Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix log


  • Please log in to reply
7 replies to this topic

#1 hybridblues

hybridblues

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 22 September 2012 - 12:27 PM

Hello community. I am new here, and i hope to get some help on this log. I am sorry if I am posting on the wrong sections.

ComboFix 12-09-22.02 - TIM 09/2012 週日 0:42.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1033.18.4095.2431 [GMT 8:00]
Running from: c:\users\TIM\Downloads\ComboFix.exe
AV: AVG Internet Security Business Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security Business Edition 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security Business Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\STF3D8F.tmp
C:\STF55A0.tmp
C:\STF79C1.tmp
C:\STFA851.tmp
C:\STFB390.tmp
C:\STFD69F.tmp
c:\windows\SysWow64\networkdlllsp.dll
.
---- Previous Run -------
.
C:\Install.exe
c:\program files (x86)\Downloaded Installers
c:\program files (x86)\Downloaded Installers\{C58B9E48-5F3D-4141-B2A7-083A84EA9B7F}\setup.msi
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-08-22 to 2012-09-22 )))))))))))))))))))))))))))))))
.
.
2012-09-22 17:06 . 2012-09-22 17:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-21 15:42 . 2012-09-21 15:42 -------- d-----w- c:\users\TIM\AppData\Roaming\InstallShield Installation Information
2012-09-16 11:04 . 2012-09-16 11:05 -------- d-----w- c:\users\Guest
2012-09-16 10:02 . 2012-05-18 13:54 5174176 ----a-w- c:\windows\system32\QQPinyin.ime
2012-09-16 09:01 . 2012-09-16 09:01 -------- d-----w- c:\program files\フレムカモホマキ
2012-09-16 06:17 . 2012-09-16 06:51 -------- d-----w- C:\QQDownload
2012-09-16 06:11 . 2012-09-16 06:11 -------- d-----w- c:\users\TIM\AppData\Local\Tencent
2012-09-16 06:09 . 2012-09-16 06:10 -------- d-----w- c:\program files (x86)\Common Files\Tencent
2012-09-16 06:09 . 2012-09-16 06:09 -------- d-----w- c:\users\TIM\AppData\Local\CrashDumps
2012-09-16 06:09 . 2012-09-16 10:02 -------- d-----w- c:\program files (x86)\Tencent
2012-09-16 06:09 . 2012-09-16 10:02 -------- d-----w- c:\programdata\Tencent
2012-09-16 06:09 . 2012-09-16 10:03 -------- d-----w- c:\users\TIM\AppData\Roaming\Tencent
2012-09-16 06:09 . 2009-02-18 06:51 18760 ----a-w- c:\windows\SysWow64\QQVistaHelper.dll
2012-09-16 05:00 . 2012-09-16 05:00 -------- d-----w- c:\users\TIM\AppData\Roaming\TechSmith
2012-09-16 04:38 . 2012-09-16 04:38 -------- d-----w- c:\program files (x86)\QuickTime
2012-09-16 04:37 . 2012-09-16 04:37 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared
2012-09-16 04:37 . 2012-09-16 04:37 -------- d-----w- c:\programdata\TechSmith
2012-09-16 04:37 . 2012-09-16 04:37 -------- d-----w- c:\program files (x86)\TechSmith
2012-09-16 04:15 . 2012-09-16 04:15 -------- d-----w- c:\users\TIM\AppData\Roaming\Apowersoft
2012-09-16 04:15 . 2012-09-16 04:15 -------- d-----w- c:\program files\Apowersoft
2012-09-16 04:14 . 2012-09-16 04:16 -------- d-----w- c:\users\TIM\AppData\Roaming\mIRC
2012-09-16 04:14 . 2012-09-16 04:14 -------- d-----w- c:\program files (x86)\mIRC
2012-09-15 11:13 . 2012-09-15 11:13 -------- d-----w- c:\program files (x86)\PrivitizeVPN
2012-09-15 11:04 . 2012-09-15 11:04 -------- d-----w- c:\users\TIM\AppData\Local\Last.fm
2012-09-15 11:04 . 2012-09-15 11:04 -------- d-----w- c:\program files (x86)\Last.fm
2012-09-15 09:26 . 2012-09-15 11:09 -------- d-----w- c:\program files (x86)\FTL
2012-09-15 02:27 . 2012-09-15 02:27 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-14 11:13 . 2012-09-14 11:13 -------- d-----w- c:\users\TIM\AppData\Roaming\runic games
2012-09-14 11:11 . 2012-09-14 11:11 315 ----a-w- C:\user.js
2012-09-14 11:11 . 2012-09-14 11:11 -------- d-----w- c:\users\TIM\AppData\Roaming\Babylon
2012-09-14 11:11 . 2012-09-14 11:11 -------- d-----w- c:\programdata\Babylon
2012-09-14 11:07 . 2012-09-14 11:07 -------- d-----w- c:\program files (x86)\Runic Games
2012-09-14 09:35 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-14 09:35 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-14 09:35 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-14 09:35 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-14 09:35 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-14 09:35 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-14 09:35 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-09 11:34 . 2012-09-09 11:34 -------- d-----w- c:\users\TIM\AppData\Roaming\ImTOO
2012-09-09 11:31 . 2012-09-09 11:31 -------- d-----w- c:\programdata\ImTOO
2012-09-09 11:31 . 2012-09-09 11:31 -------- d-----w- c:\program files (x86)\ImTOO
2012-09-09 05:24 . 2012-09-09 05:24 -------- d-----w- c:\programdata\NexonTW
2012-09-09 05:12 . 2011-09-22 20:14 56128 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npBFPlugin.dll
2012-09-09 05:09 . 2012-09-09 05:55 -------- d-----w- c:\users\TIM\AppData\Local\CSO
2012-09-09 05:07 . 2012-09-09 05:07 -------- d-----w- c:\program files (x86)\Gamania
2012-09-08 16:34 . 2012-03-26 08:38 226304 ----a-w- c:\windows\SysWow64\binkw32.dll
2012-09-08 16:34 . 2012-09-08 16:33 361096 ----a-w- c:\windows\SysWow64\Lead3DEngine.dll
2012-09-08 16:33 . 2012-09-08 16:33 361096 ----a-w- c:\windows\system32\Lead3DEngine.dll
2012-09-08 15:34 . 2012-09-09 02:23 -------- d-----w- c:\program files (x86)\Ubisoft
2012-09-07 16:21 . 2012-09-07 16:21 -------- d-----w- c:\program files\VistaSwitcher
2012-09-02 07:17 . 2012-08-24 07:58 405152 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-09-02 07:17 . 2012-09-02 07:17 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2012-09-02 07:17 . 2012-09-02 07:17 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2012-09-02 07:17 . 2012-09-02 07:18 -------- d-----w- c:\users\TIM\AppData\Roaming\DVDVideoSoft
2012-09-01 08:34 . 2012-09-01 08:34 -------- d-----w- c:\users\TIM\AppData\Local\StreamPrivacy
2012-09-01 05:41 . 2012-09-01 05:41 -------- d-----w- c:\program files\Logitech Gaming Software
2012-08-31 20:16 . 2012-08-31 20:19 -------- d-----w- c:\program files (x86)\Razer
2012-08-31 20:16 . 2012-08-31 20:16 -------- d-----w- c:\users\TIM\AppData\Local\Razer
