Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Eveytime i boot up my computer I get an error (unable to access jarfile igfxperf) after a trojan


  • This topic is locked This topic is locked
10 replies to this topic

#1 weepoorjimmy

weepoorjimmy

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 05 December 2012 - 03:58 PM

Hi,
I recently found a trojan on my laptop and removed it using malwarebytes! I am satisfied with the removal but now there is a new problem!
Every time I boot up my laptop it gives a
'Java Virtual Machine Launcher'
Error: Unable to access jarfile
/C:/Users/MyName/AppData/Local/Temp/igfxperf7836756306949195738.jar

I have tried to find this file but it isn't there and I don't know what to do.
If there is anything to fix this or if i posted this in the wrong place please tell me thanks

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:33 AM

Posted 06 December 2012 - 09:50 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
    • DDS.pif
    • DDS.COM
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Search for AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Please post the logs for my review.

#3 weepoorjimmy

weepoorjimmy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 06 December 2012 - 11:48 AM

here are the 3 logs!
DDS Log:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by weepoorjimmy at 16:38:44 on 2012-12-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16266.12959 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
c:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\sysWow64\CtHdaSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\AlienRespawn\sftservice.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Skype\Updater\Updater.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\weepoorjimmy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\weepoorjimmy\AppData\Roaming\Spotify\spotify.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files (x86)\AlienRespawn\TOASTER.EXE
C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\CTJckCfg.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\sdclt.exe
C:\Windows\System32\wsqmcons.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.alienwarearena.com/welcome-uk
uDefault_Page_URL = hxxp://www.alienwarearena.com/welcome-uk
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [AdobeBridge] <no file>
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Sound Blaster Recon3Di Control Panel] "c:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe" /r
mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUALCO~1.LNK - C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: %SYSTEMROOT%\system32\BfLLR.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{80A67C0B-4DE7-4362-A57E-6EE9F985D5B5} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{80A67C0B-4DE7-4362-A57E-6EE9F985D5B5}\244584F6D65684572623D2E4253493 : DHCPNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= c:\windows\syswow64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 16752]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-9-27 16152]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-10-8 30056]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-9-27 22128]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 BfLwf;Bigfoot Networks Bandwidth Control;C:\Windows\System32\drivers\bflwfx64.sys [2012-2-24 75880]
R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2012-10-8 284008]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2012-2-9 14664]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-2-13 106144]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 CtHdaSvc;Sound Core3D Service;C:\Windows\SysWOW64\CtHdaSvc.exe [2012-9-27 122880]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-9-27 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-11 627936]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-9-27 161560]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-4 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-4 676936]
R2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2012-2-24 492032]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-9-24 1328736]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2012-9-27 1695040]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-27 363800]
R3 Ak27x64;Killer Wireless-N 1102 device driver;C:\Windows\System32\drivers\Ak27x64.sys [2012-2-24 3571816]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-2-13 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-2-13 339616]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-2-13 110752]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-2-13 30368]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-2-13 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-2-13 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-2-13 280992]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-2-13 550560]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-9-27 176000]
R3 cthda;Sound Core3D(CtHda.sys);C:\Windows\System32\drivers\CtHda.sys [2012-9-27 1052760]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-9-27 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-9-27 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-9-27 787736]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-9-27 108656]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-4 25928]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2011-12-16 17976]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-9-27 340584]
R3 ST_ACCEL;STMicroelectronics Accelerometer Service;C:\Windows\System32\drivers\ST_ACCEL.sys [2012-9-27 67184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-9-24 656480]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-9-27 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-9-27 79360]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2012-9-27 398656]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-9 19456]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-9 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-9 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-6 1255736]
.
=============== Created Last 30 ================
.
