months Modified Files ========================

2012-07-22 23:09 - 2011-06-04 18:29 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-22 23:08 - 2012-07-22 23:08 - 01437781 ____A (Farbar) C:\Users\Chris\Downloads\FRST64.exe
2012-07-22 23:00 - 2012-07-22 23:00 - 00004369 ____A C:\Users\Chris\Desktop\instructions.txt
2012-07-22 22:55 - 2009-07-13 21:13 - 00006056 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-22 22:54 - 2009-07-13 20:51 - 00097398 ____A C:\Windows\setupact.log
2012-07-22 22:52 - 2012-04-07 19:36 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-22 22:14 - 2011-07-04 20:40 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3334649884-616049681-2364208559-1000UA.job
2012-07-22 20:56 - 2011-08-10 19:55 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3334649884-616049681-2364208559-1000UA.job
2012-07-22 19:14 - 2011-07-04 20:40 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3334649884-616049681-2364208559-1000Core.job
2012-07-22 14:56 - 2011-08-10 19:55 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3334649884-616049681-2364208559-1000Core.job
2012-07-22 12:26 - 2011-01-11 01:18 - 01215724 ____A C:\Windows\WindowsUpdate.log
2012-07-22 12:23 - 2011-06-04 18:29 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-22 12:23 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-22 12:22 - 2011-01-11 02:52 - 00045050 ____A C:\Windows\PFRO.log
2012-07-22 02:44 - 2009-07-13 20:45 - 00010320 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-22 02:44 - 2009-07-13 20:45 - 00010320 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-21 22:50 - 2012-07-21 22:48 - 168454136 ____A (NVIDIA Corporation) C:\Users\Chris\Downloads\301.42-desktop-win7-winvista-64bit-english-whql.exe
2012-07-21 20:49 - 2011-09-29 18:31 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-07-21 20:49 - 2011-09-29 18:09 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-07-21 20:49 - 2011-09-29 18:09 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-07-21 16:05 - 2012-07-21 16:05 - 00009477 ____A C:\Users\Chris\.recently-used.xbel
2012-07-21 13:15 - 2012-07-21 13:15 - 00002024 ____A C:\Users\Chris\Desktop\es.txt
2012-07-21 11:54 - 2012-07-21 11:54 - 00002165 ____A C:\Users\Chris\Desktop\aswMBR.txt
2012-07-21 11:54 - 2012-07-21 11:54 - 00000512 ____A C:\Users\Chris\Desktop\MBR.dat
2012-07-21 11:24 - 2012-07-21 11:24 - 02322184 ____A (ESET) C:\Users\Chris\Downloads\esetsmartinstaller_enu.exe
2012-07-21 11:09 - 2012-07-21 11:09 - 04731392 ____A (AVAST Software) C:\Users\Chris\Downloads\aswMBR.exe
2012-07-21 11:08 - 2012-07-21 11:08 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Chris\Downloads\tdsskiller.exe
2012-07-21 00:34 - 2012-07-21 00:34 - 16801656 ____A (Mozilla) C:\Users\Chris\Downloads\Firefox Setup 14.0.1.exe
2012-07-21 00:26 - 2009-07-13 20:45 - 00275776 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-20 23:50 - 2012-07-20 22:11 - 00057234 ____A C:\Users\Chris\Desktop\avgrep.txt
2012-07-20 00:00 - 2012-07-20 00:00 - 18635048 ____A (Hewlett-Packard ) C:\Users\Chris\Downloads\sp35208.exe
2012-07-19 21:54 - 2009-07-13 18:36 - 00175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2012-07-19 21:54 - 2009-07-13 18:36 - 00152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2012-07-19 20:07 - 2011-01-14 20:44 - 00000362 _RASH C:\Users\All Users\ntuser.pol
2012-07-19 20:02 - 2012-07-19 20:02 - 00000965 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-07-19 19:57 - 2012-07-19 19:57 - 03879800 ____A (AVG Technologies) C:\Users\Chris\Downloads\avg_free_stb_all_2012_2197_cnet.exe
2012-07-17 21:31 - 2011-07-02 09:17 - 00480264 ____A C:\Windows\DirectX.log
2012-07-17 19:51 - 2012-07-17 19:51 - 00439704 ____A (Yahoo! Inc.) C:\Users\Chris\Downloads\msgr11us.exe
2012-07-17 15:25 - 2012-07-17 15:25 - 00178800 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2012-07-13 01:25 - 2012-06-25 10:09 - 00000003 ____A C:\Windows\System32\HRUPPROG.TXT
2012-07-11 20:52 - 2012-04-07 19:36 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-11 20:52 - 2011-05-20 17:29 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-09 11:52 - 2012-05-17 17:52 - 00000528 ____A C:\Windows\SysWOW64\debug.log
2012-07-05 15:41 - 2012-07-05 15:41 - 00000020 ___SH C:\Users\Mcx1-CHRIS-PC\ntuser.ini
2012-07-03 09:46 - 2011-02-03 06:14 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 23:19 - 2012-07-19 23:05 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-28 10:26 - 2011-01-21 01:36 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2012-06-26 20:42 - 2012-06-26 20:42 - 00001161 ____A C:\Users\UpdatusUser\Desktop\Chat Messenger.lnk
2012-06-25 10:09 - 2012-06-25 10:09 - 00000003 ____A C:\Windows\System32\HRUPPROG.DIE.NOW
2012-06-24 19:41 - 2012-06-24 19:41 - 00268720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-06-24 19:41 - 2012-06-24 19:41 - 00189360 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-24 19:41 - 2012-06-24 19:41 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-24 19:41 - 2012-01-26 00:10 - 00955840 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2012-06-24 19:41 - 2012-01-26 00:10 - 00839096 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-06-11 19:08 - 2012-07-11 23:03 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-10 23:28 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 23:28 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-10 23:29 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 23:29 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 23:28 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 23:29 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 23:29 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 23:28 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-06-21 14:49 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 14:49 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 14:49 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 14:48 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 14:48 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 14:49 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 14:48 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-21 14:47 