2012-08-31 20:16 . 2012-08-31 20:16 -------- d-----w- c:\programdata\Razer
2012-08-30 11:02 . 2012-08-30 11:02 -------- d-----w- c:\users\TIM\AppData\Local\Fallout3
2012-08-30 10:39 . 2012-08-30 10:39 -------- d-----w- c:\program files (x86)\Bethesda Softworks
2012-08-30 10:37 . 2012-08-30 10:37 -------- d-----w- c:\windows\SysWow64\xlive
2012-08-30 10:35 . 2005-04-03 15:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2012-08-30 10:35 . 2005-04-03 15:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2012-08-30 10:35 . 2005-04-03 15:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2012-08-30 10:35 . 2005-04-03 15:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2012-08-30 10:35 . 2005-04-03 14:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2012-08-30 10:35 . 2012-08-30 10:35 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2012-08-30 10:35 . 2012-08-30 10:35 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2012-08-30 10:35 . 2005-04-03 15:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2012-08-29 12:06 . 2012-08-29 12:06 -------- d-----w- c:\program files (x86)\Common Files\SourceTec
2012-08-29 12:06 . 2012-08-29 12:06 -------- d-----w- c:\program files (x86)\SourceTec
2012-08-29 07:47 . 2012-08-29 07:47 -------- d-----w- c:\program files (x86)\VMLaunch
2012-08-29 04:05 . 2012-08-29 07:42 -------- d-----w- c:\program files\BBLACK
2012-08-29 03:50 . 2012-08-29 03:50 -------- d-----w- c:\users\TIM\AppData\Roaming\InstallShield
2012-08-29 03:29 . 2012-08-29 13:24 -------- d-----w- c:\program files (x86)\Illusion
2012-08-29 03:17 . 2012-08-29 03:17 49152 ----a-r- c:\users\TIM\AppData\Roaming\Microsoft\Installer\{502499DC-2EDB-45A2-8F7C-83E6E5DE067E}\NewShortcut1_502499DC2EDB45A28F7C83E6E5DE067E.exe
2012-08-29 03:16 . 2012-08-30 09:43 -------- d-----w- C:\illusion
2012-08-28 18:36 . 2012-08-28 18:51 -------- d-----w- c:\program files (x86)\AIDROID
2012-08-28 04:10 . 2012-08-28 04:10 -------- d-----w- c:\windows\SysWow64\Adobe
2012-08-24 07:43 . 2012-08-24 07:43 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 07:10 . 2012-08-16 07:10 10752 ---h--r- c:\users\TIM\AppData\Roaming\Microsoft\Windows\Templates\audiadg.exe
2012-08-15 10:15 . 2012-08-15 10:15 10920 ----a-w- C:\aolconnfix.exe
2012-08-14 17:55 . 2012-08-14 17:55 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-08-14 17:55 . 2012-08-14 17:55 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-08-14 17:55 . 2012-08-14 17:55 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-08-14 17:55 . 2012-08-14 17:55 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-08-14 17:55 . 2012-08-14 17:55 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-08-14 17:55 . 2012-08-14 17:55 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-08-14 17:55 . 2012-08-14 17:55 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-14 17:55 . 2012-08-14 17:55 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-08-14 17:55 . 2012-08-14 17:55 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-08-14 17:55 . 2012-08-14 17:55 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-14 17:55 . 2012-08-14 17:55 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-08-14 17:55 . 2012-08-14 17:55 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-14 17:55 . 2012-08-14 17:55 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-08-14 17:55 . 2012-08-14 17:55 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-08-14 17:55 . 2012-08-14 17:55 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-08-14 17:55 . 2012-08-14 17:55 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-14 17:55 . 2012-08-14 17:55 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-14 17:55 . 2012-08-14 17:55 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-08-14 17:55 . 2012-08-14 17:55 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-14 17:55 . 2012-08-14 17:55 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-08-14 17:55 . 2012-08-14 17:55 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-08-14 17:55 . 2012-08-14 17:55 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-14 17:55 . 2012-08-14 17:55 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-08-14 17:55 . 2012-08-14 17:55 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-08-14 17:55 . 2012-08-14 17:55 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-08-14 17:55 . 2012-08-14 17:55 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-14 17:55 . 2012-08-14 17:55 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-08-14 17:55 . 2012-08-14 17:55 82432 ----a-w- c:\windows\system32\icardie.dll
2012-08-14 17:55 . 2012-08-14 17:55 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-14 17:55 . 2012-08-14 17:55 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-08-14 17:55 . 2012-08-14 17:55 697344 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-14 17:55 . 2012-08-14 17:55 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-08-14 17:55 . 2012-08-14 17:55 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-08-14 17:55 . 2012-08-14 17:55 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-08-14 17:55 . 2012-08-14 17:55 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-08-14 17:55 . 2012-08-14 17:55 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-08-14 17:55 . 2012-08-14 17:55 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-08-14 17:55 . 2012-08-14 17:55 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-08-14 17:55 . 2012-08-14 17:55 448512 ----a-w- c:\windows\system32\html.iec
2012-08-14 17:55 . 2012-08-14 17:55 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-08-14 17:55 . 2012-08-14 17:55 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-08-14 17:55 . 2012-08-14 17:55 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-08-14 17:55 . 2012-08-14 17:55 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-14 17:55 . 2012-08-14 17:55 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-08-14 17:55 . 2012-08-14 17:55 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-08-14 17:55 . 2012-08-14 17:55 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-08-14 17:55 . 2012-08-14 17:55 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-14 17:55 . 2012-08-14 17:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-14 17:55 . 2012-08-14 17:55 237056 ----a-w- c:\windows\system32\url.dll