2012-12-05 20:08:15 -------- d-----w- C:\Users\weepoorjimmy\AppData\Local\Secunia PSI
2012-12-05 20:06:55 -------- d-----w- C:\Program Files (x86)\Secunia
2012-12-04 20:57:09 -------- d-----w- C:\Users\weepoorjimmy\AppData\Roaming\Malwarebytes
2012-12-04 20:57:07 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-04 20:57:07 -------- d-----w- C:\ProgramData\Malwarebytes
2012-12-04 20:57:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-03 21:05:54 -------- d-----w- C:\Users\weepoorjimmy\AppData\Local\Darksiders
2012-12-03 21:04:36 -------- d-----w- C:\Windows\msdownld.tmp
2012-12-03 21:04:30 -------- d-----w- C:\Windows\SysWow64\directx
2012-12-03 21:04:25 -------- d-----w- C:\Program Files (x86)\THQ
2012-12-01 12:56:52 -------- d-----w- C:\Users\weepoorjimmy\AppData\Roaming\logs
2012-12-01 12:56:52 -------- d-----w- C:\Users\weepoorjimmy\AppData\Roaming\.techniclauncher
2012-11-28 18:46:59 28168 ----a-w- C:\Windows\System32\X3DAudio1_4.dll
2012-11-25 20:32:11 -------- d-----w- C:\Users\weepoorjimmy\AppData\Local\Spotify
2012-11-25 20:31:17 -------- d-----w- C:\Users\weepoorjimmy\AppData\Roaming\Spotify
2012-11-25 14:59:39 -------- d-----w- C:\Users\weepoorjimmy\AppData\Local\SCE
2012-11-25 14:59:39 -------- d-----w- C:\Crash
2012-11-25 14:59:38 -------- d-----w- C:\Users\weepoorjimmy\AppData\Local\Sony Online Entertainment
2012-11-20 17:47:04 -------- d-----w- C:\Ace of Spades
2012-11-19 19:40:39 -------- d-----w- C:\Users\weepoorjimmy\AppData\Roaming\LOVE
2012-11-18 20:52:27 -------- d-----w- C:\ProgramData\Creative Labs
2012-11-18 20:15:30 -------- d-----w- C:\Users\weepoorjimmy\AppData\Roaming\digipen
2012-11-18 20:15:30 -------- d-----w- C:\Users\weepoorjimmy\AppData\Local\digipen
2012-11-18 20:12:00 -------- d-----w- C:\Program Files (x86)\Digipen
2012-11-18 17:50:38 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-11-18 17:50:13 -------- d-----w- C:\Users\weepoorjimmy\AppData\Local\PunkBuster
2012-11-18 17:43:26 -------- d-----w- C:\Windows\SysWow64\Adobe
2012-11-18 16:31:18 -------- d-----w- C:\Users\weepoorjimmy\AppData\Local\Apple Computer
2012-11-18 16:30:52 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-11-18 16:30:43 -------- d-----w- C:\Program Files\iPod
2012-11-18 16:30:42 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-18 16:30:42 -------- d-----w- C:\Program Files\iTunes
2012-11-18 16:30:42 -------- d-----w- C:\Program Files (x86)\iTunes
2012-11-18 16:27:48 -------- d-----w- C:\Users\weepoorjimmy\AppData\Local\Apple
2012-11-18 16:27:30 -------- d-----w- C:\Program Files\Bonjour
2012-11-18 16:27:30 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-11-17 19:24:17 -------- d-----w- C:\Users\weepoorjimmy\AppData\Local\DDMSettings
2012-11-17 19:23:24 -------- d-----w- C:\Program Files\DivX
2012-11-17 19:23:18 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2012-11-17 19:22:46 -------- d-----w- C:\Program Files (x86)\DivX
2012-11-17 19:22:12 -------- d-----w- C:\ProgramData\DivX
2012-11-17 19:10:42 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2012-11-17 13:04:47 3850760 ----a-w- C:\Windows\SysWow64\D3DX9_38.dll
2012-11-17 13:04:09 -------- d-----w- C:\Users\weepoorjimmy\AppData\Local\Square Enix
2012-11-14 17:05:11 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-14 17:05:11 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-14 17:05:11 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-14 17:05:11 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-14 16:59:11 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-14 16:59:11 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-14 16:59:10 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-14 16:59:10 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-14 16:59:09 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-14 16:59:09 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-14 16:59:09 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-13 20:29:04 354216 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2012-11-13 16:12:09 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-11-13 16:12:09 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-11-13 16:12:08 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-11-13 15:16:10 -------- d-----w- C:\Program Files (x86)\EA Games
2012-11-13 12:47:02 -------- d-----w- C:\Users\weepoorjimmy\AppData\Local\Microsoft Games
2012-11-13 12:29:49 -------- d-----w- C:\Users\weepoorjimmy\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-11-13 10:56:03 -------- d-----w- C:\Program Files (x86)\Audacity
2012-11-10 22:22:25 -------- d-----w- C:\ProgramData\Premium
2012-11-10 22:22:14 -------- d-----w- C:\Program Files (x86)\WxDownload
2012-11-10 22:22:10 -------- d-----w- C:\ProgramData\wxDownload
2012-11-10 22:21:40 -------- d-----w- C:\ProgramData\InstallMate