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-21 14:47 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-11 23:01 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-11 23:01 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-11 23:01 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-11 23:01 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-11 23:01 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-11 23:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-11 23:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-11 23:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-11 23:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-11 23:01 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-11 23:01 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-11 23:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-11 23:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-11 23:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-11 23:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-11 23:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-11 23:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-11 23:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-11 23:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 23:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-11 23:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-11 23:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 23:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 23:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-11 23:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-11 23:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 23:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 23:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-10 23:28 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 23:28 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 23:28 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 23:28 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 23:28 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 23:28 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 23:28 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 23:28 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 23:28 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 08:25 - 2012-06-24 22:45 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-15 02:48 - 2012-07-21 22:51 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-05-15 02:48 - 2012-07-21 22:51 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-05-15 02:48 - 2012-07-21 22:51 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-05-15 02:48 - 2012-07-21 22:51 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-05-15 02:48 - 2012-07-21 22:51 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-05-15 02:48 - 2012-07-21 22:51 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-05-15 02:48 - 2012-07-21 22:51 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-05-15 02:48 - 2012-07-21 22:51 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-05-15 02:48 - 2012-07-21 22:51 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-05-15 02:48 - 2012-07-21 22:51 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-05-15 02:48 - 2012-07-21 22:51 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-05-15 02:48 - 2012-07-21 22:51 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-05-15 02:48 - 2012-07-21 22:51 - 00818496 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2012-05-15 02:48 - 2012-07-21 22:51 - 00364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll
2012-05-15 02:48 - 2012-07-21 22:51 - 00301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
2012-05-15 02:48 - 2012-07-21 22:51 - 00246592 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2012-05-15 02:48 - 2012-07-21 22:51 - 00202048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2012-05-15 02:48 - 2012-04-22 17:04 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-05-15 02:48 - 2012-04-22 17:04 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-05-15 02:48 - 2012-04-22 17:04 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-05-15 02:48 - 2012-04-22 17:04 - 00949056 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2012-05-15 02:48 - 2012-04-22 17:04 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-05-15 02:48 - 2012-04-22 17:04 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-05-15 02:48 - 2011-08-14 13:48 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-05-15 02:48 - 2011-08-14 13:48 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2012-05-15 02:48 - 2010-07-31 22:46 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-05-15 02:48 - 2010-07-31 22:46 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-05-15 02:48 - 2010-07-10 05:38 - 00014324 ____A C:\Windows\System32\nvinfo.pb
2012-05-15 01:29 - 2012-04-22 17:06 - 02621723 ____A C:\Windows\System32\nvcoproc.bin
2012-05-15 01:29 - 2010-07-31 08:52 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-05-15 01:29 - 2010-07-31 08:52 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-05-15 01:29 - 2010-07-31 08:52 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-05-15 01:29 - 2010-07-09 16:27 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-05-15 01:28 - 2010-07-31 08:52 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-05-14 22:21 - 2012-05-14 22:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe
2012-05-05 08:58 - 2004-09-17 06:38 - 00000018 ____A C:\Windows\owcdvtxt.txt
2012-05-04 03:06 - 2012-06-12 15:25 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-12 15:25 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-12 15:24 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-04-30 21:40 - 2012-06-12 15:24 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 21:32 - 2012-06-12 15:24 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-04-27 19:55 - 2012-06-12 15:24 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-12 15:24 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-12 15:24 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-12 15:24 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