2012-08-14 17:55 . 2012-08-14 17:55 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-14 17:55 . 2012-08-14 17:55 222208 ----a-w- c:\windows\system32\msls31.dll
2012-08-14 17:55 . 2012-08-14 17:55 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-14 17:55 . 2012-08-14 17:55 197120 ----a-w- c:\windows\system32\msrating.dll
2012-08-14 17:55 . 2012-08-14 17:55 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-08-14 17:55 . 2012-08-14 17:55 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-14 17:55 . 2012-08-14 17:55 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-08-14 17:55 . 2012-08-14 17:55 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-08-14 17:55 . 2012-08-14 17:55 160256 ----a-w- c:\windows\system32\wextract.exe
2012-08-14 17:55 . 2012-08-14 17:55 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-08-14 17:55 . 2012-08-14 17:55 149504 ----a-w- c:\windows\system32\occache.dll
2012-08-14 17:55 . 2012-08-14 17:55 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-14 17:55 . 2012-08-14 17:55 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-08-14 17:55 . 2012-08-14 17:55 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-14 17:55 . 2012-08-14 17:55 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-08-14 17:55 . 2012-08-14 17:55 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-14 17:55 . 2012-08-14 17:55 12288 ----a-w- c:\windows\system32\mshta.exe
2012-08-14 17:55 . 2012-08-14 17:55 114176 ----a-w- c:\windows\system32\admparse.dll
2012-08-14 17:55 . 2012-08-14 17:55 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-08-14 17:55 . 2012-08-14 17:55 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-14 17:55 . 2012-08-14 17:55 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-08-14 17:55 . 2012-08-14 17:55 103936 ----a-w- c:\windows\system32\inseng.dll
2012-08-14 06:54 . 2012-08-14 06:54 71680 ----a-w- c:\windows\system32\frapsv64.dll
2012-08-14 06:54 . 2012-08-14 06:54 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2012-07-27 18:54 . 2012-07-27 18:54 321472 ----a-w- c:\windows\WLXPGSS.SCR
2012-07-26 11:08 . 2012-07-26 11:08 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll
2012-07-26 11:08 . 2012-07-26 11:08 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll
2012-07-26 11:08 . 2012-07-26 11:08 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll
2012-07-26 11:08 . 2012-07-26 11:08 153536 ----a-w- c:\windows\SysWow64\atl110.dll
2012-07-26 11:08 . 2012-07-26 11:08 115656 ----a-w- c:\windows\SysWow64\vcomp110.dll
2012-07-26 07:22 . 2012-07-26 07:22 828872 ----a-w- c:\windows\system32\msvcr110.dll
2012-07-26 07:22 . 2012-07-26 07:22 661448 ----a-w- c:\windows\system32\msvcp110.dll
2012-07-26 07:22 . 2012-07-26 07:22 354264 ----a-w- c:\windows\system32\vccorlib110.dll
2012-07-26 07:22 . 2012-07-26 07:22 177096 ----a-w- c:\windows\system32\atl110.dll
2012-07-26 07:22 . 2012-07-26 07:22 124360 ----a-w- c:\windows\system32\vcomp110.dll
2012-07-25 19:21 . 2012-07-25 19:21 291680 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-07-18 18:15 . 2012-08-15 03:39 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-17 17:18 . 2012-07-17 17:18 53248 ----a-r- c:\users\TIM\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-07-17 07:14 . 2012-07-17 07:14 253184 ----a-w- c:\windows\system32\LIVESSP.DLL
2012-07-17 06:49 . 2012-07-17 06:49 209648 ----a-w- c:\windows\SysWow64\LIVESSP.DLL
2012-07-17 06:37 . 2012-07-17 06:37 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-04 22:16 . 2012-08-15 03:40 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 03:40 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 03:40 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 03:40 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-06-30 09:15 . 2012-06-30 09:15 31344 ----a-w- c:\windows\system32\drivers\cnnctfy2.sys
2012-06-25 15:40 . 2012-06-25 15:40 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-25 15:40 . 2012-06-25 15:37 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2010-09-21 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[-] 2010-09-21 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\TIM\Desktop\uTorrent.exe" [2012-06-22 1021840]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"SteelSeries Engine"="c:\program files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe" [2012-06-18 232960]
"Connectify"="c:\program files (x86)\Connectify\Connectify.exe" [2012-05-02 4116296]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-16 1353080]
"MicrosoftR WindowsR Operating System"="c:\users\TIM\AppData\Roaming\Microsoft\Windows\Templates\audiadg.exe" [2012-08-16 10752]
"F.lux"="c:\users\TIM\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"GoogleChromeAutoLaunch_F20E5B537938E589B35A4FA309A43EA5"="c:\users\TIM\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-08-30 1229848]
"VistaSwitcher"="c:\program files\VistaSwitcher\vswitch64.exe" [2012-05-12 233088]
"QQDownload"="c:\program files (x86)\Tencent\QQDownload\QQDownload.exe" [2012-09-06 4748704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-30 2596984]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"HostManager"="c:\program files (x86)\Common Files\AOL\1344842821\ee\AOLSoftware.exe" [2010-03-08 41800]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2012-08-09 316840]
"Razer Blackwidow Driver"="c:\program files (x86)\Razer\BlackWidow\BlackwidowTray.exe" [2011-03-08 883088]
"PrivitizeVPN"="c:\program files (x86)\PrivitizeVPN\PrivitizeVPN.exe" [2012-09-10 196784]
.
c:\users\TIM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-7-17 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2012-8-16 522752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ QQPINYIN.IME
.
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files (x86)\VMLaunch\BuddyVM.sys [2004-10-05 15872]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 AsrOcDrv;AsrOcDrv;c:\windows\SysWOW64\Drivers\AsrOcDrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys [2010-09-29 62168]