2012-11-09 21:50:15 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-11-09 21:50:15 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-11-09 21:50:15 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-09 21:50:15 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-11-09 21:50:15 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-09 21:50:15 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-11-09 21:50:14 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-11-09 21:50:14 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-11-09 21:50:14 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2012-11-09 21:50:08 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-11-09 21:50:08 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-11-09 20:04:03 -------- d-----w- C:\Users\weepoorjimmy\AppData\Roaming\Reallusion
2012-11-08 21:34:45 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2012-11-08 20:58:10 -------- d-----w- C:\Users\weepoorjimmy\AppData\Roaming\Dell
2012-11-08 20:58:06 -------- d-----w- C:\ProgramData\PC-Doctor for Windows
2012-11-08 20:58:05 -------- d-----w- C:\ProgramData\PCDr
2012-11-08 20:57:51 -------- d-----w- C:\Program Files\AlienAutopsy
2012-11-08 20:55:45 -------- d-----w- C:\Users\weepoorjimmy\AppData\Roaming\PCDr
2012-11-08 20:54:18 -------- d-----w- C:\Users\weepoorjimmy\Adobe Photoshop CS6
2012-11-08 20:53:16 -------- d-----w- C:\Users\weepoorjimmy\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-11-08 20:53:14 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant
2012-11-08 20:36:26 -------- d-----w- C:\Users\weepoorjimmy\AppData\Roaming\AVG2013
2012-11-08 20:35:44 -------- d-----w- C:\Users\weepoorjimmy\AppData\Roaming\TuneUp Software
2012-11-08 20:35:06 -------- d-----w- C:\ProgramData\AVG2013
2012-11-08 20:35:06 -------- d-----w- C:\$AVG
2012-11-08 20:34:28 -------- d-----w- C:\Program Files (x86)\AVG
2012-11-08 20:31:28 -------- d-----w- C:\Users\weepoorjimmy\AppData\Local\Sony
2012-11-08 20:31:28 -------- d-----w- C:\Program Files\Sony
2012-11-08 20:31:28 -------- d-----w- C:\Program Files (x86)\Sony
2012-11-08 20:27:34 -------- d-----w- C:\Users\weepoorjimmy\AppData\Local\MFAData
2012-11-08 20:27:34 -------- d-----w- C:\Users\weepoorjimmy\AppData\Local\Avg2013
2012-11-08 20:27:34 -------- d-----w- C:\ProgramData\MFAData
2012-11-08 20:27:34 -------- d-----w- C:\ProgramData\Common Files
2012-11-07 18:24:10 9575864 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-11-06 22:05:51 -------- d-----w- C:\Windows\SysWow64\Wat
2012-11-06 22:05:51 -------- d-----w- C:\Windows\System32\Wat
2012-11-06 21:23:40 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2012-11-06 21:17:19 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-11-06 21:17:19 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-11-06 21:17:19 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-11-06 21:17:19 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-11-06 21:17:19 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-11-06 19:00:57 -------- d-----r- C:\Program Files (x86)\Skype
2012-11-06 18:50:07 -------- d-----w- C:\Fraps
2012-11-06 17:56:01 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
2012-11-06 17:56:01 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2012-11-06 17:56:01 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2012-11-06 17:56:01 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2012-11-06 17:56:01 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll
2012-11-06 17:56:01 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2012-11-06 17:56:01 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2012-11-06 17:44:59 6144 ---ha-w- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-11-06 17:41:17 -------- d-----w- C:\Users\weepoorjimmy\AppData\Local\Adobe
2012-11-06 17:38:01 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-11-06 17:38:01 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-11-06 17:36:21 -------- d-----w- C:\Users\weepoorjimmy\AppData\Roaming\NVIDIA
2012-11-06 17:27:51 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2012-11-06 17:27:45 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-11-06 17:27:44 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-11-06 17:27:44 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-11-06 17:27:44 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-11-06 17:27:44 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-11-06 17:27:40 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-11-06 17:27:40 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-11-06 17:27:40 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-11-06 17:27:40 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-11-06 17:27:40 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-11-06 17:27:39 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-11-06 17:17:44 -------- d-----w- C:\ProgramData\Citrix
2012-11-06 17:17:15 -------- d-----w- C:\Program Files (x86)\Citrix
2012-11-06 17:17:10 -------- d-----w- C:\Users\weepoorjimmy\AppData\Local\Citrix
.