ZeroAccess:
C:\Windows\Installer\{1113e04a-9e9d-f085-58fc-05e365fdb631}
C:\Windows\Installer\{1113e04a-9e9d-f085-58fc-05e365fdb631}\@
C:\Windows\Installer\{1113e04a-9e9d-f085-58fc-05e365fdb631}\L
C:\Windows\Installer\{1113e04a-9e9d-f085-58fc-05e365fdb631}\U
C:\Windows\Installer\{1113e04a-9e9d-f085-58fc-05e365fdb631}\L\00000004.@
C:\Windows\Installer\{1113e04a-9e9d-f085-58fc-05e365fdb631}\L\1afb2d56
C:\Windows\Installer\{1113e04a-9e9d-f085-58fc-05e365fdb631}\L\201d3dde
C:\Windows\Installer\{1113e04a-9e9d-f085-58fc-05e365fdb631}\U\00000004.@
C:\Windows\Installer\{1113e04a-9e9d-f085-58fc-05e365fdb631}\U\00000008.@
C:\Windows\Installer\{1113e04a-9e9d-f085-58fc-05e365fdb631}\U\000000cb.@
C:\Windows\Installer\{1113e04a-9e9d-f085-58fc-05e365fdb631}\U\80000000.@
C:\Windows\Installer\{1113e04a-9e9d-f085-58fc-05e365fdb631}\U\80000032.@
C:\Windows\Installer\{1113e04a-9e9d-f085-58fc-05e365fdb631}\U\80000064.@

ZeroAccess:
C:\Users\Chris\AppData\Local\{1113e04a-9e9d-f085-58fc-05e365fdb631}
C:\Users\Chris\AppData\Local\{1113e04a-9e9d-f085-58fc-05e365fdb631}\@
C:\Users\Chris\AppData\Local\{1113e04a-9e9d-f085-58fc-05e365fdb631}\L
C:\Users\Chris\AppData\Local\{1113e04a-9e9d-f085-58fc-05e365fdb631}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8190.3 MB
Available physical RAM: 7396.18 MB
Total Pagefile: 8188.45 MB
Available Pagefile: 7392.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:472.32 GB) NTFS
3 Drive f: () (Removable) (Total:0.24 GB) (Free:0.19 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 244 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 931 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 244 MB 49 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 244 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-18 01:57

======================= End Of Log ==========================








Farbar Recovery Scan Tool Version: 20-07-2012 01
Ran by SYSTEM at 2012-07-23 03:21:58
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:47 PM

Posted 23 July 2012 - 03:14 AM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
C:\WINDOWS\assembly\GAC\Desktop.ini
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\Installer\{1113e04a-9e9d-f085-58fc-05e365fdb631}
C:\Users\Chris\AppData\Local\{1113e04a-9e9d-f085-58fc-05e365fdb631}
C:\Users\Chris\AppData\Local\Apps\AOL\sbcynul.dll
HKU\Chris\...\Run: [AOL] rundll32.exe "C:\Users\Chris\AppData\Local\Apps\AOL\sbcynul.dll",CreateInstance [x]
C:\Users\Chris\AppData\Local\The Creative Assembly\aeubeodr.dll
HKU\Chris\...\Run: [The Creative Assembly] rundll32.exe "C:\Users\Chris\AppData\Local\The Creative Assembly\aeubeodr.dll",CPPDebug [303104 2011-11-20] (flashget)



NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Ch2is

Ch2is
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 23 July 2012 - 04:13 AM

Hi Gringo,

Here are the logs as requested! =]




Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012 01
Ran by SYSTEM at 2012-07-23 05:07:57 Run:1
Running from F:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
C:\WINDOWS\assembly\GAC\Desktop.ini not found.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\Installer\{1113e04a-9e9d-f085-58fc-05e365fdb631} moved successfully.
C:\Users\Chris\AppData\Local\{1113e04a-9e9d-f085-58fc-05e365fdb631} moved successfully.
C:\Users\Chris\AppData\Local\Apps\AOL\sbcynul.dll not found.
HKEY_USERS\Chris\Software\Microsoft\Windows\CurrentVersion\Run\\AOL Value deleted successfully.
C:\Users\Chris\AppData\Local\The Creative Assembly\aeubeodr.dll moved successfully.
HKEY_USERS\Chris\Software\Microsoft\Windows\CurrentVersion\Run\\The Creative Assembly Value deleted successfully.

==== End of Fixlog ====

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:47 PM

Posted 23 July 2012 - 05:16 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Ch2is

Ch2is
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 23 July 2012 - 06:32 AM

Hi Gringo,


here is the log as requested

ComboFix 12-07-21.01 - Chris 07/23/2012 6:43.1.3 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8190.6654 [GMT -4:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HPMonitor.exe.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpwjd.exe.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpwmsd.exe.lnk
c:\users\Chris\AppData\Local\assembly\tmp
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((((( Files Created from 2012-06-23 to 2012-07-23 )))))))))))))))))))))))))))))))
.
.
2012-07-23 10:57 . 2012-07-23 10:57 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-23 10:57 . 2012-07-23 10:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-23 07:09 . 2012-07-23 11:19 -------- d-----w- C:\FRST
2012-07-21 19:37 . 2012-07-21 19:37 -------- d-----w- c:\program files (x86)\ESET
2012-07-21 07:47 . 2012-07-21 07:47 -------- d-----w- c:\users\Chris\AppData\Local\ElevatedDiagnostics
2012-07-20 08:00 . 2012-07-20 08:00 -------- d-----w- c:\program files (x86)\HP Optical USB Mobile Mouse
2012-07-20 07:05 . 2012-07-03 07:19 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-20 05:33 . 2012-07-20 05:33 -------- d-----w- c:\windows\system32\SPReview
2012-07-20 05:31 . 2012-07-20 05:31 -------- d-----w- c:\windows\system32\EventProviders
2012-07-20 04:02 . 2012-07-20 04:02 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-07-19 04:47 . 2012-07-19 04:47 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-18 03:51 . 2012-07-20 04:07 -------- d-----w- c:\program files (x86)\Yahoo!
2012-07-17 23:32 . 2012-07-17 23:32 -------- d-sh--w- c:\programdata\SecuROM
2012-07-17 23:25 . 2012-07-17 23:32 -------- d-----w- c:\users\Chris\AppData\Local\Rockstar Games
2012-07-17 23:25 . 2012-07-17 23:25 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-07-17 12:45 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BC0FDF81-6F0D-4521-B33C-6A4F13BDB806}\mpengine.dll
2012-07-15 05:07 . 2012-07-16 05:53 -------- d-----w- c:\users\Chris\AppData\Roaming\Tropico 4
2012-07-15 04:57 . 2012-07-15 04:57 -------- d-----w- c:\users\Chris\AppData\Roaming\Kalypso Media
2012-07-12 07:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 07:29 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 07:29 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 07:29 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 07:29 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 07:29 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 07:29 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-09 20:30 . 2012-07-23 13:07 -------- d-----w- c:\users\Chris\AppData\Local\The Creative Assembly
2012-07-07 03:50 . 2012-07-07 03:50 -------- d-----w- c:\program files (x86)\AMD
2012-07-07 03:50 . 2012-07-07 03:50 -------- d-----w- c:\users\Chris\AppData\Local\Downloaded Installations
2012-07-07 03:50 . 2012-07-07 03:50 -------- d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2012-07-07 03:49 . 2008-07-12 12:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
2012-07-07 03:49 . 2008-07-12 12:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2012-07-07 03:49 . 2008-07-12 12:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2012-07-05 23:41 . 2012-07-05 23:41 -------- d-----w- c:\users\Mcx1-CHRIS-PC
2012-06-28 22:09 . 2012-06-28 22:09 -------- d-----w- C:\Riot Games
2012-06-28 21:31 . 2012-07-23 05:00 -------- d-----w- c:\users\Chris\AppData\Local\PMB Files
2012-06-28 21:31 . 2012-07-23 05:00 -------- d-----w- c:\programdata\PMB Files
2012-06-27 04:47 . 2012-07-18 05:13 -------- d-----w- c:\programdata\Yahoo!
2012-06-27 04:42 . 2012-06-27 04:47 -------- d-----w- c:\users\Chris\AppData\Roaming\.purple
2012-06-27 04:41 . 2012-07-23 10:34 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2012-06-27 04:41 . 2012-06-27 04:42 -------- d-----w- c:\users\Chris\AppData\Local\antiphishing-vmninternethelper1_1dn
2012-06-25 06:45 . 2012-05-31 16:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-06-25 03:41 . 2012-06-25 03:41 268720 ----a-w- c:\windows\system32\javaws.exe
2012-06-25 03:41 . 2012-06-25 03:41 189360 ----a-w- c:\windows\system32\javaw.exe
2012-06-25 03:41 . 2012-06-25 03:41 188840 ----a-w- c:\windows\system32\java.exe