R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys [2010-09-29 377176]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-15 114144]
R3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\DRIVERS\nvnusbaudio.sys [2011-02-16 50232]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-21 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-10-31 14544]
R4 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe [2012-05-02 65536]
R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-06-24 8704]
R4 IDVistaService;Input Director Vista Service;c:\program files (x86)\Input Director\IDVistaService.exe [2009-02-08 13824]
R4 InputDirector;Input Director Service;c:\program files (x86)\Input Director\IDWinService.exe [2010-02-01 36864]
R4 TeknicaVdmSvcX86v3;Teknica VDM Service;c:\program files (x86)\VDM\System32\VdmSvc32.exe [2010-03-09 163512]
S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys [2012-01-13 31016]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-18 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-30 36944]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-22 48992]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-25 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy2.sys [2012-06-30 31344]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-06-12 2321560]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-13 193288]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 SONNonAdminService;SONNonAdminService;c:\windows\SysWOW64\SONNonAdminService.exe [2009-09-23 311296]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys [2012-05-22 112128]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-04-11 410184]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-04-11 341832]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2012-05-14 10568]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2010-10-15 115200]
S3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys [2012-05-21 34944]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4106350299-505243692-2808353481-1000Core.job
- c:\users\TIM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-16 04:26]
.
2012-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4106350299-505243692-2808353481-1000UA.job
- c:\users\TIM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-16 04:26]
.
2012-09-22 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2011-03-31 01:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 12503184]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-07-24 6900024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=111304&tt=120912_cpc_3712_5&babsrc=HP_ss&mntrId=b29228b8000000000000bc5ff435ce21
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
IE: &使用QQ旋?下? - c:\program files (x86)\Tencent\QQDownload\geturl.htm
IE: &使用QQ旋?下?全部?接 - c:\program files (x86)\Tencent\QQDownload\getAllurl.htm
IE: &使用QQ旋???下? - c:\program files (x86)\Tencent\QQDownload\xfofflinedown.htm
IE: Free YouTube Download - c:\users\TIM\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Sothink Flash Downloader For IE - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\TIM\AppData\Roaming\Mozilla\Firefox\Profiles\1qdbpfiu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=b29228b8000000000000bc5ff435ce21&q=
FF - user.js: extensions.BabylonToolbar.id - b29228b8000000000000bc5ff435ce21
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15597
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1219:11
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111304&tt=120912_cpc_3712_5
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-ASRockOCTuner - (no file)
AddRemove-{A2S166A0-F031-4E27-A057-C69733219434}_is1 - c:\program files (x86)\TERA\unins000.exe
.
.
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoftョ Windowsョ Operating System"="c:\\Users\\TIM\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\audiadg.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4106350299-505243692-2808353481-1000\Software\Microsoft\Internet Explorer\MenuExt\&*O(uQ*Q*ヒeホ・N}従
@="c:\\Program Files (x86)\\Tencent\\QQDownload\\geturl.htm"
"Contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-4106350299-505243692-2808353481-1000\Software\Microsoft\Internet Explorer\MenuExt\&*O(uQ*Q*ヒeホ・N}宿Q關櫨c]
@="c:\\Program Files (x86)\\Tencent\\QQDownload\\getAllurl.htm"
"Contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-4106350299-505243692-2808353481-1000\Software\Microsoft\Internet Explorer\MenuExt\&*O(uQ*Q*ヒeホ仆yソ~ N}従
@="c:\\Program Files (x86)\\Tencent\\QQDownload\\xfofflinedown.htm"
"Contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-4106350299-505243692-2808353481-1000_Classes\BitTorrent\Shell\O(uQ*Q*ヒeホ牢b*_蜍B*T*㌃(*&*Q*)*\Command]
@="\"c:\\Program Files (x86)\\Tencent\\QQDownload\\QQDownload.exe\" /BT=\"%1\""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitTorrent\Shell\O(uQ*Q*ヒeホ牢b*_蜍B*T*㌃(*&*Q*)*\Command]
@="\"c:\\Program Files (x86)\\Tencent\\QQDownload\\QQDownload.exe\" /BT=\"%1\""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10za_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10za_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10za.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10za.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10za.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10za.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Q*Q*・棟eQユl]
"DisplayName"="QQ?音?入法4.5"
"UninstallString"="c:\\Program Files (x86)\\Tencent\\QQPinyin\\4.5.2004.400\\uninst.exe"
"DisplayIcon"="c:\\Program Files (x86)\\Tencent\\QQPinyin\\4.5.2004.400\\QQPinyin.ico"
"DisplayVersion"="4.5"
"Publisher"="??公司"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files (x86)\Common Files\AOL\1344842821\ee\aolupdates.exe
.
**************************************************************************
.
Completion time: 2012-09-23 01:16:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-22 17:16
.
Pre-Run: 20,260,057,088 bytes free
Post-Run: 19,515,736,064 bytes free
.
- - End Of File - - 4E4728214CF6605A63F76C3B3AA8333A