==================== Find3M ====================
.
2012-11-18 13:16:42 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-18 13:16:42 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-05 16:35:30 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-11-05 16:35:28 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-11-05 16:35:28 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-11-05 16:30:44 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-05 16:30:40 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-11-05 16:30:40 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-10-22 13:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-15 03:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-05 03:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-10-02 19:51:15 3536817 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-10-02 19:51:11 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-10-02 19:51:04 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
2012-10-02 19:50:57 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-10-02 19:50:57 866664 ----a-w- C:\Windows\System32\nv3dappshext.dll
2012-10-02 19:50:57 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-10-02 19:50:57 55144 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2012-10-02 19:50:57 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-10-02 19:50:57 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-10-02 13:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-10-02 03:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-09-27 06:40:59 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-09-27 06:34:58 91648 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe
2012-09-27 05:06:31 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-09-27 05:06:31 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-09-27 05:06:31 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-09-27 05:06:31 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-21 03:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-09-21 03:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-14 03:05:18 40800 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
.
============= FINISH: 16:39:31.18 ===============

Security Check Log:
Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (3.0.0.4001)
Malwarebytes Anti-Malware version 1.65.1.1000
Java 7 Update 9
Adobe Flash Player 11.5.502.110
Google Chrome 22.0.1229.96
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 10%
````````````````````End of Log``````````````````````


AdwCleaner Log:
# AdwCleaner v2.011 - Logfile created 12/06/2012 at 16:43:44
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : weepoorjimmy - ALIENWARE-M14X
# Boot Mode : Normal
# Running from : C:\Users\weepoorjimmy\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Premium
Folder Found : C:\Users\weepoorjimmy\AppData\LocalLow\boost_interprocess

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Users\weepoorjimmy\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [876 octets] - [06/12/2012 16:43:44]

########## EOF - C:\AdwCleaner[R1].txt - [935 octets] ##########

Thanks!

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:33 AM

Posted 06 December 2012 - 01:46 PM

Remove the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Everything that was found will be deleted.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number)..

Restart the computer normally. If the problem persists please continue.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============

#5 weepoorjimmy

weepoorjimmy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 06 December 2012 - 02:42 PM

Ok, I have managed to get rid of the error message on every boot up by disabling automatically loading the file on bootup. I went through with your steps just to make sure no other problems exist so yeh...

Adwcleaner:
# AdwCleaner v2.011 - Logfile created 12/06/2012 at 19:25:39
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : weepoorjimmy - ALIENWARE-M14X
# Boot Mode : Normal
# Running from : C:\Users\weepoorjimmy\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Users\weepoorjimmy\AppData\LocalLow\boost_interprocess

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Users\weepoorjimmy\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1003 octets] - [06/12/2012 16:43:44]
AdwCleaner[S1].txt - [942 octets] - [06/12/2012 19:25:39]

########## EOF - C:\AdwCleaner[S1].txt - [1001 octets] ##########

ComboFix:
ComboFix 12-12-04.01 - weepoorjimmy 06/12/2012 19:32:30.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16266.13291 [GMT 0:00]
Running from: c:\users\weepoorjimmy\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\Java\jre7\bin\ssv.dll
c:\programdata\PCDr\6032\AddOnDownloaded\06004c97-c212-44da-81de-706b46554efe.dll
c:\programdata\PCDr\6032\AddOnDownloaded\0d85b53c-d766-4bf0-8940-17b534910268.dll
c:\programdata\PCDr\6032\AddOnDownloaded\16837627-a839-41c5-a88f-3a0335128383.dll
c:\programdata\PCDr\6032\AddOnDownloaded\26575f75-ab02-490e-b50b-c5abd7d473fb.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3972fea3-214c-4935-a7d1-96bf66115683.dll
c:\programdata\PCDr\6032\AddOnDownloaded\493f295d-1a46-46f6-926c-63b474cedab4.dll
c:\programdata\PCDr\6032\AddOnDownloaded\59bb1a7b-2122-4c71-82b0-30bee96f063e.dll
c:\programdata\PCDr\6032\AddOnDownloaded\7873d595-5f4a-443e-b464-7a2503a87d74.dll
c:\programdata\PCDr\6032\AddOnDownloaded\8c199aef-9eca-4ab6-863d-c9136ebec654.dll
c:\programdata\PCDr\6032\AddOnDownloaded\8d357f17-07ad-4392-ba06-fb67564c98cd.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ae67b364-b69e-471e-b177-2459120b84d4.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b2ed8d53-41ce-48e6-b4ac-8b8e5e1a4fdf.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b9ce760f-6209-48f2-a4a3-695324591c45.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll
c:\programdata\PCDr\6032\AddOnDownloaded\daf30858-49d8-434b-b4b1-068b5dc9267c.dll
c:\programdata\PCDr\6032\AddOnDownloaded\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll
c:\users\weepoorjimmy\AppData\Roaming\Love
c:\users\weepoorjimmy\AppData\Roaming\Love\mari0\options.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-11-06 to 2012-12-06 )))))))))))))))))))))))))))))))
.