2012-06-25 03:41 . 2012-06-25 03:41 -------- d-----w- c:\program files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-22 04:49 . 2011-09-30 02:31 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-22 04:49 . 2011-09-30 02:09 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-22 04:49 . 2011-09-30 02:09 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-20 05:54 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-07-20 05:54 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-07-12 04:52 . 2012-04-08 03:36 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 04:52 . 2011-05-21 01:29 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2011-02-03 14:14 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 03:41 . 2012-01-26 08:10 955840 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-25 03:41 . 2012-01-26 08:10 839096 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-02 22:19 . 2012-06-21 22:48 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 22:49 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 22:49 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 22:49 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 22:48 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 22:49 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 22:48 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 22:47 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 22:47 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-30 02:19 . 2012-05-30 02:19 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-15 10:48 . 2012-04-23 01:04 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2012-04-23 01:04 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-04-23 01:04 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-04-23 01:04 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-04-23 01:04 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2012-04-23 01:04 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2011-08-14 21:48 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-08-14 21:48 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2010-08-01 06:46 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2010-08-01 06:46 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 09:29 . 2010-07-31 16:52 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2010-07-31 16:52 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2010-07-10 00:27 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2012-04-23 01:06 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2010-07-31 16:52 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2010-07-31 16:52 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 06:21 . 2012-05-15 06:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-04 11:06 . 2012-06-12 23:25 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-12 23:24 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-12 23:25 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-12 23:24 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 05:32 . 2012-06-12 23:24 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-04-28 03:55 . 2012-06-12 23:24 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-12 23:24 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-12 23:24 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-12 23:24 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-08 1242448]
"Facebook Update"="c:\users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-08 165208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 136176]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2010-11-10 341856]
R3 LVUVC64;Logitech Webcam C160(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2010-11-10 4162784]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-12 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-07-12 8704]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-08 197976]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\DRIVERS\HP8207_8307.sys [2010-02-05 15360]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-08 30304]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 04:52]
.
2012-07-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3334649884-616049681-2364208559-1000Core.job
- c:\users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-11 22:51]
.
2012-07-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3334649884-616049681-2364208559-1000UA.job
- c:\users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-11 22:51]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 02:29]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 02:29]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3334649884-616049681-2364208559-1000Core.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-05 22:34]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3334649884-616049681-2364208559-1000UA.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-05 22:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"Mouse Suite 98 Daemon"="ICO.EXE" [2006-09-29 90624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1 74.128.19.102 74.128.17.114
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\byxpmdf1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=MOZO
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Wow6432Node-HKCU-Run-SPMTray - c:\program files (x86)\PC Speed Maximizer\SPMTray.exe
Wow6432Node-HKCU-Run-Messenger (Yahoo!) - c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe
Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe
Wow6432Node-HKLM-Run-OWCWebCamDV - c:\windows\system\wcdvtray.exe
Wow6432Node-HKU-Default-Run-AOL - c:\users\Chris\AppData\Local\Apps\AOL\sbcynul.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3334649884-616049681-2364208559-1000\Software\SecuROM\License information*]
"datasecu"=hex:84,fb,c7,b8,36,ff,5a,6e,3e,a9,ef,d5,00,a3,f7,07,f0,a3,da,e5,d3,
c6,4c,66,71,c8,b2,02,75,de,4c,16,2f,bb,0c,1a,50,12,32,d4,01,3c,12,47,e9,f5,\
"rkeysecu"=hex:9f,9e,9a,70,7e,d8,aa,42,3f,27,45,19,06,30,4a,e4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
.
**************************************************************************
.
Completion time: 2012-07-23 07:21:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-23 11:20
.
Pre-Run: 509,448,081,408 bytes free
Post-Run: 534,481,928,192 bytes free
.
- - End Of File - - BA3FE27AEEA115172586B73DCDAA8B41