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:42 AM

Posted 26 September 2012 - 09:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please run these tools.

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Please post the logs for my review. Let me know what problems you are having with this computer.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:42 AM

Posted 02 October 2012 - 08:03 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:42 AM

Posted 07 October 2012 - 07:29 AM

Topic reopened. I copied the PM message here...


Hey there, im the guy from http://www.bleepingcomputer.com/forums/topic469504.html
I was wondering if you could help me with my computer. My computer has been running slowly and things are crashing. Normally, it takes about 1 minute to startup, but reently it's been around 3 minutes for things to load. Here is the requested logs.
Security Check:
Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG Internet Security Business Edition 2012
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java™ 7 Update 5
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.2.202.235 Flash Player out of Date!
Adobe Reader X 10.1.3 Adobe Reader out of Date!
Mozilla Firefox (15.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome Plugins...
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````
Adwcleaner:
# AdwCleaner v2.003 - Logfile created 10/07/2012 at 19:46:29
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : TIM - TIM-PC
# Boot Mode : Normal
# Running from : C:\Users\TIM\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
Folder Deleted : C:\Program Files (x86)\Viewpoint
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Users\TIM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\Software\BrowserMngr
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=111304&tt=120912_cpc_3712_5&babsrc=HP_ss&mntrId=b29228b8000000000000bc5ff435ce21 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - BrowserMngr Start Page] = hxxp://search.babylon.com/?affID=111304&tt=120912_cpc_3712_5&babsrc=HP_ss&mntrId=b29228b8000000000000bc5ff435ce21 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=111304&tt=120912_cpc_3712_5&babsrc=NT_ss&mntrId=b29228b8000000000000bc5ff435ce21 --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\TIM\AppData\Roaming\Mozilla\Firefox\Profiles\1qdbpfiu.default\prefs.js

C:\Users\TIM\AppData\Roaming\Mozilla\Firefox\Profiles\1qdbpfiu.default\user.js ... Deleted !

Deleted : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=111304&tt=120912_cpc_3712_[...]
Deleted : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=111304&tt=120912_cpc_3712_5");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", "15");
Deleted : user_pref("extensions.BabylonToolbar.cntry", "HK");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.envrmnt", "production");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "A9297233AA81B8E60A13CCD01BC6D4B9");
Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "b29228b8000000000000bc5ff435ce21");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15597");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.isdcmntcmplt", true);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1219:11:17");
Deleted : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
Deleted : user_pref("extensions.BabylonToolbar.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"26\",\"lastVrsn\":\"26\",\"vrsnLoad\[...]
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.sg", "azb");
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1219:11:17");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111304&tt=120912_cpc_3712_5");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1219:11:17");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://search.babylon.com/?affID=111304&tt=120912_cpc_37[...]

-\\ Google Chrome v22.0.1229.79

File : C:\Users\TIM\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.9] : homepage = "hxxp://search.babylon.com/?affID=111304&tt=120912_cpc_3712_5&babsrc=HP_ss&mntrId=b29228b8000000000000bc5ff435ce21",
Deleted [l.13] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=111304&tt=120912_cpc_3712_5&babsrc=HP_ss&mntrId=b29228b8000000000000bc5ff435ce21" ]
Deleted [l.1577] : homepage = "hxxp://search.babylon.com/?affID=111304&tt=120912_cpc_3712_5&babsrc=HP_ss&mntrId=b29228b8000000000000bc5ff435ce21",
Deleted [l.1862] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=111304&tt=120912_cpc_3712_5&babsrc=HP_ss&mntrId=b29228b8000000000000bc5ff435ce21" ]

*************************

AdwCleaner[S1].txt - [9643 octets] - [07/10/2012 19:46:29]

########## EOF - C:\AdwCleaner[S1].txt - [9703 octets] ##########


Thanks for the help,

nasdaq

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:42 AM

Posted 07 October 2012 - 07:36 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 7 Update 5


===

Critical vulnerabilities have been identified in Adobe Flash Player v11.3.300.264 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)

When installed make sure that these old versions are removed also.

Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.2.202.235 Flash Player out of Date!

===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
    • DDS.pif
    • DDS.COM
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

Let me know if the problem persists.