.
2012-12-06 19:38 . 2012-12-06 19:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-06 19:38 . 2012-12-06 19:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-05 20:08 . 2012-12-05 20:08 -------- d-----w- c:\users\weepoorjimmy\AppData\Local\Secunia PSI
2012-12-05 20:06 . 2012-12-05 20:06 -------- d-----w- c:\program files (x86)\Secunia
2012-12-04 20:57 . 2012-12-04 20:57 -------- d-----w- c:\users\weepoorjimmy\AppData\Roaming\Malwarebytes
2012-12-04 20:57 . 2012-12-04 20:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-04 20:57 . 2012-12-04 20:57 -------- d-----w- c:\programdata\Malwarebytes
2012-12-04 20:57 . 2012-09-29 19:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-03 21:05 . 2012-12-03 21:15 -------- d-----w- c:\users\weepoorjimmy\AppData\Local\Darksiders
2012-12-03 21:04 . 2012-12-03 21:04 -------- d-----w- c:\windows\msdownld.tmp
2012-12-03 21:04 . 2012-12-03 21:04 -------- d-----w- c:\program files (x86)\THQ
2012-12-01 12:56 . 2012-12-04 21:46 -------- d-----w- c:\users\weepoorjimmy\AppData\Roaming\.techniclauncher
2012-12-01 12:56 . 2012-12-04 21:46 -------- d-----w- c:\users\weepoorjimmy\AppData\Roaming\logs
2012-11-28 18:46 . 2008-05-30 14:18 238088 ----a-w- c:\windows\SysWow64\xactengine3_1.dll
2012-11-25 20:32 . 2012-12-06 19:28 -------- d-----w- c:\users\weepoorjimmy\AppData\Local\Spotify
2012-11-25 20:31 . 2012-12-06 19:28 -------- d-----w- c:\users\weepoorjimmy\AppData\Roaming\Spotify
2012-11-25 14:59 . 2012-11-25 14:59 -------- d-----w- c:\users\weepoorjimmy\AppData\Local\SCE
2012-11-25 14:59 . 2012-11-25 14:59 -------- d-----w- C:\Crash
2012-11-25 14:59 . 2012-11-25 14:59 -------- d-----w- c:\users\weepoorjimmy\AppData\Local\Sony Online Entertainment
2012-11-20 18:32 . 2012-11-20 18:33 -------- d-----w- c:\users\weepoorjimmy\AppData\Roaming\Notepad++
2012-11-20 18:32 . 2012-11-20 18:32 -------- d-----w- c:\program files (x86)\Notepad++
2012-11-18 20:52 . 2012-11-18 21:12 -------- d-----w- c:\programdata\TrackMania
2012-11-18 20:52 . 2012-11-18 20:52 -------- d-----w- c:\programdata\Creative Labs
2012-11-18 20:15 . 2012-11-18 20:15 -------- d-----w- c:\users\weepoorjimmy\AppData\Roaming\digipen
2012-11-18 20:15 . 2012-11-18 20:15 -------- d-----w- c:\users\weepoorjimmy\AppData\Local\digipen
2012-11-18 17:50 . 2012-11-18 17:58 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-11-18 17:50 . 2012-11-18 17:50 -------- d-----w- c:\users\weepoorjimmy\AppData\Local\PunkBuster
2012-11-18 17:43 . 2012-11-18 17:43 -------- d-----w- c:\windows\SysWow64\Adobe
2012-11-18 16:31 . 2012-11-18 16:58 -------- d-----w- c:\users\weepoorjimmy\AppData\Roaming\Apple Computer
2012-11-18 16:31 . 2012-11-18 16:31 -------- d-----w- c:\users\weepoorjimmy\AppData\Local\Apple Computer
2012-11-18 16:30 . 2012-08-21 13:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-11-18 16:30 . 2012-11-18 16:30 -------- d-----w- c:\program files\iPod
2012-11-18 16:30 . 2012-11-18 16:30 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-18 16:30 . 2012-11-18 16:30 -------- d-----w- c:\program files\iTunes
2012-11-18 16:30 . 2012-11-18 16:30 -------- d-----w- c:\program files (x86)\iTunes
2012-11-18 16:30 . 2012-11-18 16:30 -------- d-----w- c:\programdata\Apple Computer
2012-11-18 16:27 . 2012-11-18 16:27 -------- d-----w- c:\users\weepoorjimmy\AppData\Local\Apple
2012-11-18 16:27 . 2012-11-18 16:27 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-11-18 16:27 . 2012-11-18 16:27 -------- d-----w- c:\program files\Common Files\Apple
2012-11-18 16:27 . 2012-11-18 16:27 -------- d-----w- c:\program files\Bonjour
2012-11-18 16:27 . 2012-11-18 16:27 -------- d-----w- c:\program files (x86)\Bonjour