After the log was made I tried to open firefox and got the "Illegal operation attempted on a registery key that has been marked for deletion." error but theni restarted the computer as you said, and had no problem opening it afterwards.

The computer seems to be doing well so far. I haven't gotten any redirects when using any search engines, and no random pop-ups. Also no occasional alerts from my anti-virus as it was doing before. Seems to be doing good.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:47 PM

Posted 23 July 2012 - 12:37 PM

Greetings Ch2is

The reports are starting to look real good

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Ch2is

Ch2is
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 23 July 2012 - 04:33 PM

Hi Gringo,


here is the log as requested.


ComboFix 12-07-21.01 - Chris 07/23/2012 16:59:16.2.3 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8190.6194 [GMT -4:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
Command switches used :: c:\users\Chris\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((((( Files Created from 2012-06-23 to 2012-07-23 )))))))))))))))))))))))))))))))
.
.
2012-07-23 21:12 . 2012-07-23 21:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-23 21:12 . 2012-07-23 21:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-23 21:12 . 2012-07-23 21:12 -------- d-----w- c:\users\Aaron\AppData\Local\temp
2012-07-23 07:09 . 2012-07-23 11:19 -------- d-----w- C:\FRST
2012-07-21 19:37 . 2012-07-21 19:37 -------- d-----w- c:\program files (x86)\ESET
2012-07-21 07:47 . 2012-07-21 07:47 -------- d-----w- c:\users\Chris\AppData\Local\ElevatedDiagnostics
2012-07-20 08:00 . 2012-07-20 08:00 -------- d-----w- c:\program files (x86)\HP Optical USB Mobile Mouse
2012-07-20 07:05 . 2012-07-03 07:19 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-20 05:33 . 2012-07-20 05:33 -------- d-----w- c:\windows\system32\SPReview
2012-07-20 05:31 . 2012-07-20 05:31 -------- d-----w- c:\windows\system32\EventProviders
2012-07-20 04:02 . 2012-07-20 04:02 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-07-19 04:47 . 2012-07-19 04:47 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-18 03:51 . 2012-07-20 04:07 -------- d-----w- c:\program files (x86)\Yahoo!
2012-07-17 23:32 . 2012-07-17 23:32 -------- d-sh--w- c:\programdata\SecuROM
2012-07-17 23:25 . 2012-07-17 23:32 -------- d-----w- c:\users\Chris\AppData\Local\Rockstar Games
2012-07-17 23:25 . 2012-07-17 23:25 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-07-17 12:45 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BC0FDF81-6F0D-4521-B33C-6A4F13BDB806}\mpengine.dll
2012-07-15 05:07 . 2012-07-16 05:53 -------- d-----w- c:\users\Chris\AppData\Roaming\Tropico 4
2012-07-15 04:57 . 2012-07-15 04:57 -------- d-----w- c:\users\Chris\AppData\Roaming\Kalypso Media
2012-07-12 07:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 07:29 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 07:29 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 07:29 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 07:29 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 07:29 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 07:29 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-09 20:30 . 2012-07-23 13:07 -------- d-----w- c:\users\Chris\AppData\Local\The Creative Assembly
2012-07-07 03:50 . 2012-07-07 03:50 -------- d-----w- c:\program files (x86)\AMD
2012-07-07 03:50 . 2012-07-07 03:50 -------- d-----w- c:\users\Chris\AppData\Local\Downloaded Installations
2012-07-07 03:50 . 2012-07-07 03:50 -------- d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2012-07-07 03:49 . 2008-07-12 12:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
2012-07-07 03:49 . 2008-07-12 12:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2012-07-07 03:49 . 2008-07-12 12:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2012-07-05 23:41 . 2012-07-05 23:41 -------- d-----w- c:\users\Mcx1-CHRIS-PC
2012-06-28 22:09 . 2012-06-28 22:09 -------- d-----w- C:\Riot Games
2012-06-28 21:31 . 2012-07-23 05:00 -------- d-----w- c:\users\Chris\AppData\Local\PMB Files
2012-06-28 21:31 . 2012-07-23 05:00 -------- d-----w- c:\programdata\PMB Files
2012-06-27 04:47 . 2012-07-18 05:13 -------- d-----w- c:\programdata\Yahoo!
2012-06-27 04:42 . 2012-06-27 04:47 -------- d-----w- c:\users\Chris\AppData\Roaming\.purple
2012-06-27 04:41 . 2012-07-23 11:26 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2012-06-27 04:41 . 2012-06-27 04:42 -------- d-----w- c:\users\Chris\AppData\Local\antiphishing-vmninternethelper1_1dn
2012-06-25 06:45 . 2012-05-31 16:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-06-25 03:41 . 2012-06-25 03:41 268720 ----a-w- c:\windows\system32\javaws.exe
2012-06-25 03:41 . 2012-06-25 03:41 189360 ----a-w- c:\windows\system32\javaw.exe
2012-06-25 03:41 . 2012-06-25 03:41 188840 ----a-w- c:\windows\system32\java.exe
2012-06-25 03:41 . 2012-06-25 03:41 -------- d-----w- c:\program files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-22 04:49 . 2011-09-30 02:31 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-22 04:49 . 2011-09-30 02:09 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-22 04:49 . 2011-09-30 02:09 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-20 05:54 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-07-20 05:54 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-07-12 04:52 . 2012-04-08 03:36 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 04:52 . 2011-05-21 01:29 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2011-02-03 14:14 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 03:41 . 2012-01-26 08:10 955840 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-25 03:41 . 2012-01-26 08:10 839096 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-02 22:19 . 