#6 hybridblues

hybridblues
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 12 October 2012 - 05:05 AM

here is the required files.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by TIM at 18:01:35 on 2012-10-12
Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1033.18.4095.1645 [GMT 8:00]
.
AV: AVG Internet Security Business Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security Business Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security Business Edition 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\SONNonAdminService.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Windows\system32\WUDFHost.exe
C:\Users\TIM\Desktop\uTorrent.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
C:\Program Files (x86)\Connectify\Connectify.exe
C:\Users\TIM\AppData\Roaming\Microsoft\Windows\Templates\audiadg.exe
C:\Users\TIM\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\VistaSwitcher\vswitch64.exe
C:\Program Files (x86)\Tencent\QQDownload\QQDownload.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Users\TIM\AppData\Roaming\Spotify\spotify.exe
C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\AOL\1344842821\ee\aolsoftware.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\Razer\BlackWidow\BlackWidowTray.exe
C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Users\TIM\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\TIM\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.97\deploy\LoLLauncher.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.211\deploy\LolClient.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = local
BHO: QQDownload IE Left Helper: {00000000-12c9-4305-82f9-43058f20e8d2} - C:\Program Files (x86)\Tencent\QQDownload\QQIEHelper01.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [uTorrent] "C:\Users\TIM\Desktop\uTorrent.exe" /MINIMIZED
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [SteelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
uRun: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [MicrosoftR WindowsR Operating System] C:\Users\TIM\AppData\Roaming\Microsoft\Windows\Templates\audiadg.exe
uRun: [F.lux] "C:\Users\TIM\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [GoogleChromeAutoLaunch_F20E5B537938E589B35A4FA309A43EA5] "C:\Users\TIM\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [VistaSwitcher] "C:\Program Files\VistaSwitcher\vswitch64.exe" /startup
uRun: [QQDownload] "C:\Program Files (x86)\Tencent\QQDownload\QQDownload.exe" autostart
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [<NO NAME>] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [Spotify] "C:\Users\TIM\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1344842821\ee\AOLSoftware.exe
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow\BlackwidowTray.exe
mRun: [PrivitizeVPN] C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe /autorun
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\TIM\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK -
StartupFolder: C:\Users\TIM\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 3 (0x3)
IE: &使用QQ旋?下? - C:\Program Files (x86)\Tencent\QQDownload\geturl.htm
IE: &使用QQ旋?下?全部?接 - C:\Program Files (x86)\Tencent\QQDownload\getAllurl.htm
IE: &使用QQ旋???下? - C:\Program Files (x86)\Tencent\QQDownload\xfofflinedown.htm
IE: Free YouTube Download - C:\Users\TIM\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Sothink Flash Downloader For IE - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A4FC5798-5FE9-4D9C-A606-8F4ECF376F29} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C5A51D90-6D4A-4CA6-B0D3-346D2B5B5D4C} : DhcpNameServer = 8.8.8.8
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: QQDownload IE Left Helper: {00000000-12C9-4305-82F9-43058F20E8D2} - C:\Program Files (x86)\Tencent\QQDownload\QQIEHelper01.dll
BHO-X64: QQCycloneHelper - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [HostManager] C:\Program Files (x86)\Common Files\AOL\1344842821\ee\AOLSoftware.exe
mRun-x64: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun-x64: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow\BlackwidowTray.exe
mRun-x64: [PrivitizeVPN] C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe /autorun
mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\TIM\AppData\Roaming\Mozilla\Firefox\Profiles\1qdbpfiu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll
FF - plugin: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.80\Bin\npSSOAxCtrlForPTLogin.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npBFPlugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Tencent\QQDownload\Browser\718\npXFPlugin.dll
FF - plugin: C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll
FF - plugin: C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\TIM\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\TIM\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AsrRamDisk;AsrRamDisk;C:\Windows\system32\DRIVERS\AsrRamDisk.sys --> C:\Windows\system32\DRIVERS\AsrRamDisk.sys [?]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 cnnctfy2;Connectify LightWeight Filter;C:\Windows\system32\DRIVERS\cnnctfy2.sys --> C:\Windows\system32\DRIVERS\cnnctfy2.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-6-13 2321560]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 SONNonAdminService;SONNonAdminService;C:\Windows\SysWOW64\SONNonAdminService.exe [2012-8-6 311296]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 busenum;SteelBusSvc;C:\Windows\system32\DRIVERS\SteelBus64.sys --> C:\Windows\system32\DRIVERS\SteelBus64.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\system32\DRIVERS\ladfGSCamd64.sys --> C:\Windows\system32\DRIVERS\ladfGSCamd64.sys [?]
R3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\system32\DRIVERS\ladfGSRamd64.sys --> C:\Windows\system32\DRIVERS\ladfGSRamd64.sys [?]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2012-5-14 10568]
R3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?]
R3 SAlphamHid;SteelHIDSvc;C:\Windows\system32\DRIVERS\SAlpham64.sys --> C:\Windows\system32\DRIVERS\SAlpham64.sys [?]
S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;C:\Program Files (x86)\VMLaunch\BuddyVM.sys [2004-10-5 15872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 LADF_DHP2;G35 DHP2 Filter Driver;C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys --> C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys [?]
S3 LADF_SBVM;G35 SBVM Filter Driver;C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys --> C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-19 114144]
S3 NvnUsbAudio;Novation USB Audio Driver;C:\Windows\system32\DRIVERS\nvnusbaudio.sys --> C:\Windows\system32\DRIVERS\nvnusbaudio.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 SWDUMon;SWDUMon;C:\Windows\system32\DRIVERS\SWDUMon.sys --> C:\Windows\system32\DRIVERS\SWDUMon.sys [?]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-7-29 14544]