2012-11-18 16:27 . 2012-11-18 16:30 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-11-18 16:27 . 2012-11-18 16:27 -------- d-----w- c:\programdata\Apple
2012-11-17 19:24 . 2012-11-17 19:24 -------- d-----w- c:\users\weepoorjimmy\AppData\Local\DDMSettings
2012-11-17 19:23 . 2012-11-17 19:23 -------- d-----w- c:\program files\DivX
2012-11-17 19:23 . 2012-11-17 19:23 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2012-11-17 19:22 . 2012-11-17 19:23 -------- d-----w- c:\program files (x86)\DivX
2012-11-17 19:22 . 2012-11-17 19:23 -------- d-----w- c:\programdata\DivX
2012-11-17 19:10 . 2012-11-17 19:10 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2012-11-17 19:10 . 2012-11-17 19:10 -------- d-----w- c:\users\weepoorjimmy\AppData\Roaming\SystemRequirementsLab
2012-11-17 13:04 . 2008-05-30 14:11 3850760 ----a-w- c:\windows\SysWow64\D3DX9_38.dll
2012-11-17 13:04 . 2012-11-17 13:04 -------- d-----w- c:\users\weepoorjimmy\AppData\Local\Square Enix
2012-11-14 17:05 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 17:05 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 17:05 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-14 17:05 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-14 16:59 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 16:59 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 16:59 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-14 16:59 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-14 16:59 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-14 16:59 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-14 16:59 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2012-11-13 16:12 . 2012-11-18 17:50 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-11-13 16:12 . 2012-11-18 17:42 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-11-13 15:16 . 2012-11-18 17:10 -------- d-----w- c:\program files (x86)\EA Games
2012-11-13 12:47 . 2012-11-13 12:47 -------- d-----w- c:\users\weepoorjimmy\AppData\Local\Microsoft Games
2012-11-13 12:29 . 2012-11-13 12:29 -------- d-----w- c:\users\weepoorjimmy\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-11-13 10:56 . 2012-12-02 21:26 -------- d-----w- c:\users\weepoorjimmy\AppData\Roaming\Audacity
2012-11-13 10:56 . 2012-11-13 10:56 -------- d-----w- c:\program files (x86)\Audacity
2012-11-10 22:22 . 2012-11-10 22:23 -------- d-----w- c:\program files (x86)\WxDownload
2012-11-10 22:22 . 2012-11-10 22:23 -------- d-----w- c:\programdata\wxDownload
2012-11-09 21:50 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-11-09 21:50 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-11-09 21:50 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-11-09 21:50 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-09 21:50 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-11-09 21:50 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-11-09 21:50 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-11-09 21:50 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-11-09 21:50 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-11-09 21:50 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-11-09 21:50 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-11-09 20:04 . 2012-11-09 20:04 -------- d-----w- c:\users\weepoorjimmy\AppData\Roaming\Reallusion
2012-11-08 21:34 . 2012-11-08 21:34 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-11-08 21:34 . 2012-11-08 21:34 -------- d-----w- c:\program files\Adobe
2012-11-08 21:32 . 2012-11-08 21:34 -------- d-----w- c:\program files\Common Files\Adobe
2012-11-08 20:58 . 2012-11-08 20:58 -------- d-----w- c:\users\weepoorjimmy\AppData\Roaming\Dell
2012-11-08 20:58 . 2012-11-08 20:58 -------- d-----w- c:\programdata\PC-Doctor for Windows