2012-06-21 22:48 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 22:49 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 22:49 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 22:49 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 22:48 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 22:49 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 22:48 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 22:47 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 22:47 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-30 02:19 . 2012-05-30 02:19 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-15 10:48 . 2012-04-23 01:04 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2012-04-23 01:04 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-04-23 01:04 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-04-23 01:04 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-04-23 01:04 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2012-04-23 01:04 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2011-08-14 21:48 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-08-14 21:48 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2010-08-01 06:46 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2010-08-01 06:46 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 09:29 . 2010-07-31 16:52 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2010-07-31 16:52 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2010-07-10 00:27 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2012-04-23 01:06 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2010-07-31 16:52 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2010-07-31 16:52 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 06:21 . 2012-05-15 06:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-04 11:06 . 2012-06-12 23:25 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-12 23:24 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-12 23:25 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-12 23:24 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 05:32 . 2012-06-12 23:24 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-04-28 03:55 . 2012-06-12 23:24 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-12 23:24 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-12 23:24 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-12 23:24 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-23_11.01.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-11 10:57 . 2012-07-23 11:28 50826 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-23 11:28 45022 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-11 10:57 . 2012-07-23 11:28 18082 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3334649884-616049681-2364208559-1000_UserData.bin
+ 2011-01-23 11:54 . 2012-07-23 11:25 4744 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-07-23 11:01 . 2012-07-23 11:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-23 11:26 . 2012-07-23 11:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-23 11:01 . 2012-07-23 11:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-23 11:26 . 2012-07-23 11:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-07-23 10:59 229940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-23 11:25 229940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-23 19:57 . 2012-07-23 19:57 12738560 c:\windows\Installer\1d4d40c.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-08 1242448]
"Facebook Update"="c:\users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-08 165208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 136176]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2010-11-10 341856]
R3 LVUVC64;Logitech Webcam C160(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2010-11-10 4162784]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-12 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-07-12 8704]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-08 197976]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\DRIVERS\HP8207_8307.sys [2010-02-05 15360]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-08 30304]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 04:52]
.
2012-07-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3334649884-616049681-2364208559-1000Core.job
- c:\users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-11 22:51]
.
2012-07-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3334649884-616049681-2364208559-1000UA.job
- c:\users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-11 22:51]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 02:29]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 02:29]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3334649884-616049681-2364208559-1000Core.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-05 22:34]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3334649884-616049681-2364208559-1000UA.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-05 22:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"Mouse Suite 98 Daemon"="ICO.EXE" [2006-09-29 90624]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1 74.128.19.102 74.128.17.114
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\byxpmdf1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=MOZO
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3334649884-616049681-2364208559-1000\Software\SecuROM\License information*]
"datasecu"=hex:84,fb,c7,b8,36,ff,5a,6e,3e,a9,ef,d5,00,a3,f7,07,f0,a3,da,e5,d3,
c6,4c,66,71,c8,b2,02,75,de,4c,16,2f,bb,0c,1a,50,12,32,d4,01,3c,12,47,e9,f5,\
"rkeysecu"=hex:9f,9e,9a,70,7e,d8,aa,42,3f,27,45,19,06,30,4a,e4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-23 17:31:51
ComboFix-quarantined-files.txt 2012-07-23 21:31
ComboFix2.txt 2012-07-23 11:21
.
Pre-Run: 534,311,206,912 bytes free
Post-Run: 534,239,293,440 bytes free
.
- - End Of File - - 580C04D199453408ABF4C54DD93A2582