S4 Connectify;Connectify;C:\Program Files (x86)\Connectify\ConnectifyService.exe [2012-5-3 65536]
S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-7-1 8704]
S4 IDVistaService;Input Director Vista Service;C:\Program Files (x86)\Input Director\IDVistaService.exe [2009-2-8 13824]
S4 InputDirector;Input Director Service;C:\Program Files (x86)\Input Director\IDWinService.exe [2010-2-1 36864]
S4 TeknicaVdmSvcX86v3;Teknica VDM Service;C:\Program Files (x86)\VDM\System32\VdmSvc32.exe [2010-3-9 163512]
.
=============== Created Last 30 ================
.
2012-10-12 10:00:55 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-10 16:10:52 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-10 16:10:52 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 16:10:51 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-10 16:10:51 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 16:10:51 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-10 16:10:51 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-07 08:12:35 -------- d-----w- C:\Program Files\Gravity
2012-10-07 06:45:14 -------- d-----w- C:\Users\TIM\AppData\Local\Spotify
2012-10-07 06:44:07 -------- d-----w- C:\Users\TIM\AppData\Roaming\Spotify
2012-10-07 06:41:13 -------- d-----w- C:\Program Files (x86)\TunnelBear
2012-10-06 15:55:37 -------- d-----w- C:\Users\TIM\AppData\Local\Samsung
2012-10-06 15:55:34 -------- d-----w- C:\Users\TIM\AppData\Roaming\Samsung
2012-10-06 15:26:58 708168 ----a-w- C:\Windows\System32\WinUSBCoInstaller.dll
2012-10-06 15:26:58 203104 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2012-10-06 15:26:58 102368 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2012-10-06 15:25:33 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2012-10-06 15:25:13 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll
2012-10-06 15:25:13 -------- d-----w- C:\Program Files (x86)\MarkAny
2012-10-06 15:24:32 -------- d-----w- C:\Program Files (x86)\Samsung
2012-10-06 15:03:02 -------- d-----w- C:\Program Files\SAMSUNG
2012-10-06 15:02:30 -------- d-----w- C:\ProgramData\Samsung
2012-10-02 10:03:17 -------- d-----w- C:\Users\TIM\AppData\Roaming\TeamViewer
2012-09-30 06:55:17 86016 ----a-w- C:\Windows\unvise32.exe
2012-09-30 03:56:20 -------- d-----w- C:\Program Files (x86)\Audacity
2012-09-28 14:41:08 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-22 17:10:38 -------- d-----w- C:\$RECYCLE.BIN
2012-09-22 11:09:32 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-09-22 11:09:32 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-09-22 11:09:32 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-09-16 10:02:49 5174176 ----a-w- C:\Windows\System32\QQPinyin.ime
2012-09-16 09:47:56 98816 ----a-w- C:\Windows\sed.exe
2012-09-16 09:47:56 518144 ----a-w- C:\Windows\SWREG.exe
2012-09-16 09:47:56 256000 ----a-w- C:\Windows\PEV.exe
2012-09-16 09:47:56 208896 ----a-w- C:\Windows\MBR.exe
2012-09-16 09:01:51 -------- d-----w- C:\Program Files\フレムカモホマキ
2012-09-16 06:17:36 -------- d-----w- C:\QQDownload
2012-09-16 06:11:11 -------- d-----w- C:\Users\TIM\AppData\Local\Tencent
2012-09-16 06:09:36 -------- d-----w- C:\Program Files (x86)\Common Files\Tencent
2012-09-16 06:09:35 -------- d-----w- C:\Users\TIM\AppData\Local\CrashDumps
2012-09-16 06:09:23 -------- d-----w- C:\Program Files (x86)\Tencent
2012-09-16 06:09:12 -------- d-----w- C:\ProgramData\Tencent
2012-09-16 06:09:09 18760 ----a-w- C:\Windows\SysWow64\QQVistaHelper.dll
2012-09-16 06:09:09 -------- d-----w- C:\Users\TIM\AppData\Roaming\Tencent
2012-09-16 05:00:01 -------- d-----w- C:\Users\TIM\AppData\Roaming\TechSmith
2012-09-16 04:37:59 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared
2012-09-16 04:15:17 -------- d-----w- C:\Users\TIM\AppData\Roaming\Apowersoft
2012-09-16 04:15:13 -------- d-----w- C:\Program Files\Apowersoft
2012-09-16 04:14:12 -------- d-----w- C:\Users\TIM\AppData\Roaming\mIRC
2012-09-16 04:14:12 -------- d-----w- C:\Program Files (x86)\mIRC
2012-09-15 11:13:48 -------- d-----w- C:\Program Files (x86)\PrivitizeVPN
2012-09-15 11:04:35 -------- d-----w- C:\Users\TIM\AppData\Local\Last.fm
2012-09-15 11:04:30 -------- d-----w- C:\Program Files (x86)\Last.fm
2012-09-15 09:26:59 -------- d-----w- C:\Program Files (x86)\FTL
2012-09-15 02:27:47 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-14 11:13:31 -------- d-----w- C:\Users\TIM\AppData\Roaming\runic games
2012-09-14 11:07:45 -------- d-----w- C:\Program Files (x86)\Runic Games
2012-09-14 09:35:42 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-14 09:35:42 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-14 09:35:39 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-14 09:35:39 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-14 09:35:34 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-14 09:35:34 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-14 09:35:34 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2012-10-12 10:00:49 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-10-12 10:00:49 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-10-12 09:57:53 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-12 09:57:53 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-12 09:50:00 15672 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-08 16:33:08 361096 ----a-w- C:\Windows\SysWow64\Lead3DEngine.dll
2012-09-08 16:33:08 361096 ----a-w- C:\Windows\System32\Lead3DEngine.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 07:58:36 405152 ----a-w- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-08-24 07:43:16 384352 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-15 10:15:06 10920 ----a-w- C:\aolconnfix.exe
2012-08-14 06:54:30 71680 ----a-w- C:\Windows\System32\frapsv64.dll
2012-08-14 06:54:28 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll
2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-07-27 18:54:00 321472 ----a-w- C:\Windows\WLXPGSS.SCR
2012-07-26 11:08:06 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll
2012-07-26 11:08:06 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll
2012-07-26 11:08:06 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll
2012-07-26 11:08:06 153536 ----a-w- C:\Windows\SysWow64\atl110.dll
2012-07-26 11:08:06 115656 ----a-w- C:\Windows\SysWow64\vcomp110.dll
2012-07-26 07:22:10 828872 ----a-w- C:\Windows\System32\msvcr110.dll
2012-07-26 07:22:10 661448 ----a-w- C:\Windows\System32\msvcp110.dll
2012-07-26 07:22:10 354264 ----a-w- C:\Windows\System32\vccorlib110.dll
2012-07-26 07:22:10 177096 ----a-w- C:\Windows\System32\atl110.dll
2012-07-26 07:22:10 124360 ----a-w- C:\Windows\System32\vcomp110.dll
2012-07-25 19:21:28 291680 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-17 07:14:44 253184 ----a-w- C:\Windows\System32\LIVESSP.DLL
2012-07-17 06:49:00 209648 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
.
============= FINISH: 18:03:39.84 ===============