2012-11-08 20:58 . 2012-12-06 17:00 -------- d-----w- c:\programdata\PCDr
2012-11-08 20:57 . 2012-12-06 17:00 -------- d-----w- c:\program files\AlienAutopsy
2012-11-08 20:55 . 2012-11-08 20:55 -------- d-----w- c:\users\weepoorjimmy\AppData\Roaming\PCDr
2012-11-08 20:54 . 2012-11-08 21:30 -------- d-----w- c:\users\weepoorjimmy\Adobe Photoshop CS6
2012-11-08 20:53 . 2012-11-08 20:53 -------- d-----w- c:\users\weepoorjimmy\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-11-08 20:53 . 2012-11-08 20:53 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
2012-11-08 20:53 . 2012-11-08 20:53 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-11-08 20:40 . 2012-11-08 20:40 -------- d-----w- c:\users\weepoorjimmy\AppData\Roaming\Publish Providers
2012-11-08 20:36 . 2012-11-08 20:36 -------- d-----w- c:\users\weepoorjimmy\AppData\Roaming\AVG2013
2012-11-08 20:35 . 2012-11-08 20:35 -------- d-----w- c:\users\weepoorjimmy\AppData\Roaming\TuneUp Software
2012-11-08 20:35 . 2012-11-08 20:35 -------- d-----w- c:\programdata\AVG2013
2012-11-08 20:35 . 2012-11-08 20:35 -------- d-----w- C:\$AVG
2012-11-08 20:34 . 2012-11-08 20:34 -------- d-----w- c:\program files (x86)\AVG
2012-11-08 20:31 . 2012-11-08 20:40 -------- d-----w- c:\users\weepoorjimmy\AppData\Local\Sony
2012-11-08 20:31 . 2012-11-08 20:31 -------- d-----w- c:\programdata\Sony
2012-11-08 20:31 . 2012-11-08 20:31 -------- d-----w- c:\program files\Sony
2012-11-08 20:31 . 2012-11-08 20:31 -------- d-----w- c:\program files (x86)\Sony
2012-11-08 20:31 . 2012-11-13 10:57 -------- d-----w- c:\users\weepoorjimmy\AppData\Roaming\Sony
2012-11-08 20:27 . 2012-12-06 18:11 -------- d-----w- c:\programdata\MFAData
2012-11-08 20:27 . 2012-11-19 19:05 -------- d-----w- c:\users\weepoorjimmy\AppData\Local\Avg2013
2012-11-08 20:27 . 2012-11-08 20:27 -------- d-----w- c:\users\weepoorjimmy\AppData\Local\MFAData
2012-11-08 20:27 . 2012-11-08 20:27 -------- d-----w- c:\programdata\Common Files
2012-11-07 18:24 . 2012-11-07 18:24 9575864 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-11-06 22:05 . 2012-11-06 22:05 -------- d-----w- c:\windows\SysWow64\Wat
2012-11-06 22:05 . 2012-11-06 22:05 -------- d-----w- c:\windows\system32\Wat
2012-11-06 21:23 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-11-06 21:17 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-11-06 21:17 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-11-06 21:17 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-11-06 21:17 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-11-06 21:17 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-18 13:16 . 2012-09-27 04:54 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-18 13:16 . 2012-09-27 04:54 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-05 16:35 . 2012-11-05 16:35 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-11-05 16:35 . 2012-11-05 16:35 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-05 16:35 . 2012-11-05 16:35 289768 ----a-w- c:\windows\system32\javaws.exe
2012-11-05 16:35 . 2012-11-05 16:35 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-05 16:35 . 2012-11-05 16:35 189416 ----a-w- c:\windows\system32\javaw.exe
2012-11-05 16:35 . 2012-11-05 16:35 188904 ----a-w- c:\windows\system32\java.exe
2012-11-05 16:30 . 2012-11-05 16:30 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-05 16:30 . 2012-11-05 16:30 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-05 16:30 . 2012-11-05 16:30 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-22 13:02 . 2012-10-22 13:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-16 08:38 . 2012-11-28 16:18 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 16:18 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 16:18 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 03:48 . 2012-10-15 03:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-10-10 02:22 . 2012-10-10 02:22 80384 ----a-w- c:\windows\system32\igdde64.dll