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:47 PM

Posted 23 July 2012 - 05:02 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Ch2is

Ch2is
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 24 July 2012 - 04:09 PM

Hi Gringo,

I haven't been near my computer recently but will respond later today with the report =]

#12 Ch2is

Ch2is
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 24 July 2012 - 09:03 PM

Here you go Gringo!

Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Amnesia: The Dark Descent
Anti-phishing Domain Advisor
Apple Application Support
Apple Software Update
Assassin's Creed
Atom Zombie Smasher
Battlefield 3™
Battlelog Web Plugins
Borderlands
CameraHelperMsi
D3DX10
Diablo III
Dinner Date
Download Updater (AOL LLC)
Dual-Core Optimizer
erLT
ESET Online Scanner v3
ESN Sonar
EVE Online (remove only)
Fable III
Facebook Messenger 2.1.4587.0
Facebook Video Calling 1.2.0.159
Fallout: New Vegas
GECK - New Vegas Edition
Ghost Recon Online (NCSA-Live)
GIMP 2.6.11
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
Gotham City Impostors
Grand Theft Auto: Episodes from Liberty City
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
Hi-Rez Studios Authenticate and Update Service
HP Mouse Suite
Java Auto Updater
Java™ 6 Update 31
Just Cause 2
League of Legends
Left 4 Dead 2
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.62.0.1300
Mass Effect
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 4.0
Moonbase Alpha
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
Mumble 1.2.3
NCsoft Launcher
Netflix in Windows Media Center
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
OrangeWare WebCamDV
Orcs Must Die!
Origin
Pando Media Booster
Plants vs. Zombies: Game of the Year
Portal 2
PunkBuster Services
QuickTime
Rainmeter
Realm of the Mad God
Rock of Ages
Saints Row: The Third
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Serious Sam HD: The Second Encounter
Sid Meier's Civilization V
Skype Click to Call
Skype™ 5.10
Star Wars - Battlefront II
Star Wars: The Old Republic
StarCraft II
Steam
System Requirements Lab
Team Fortress 2
Terraria
The Elder Scrolls V: Skyrim
The Sims™ 3
Tom Clancy's Splinter Cell: Conviction
Torchlight
Total War: SHOGUN 2
Tribes Ascend
Tropico 3 - Steam Special Edition
Tropico 3: Absolute Power
Tropico 4
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Ventrilo Client
Visual Studio 2008 x64 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinRAR archiver
World of Warcraft

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:47 PM

Posted 24 July 2012 - 10:32 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 31 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Ch2is

Ch2is
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 24 July 2012 - 11:52 PM

Hi Gringo,


here you go! =]



Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.24.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Chris :: CHRIS-PC [administrator]

7/25/2012 12:41:55 AM
mbam-log-2012-07-25 (00-41-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 244540
Time elapsed: 1 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)








Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:50:27 AM, on 7/25/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exe
C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe
C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\revouninstaller.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Users\Chris\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-21-3334649884-616049681-2364208559-1006\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3334649884-616049681-2364208559-1006\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10034 bytes






I had no problems, The computer seems to be running smoothly!

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:47 PM

Posted 24 July 2012 - 11:54 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
      O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
      O4 - HKUS\S-1-5-21-3334649884-616049681-2364208559-1006\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-3334649884-616049681-2364208559-1006\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users