the next one:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 21/9/2010 16:05:37
System Uptime: 12/10/2012 17:48:37 (1 hours ago)
.
Motherboard: ASRock | | G41C-VS
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | CPUSocket | 2394/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 3.91 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
H: is CDROM ()
I: is CDROM ()
J: is CDROM ()
K: is CDROM ()
L: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP99: 6/10/2012 23:23:32 - Installed Samsung Kies
RP100: 7/10/2012 14:42:11 - Device Driver Package Install: TAP-Win32 Provider V9 Network adapters
RP101: 11/10/2012 2:09:38 - Windows Update
RP102: 12/10/2012 17:59:41 - Installed Java 7 Update 7
.
==== Installed Programs ======================
.
??QQ2012
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
Any Weblock 1.1.0
AOL Uninstaller (Choose which Products to Remove)
ARMA 2 REINFORCEMENTS Uninstall
ArnA 2: Combined Operations
ASIO4ALL
ASRock OC Tuner v2.2.97
Audacity 2.0.2
BattlEye for OA Uninstall
Bazooka Cafe
Call of Duty: Black Ops
CameraHelperMsi
Camtasia Studio 8
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cheat Engine 6.2
Collab
Counter-Strike Online ォネ、蘯ン
D3DX10
Darksiders II
Delete Virtual-Mate Launcher
Driver Sweeper version 3.2.0
erLT
Eternal-WoW! Launcher
F.lux
Fallout 3
ffdshow [rev 3154] [2009-12-09]
FFsplit
FL Studio 10
FL Studio 8
Fraps (remove only)
Free YouTube Download version 3.1.34.825
FTL version 1.01
Game Booster 3
Garena 英雄聯盟(台灣)
Geeks3D.com FurMark 1.10.1
Google Chrome
Groovedown version 0.84
Hi-Rez Studios Authenticate and Update Service
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HyperCam 3
I Am Alive
IL Download Manager
ImTOO MP4 to MP3 Converter 6
Input Director v1.2.2
Java 7 Update 7
Java Auto Updater
JavaFX 2.1.1
Last.fm 1.5.4.27091
League of Legends
Live 8.2.2
Livestream Procaster
Logitech Webcam Software
LOLReplay
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
MagicDisc 2.7.106
MapleStory
Microsoft Games for Windows - LIVE Redistributable
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Movie Maker
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSI Afterburner 2.2.1
MSVCRT
MSVCRT110
NETVIGATOR Connection Manager
Nexon Game Manager
NVIDIA PhysX
osu!
Pando Media Booster
Pandora Radio - Desktop App V2.1
Photo Common
Photo Gallery
Platform
PoiZone
Power Packet Utility
PrivitizeVPN
QQ?音?入法4.5
QQ旋?3.9 ?典版
Razer BlackWidow
Razer Synapse 2.0
Realtek High Definition Audio Driver
RPGツクール2000 ランタイムパッケージ
Samsung Kies
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Sexy Beach 3 - Complete English Edition (remove only)
Six Updater
Skype? 5.10
SlimDrivers
Smite Closed Beta
Sothink SWF Decompiler
SplitView 2012
Spotify
Steam
Steinberg Cubase 5
Steinberg Drum Loop Expansion 01
Steinberg Groove Agent ONE Content
Steinberg HALionOne
Steinberg HALionOne Additional Content Set 01
Steinberg HALionOne Expression Set
Steinberg HALionOne GM Drum Set
Steinberg HALionOne GM Set
Steinberg HALionOne Pro Set
Steinberg HALionOne Studio Drum Set
Steinberg HALionOne Studio Set
Steinberg LoopMash Content
Steinberg REVerence Content 01
Swiff Player 1.7.2
swMSM
TERA
The Amazing Spider-Man
Torchlight
Toxic Biohazard
TunnelBear 1.0.32
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Virtual Display Manager (remove only)
VistaSwitcher
Visual Studio 2008 x64 Redistributables
Winamp
Winamp Detector Plug-in
Windows Essentials Media Codec Pack 4.0 [64-Bit]
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinPcap 4.1.2
WinRAR 4.20 (32-bit)
XSplit
μTorrent
.
==== Event Viewer Messages From Past Week ========
.
12/10/2012 17:54:45, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
12/10/2012 17:49:24, Error: Service Control Manager [7000] - The BuddyVM service failed to start due to the following error: This driver has been blocked from loading
12/10/2012 17:49:24, Error: Application Popup [1060] - \??\C:\Program Files (x86)\VMLaunch\BuddyVM.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
11/10/2012 22:26:38, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user TIM-PC\Guest SID (S-1-5-21-4106350299-505243692-2808353481-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:42 AM

Posted 12 October 2012 - 08:35 AM

This program PrivitizeVPN installed the Babylon Toolbar which is considered AdWare. It was remove by the adwCleaner. Decide if you with to remove or not the program using the Add/Remove programs list.
mRun: [PrivitizeVPN] C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe /autorun

Let me know of any remaining issues with this computer.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:42 AM

Posted 18 October 2012 - 08:39 AM

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

Delete the other tools we used.

Surf Safely, and Think Prevention!
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users