2012-10-10 02:22 . 2012-10-10 02:22 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-10-10 02:22 . 2012-10-10 02:22 21818368 ----a-w- c:\windows\SysWow64\igdfcl32.dll
2012-10-10 02:22 . 2012-10-10 02:22 216064 ----a-w- c:\windows\system32\iglhcp64.dll
2012-10-10 02:22 . 2012-10-10 02:22 180224 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-10-10 02:22 . 2012-10-10 02:22 5903392 ----a-w- c:\windows\system32\GfxUI.exe
2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-10-10 02:22 . 2012-10-10 02:22 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-10-10 02:22 . 2012-10-10 02:22 3776512 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-10-10 02:22 . 2012-10-10 02:22 27438080 ----a-w- c:\windows\system32\igdfcl64.dll
2012-10-10 02:22 . 2012-10-10 02:22 64512 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-10-10 02:22 . 2012-10-10 02:22 501760 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-10-10 02:22 . 2012-10-10 02:22 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-10-10 02:22 . 2012-10-10 02:22 431104 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-10-10 02:22 . 2012-10-10 02:22 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2012-10-10 02:22 . 2012-10-10 02:22 27664896 ----a-w- c:\windows\system32\igdrcl64.dll
2012-10-10 02:22 . 2012-09-27 06:35 12836864 ----a-w- c:\windows\system32\igd10umd64.dll
2012-10-10 02:22 . 2012-09-27 06:35 110592 ----a-w- c:\windows\system32\hccutils.dll
2012-10-10 02:22 . 2012-10-10 02:22 598780 ----a-w- c:\windows\system32\igvpkrng700.bin
2012-10-10 02:22 . 2012-10-10 02:22 330240 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-10-10 02:22 . 2012-10-10 02:22 12604416 ----a-w- c:\windows\system32\igdumd64.dll
2012-10-10 02:22 . 2012-10-10 02:22 56832 ----a-w- c:\windows\system32\Intel_OpenCL_ICD64.dll
2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-10-10 02:22 . 2012-10-10 02:22 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-10-10 02:22 . 2012-10-10 02:22 3582976 ----a-w- c:\windows\system32\igdbcl64.dll
2012-10-10 02:22 . 2012-10-10 02:22 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-10-10 02:22 . 2012-09-27 06:35 56832 ----a-w- c:\windows\system32\OpenCL.dll
2012-10-10 02:22 . 2012-10-10 02:22 5343584 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-10-10 02:22 . 2012-10-10 02:22 448512 ----a-w- c:\windows\SysWow64\igfx11cmrt32.dll
2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-10-10 02:22 . 2012-10-10 02:22 399392 ----a-w- c:\windows\system32\hkcmd.exe
2012-10-10 02:22 . 2012-10-10 02:22 241664 ----a-w- c:\windows\system32\IntelOpenCL64.dll
2012-10-10 02:22 . 2012-10-10 02:22 195584 ----a-w- c:\windows\SysWow64\IntelOpenCL32.dll
2012-10-10 02:22 . 2012-10-10 02:22 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-10-10 02:22 . 2012-10-10 02:22 116224 ----a-w- c:\windows\system32\igfxCoIn_v2867.dll
2012-10-10 02:22 . 2012-09-27 06:35 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-10-10 02:22 . 2012-09-27 06:35 9007616 ----a-w- c:\windows\system32\igfxress.dll
2012-10-10 02:22 . 2012-09-27 06:35 441856 ----a-w- c:\windows\system32\igfxdev.dll
2012-10-10 02:22 . 2012-10-10 02:22 604160 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-10-10 02:22 . 2012-10-10 02:22 4571136 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-10-10 02:22 . 2012-10-10 02:22 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-10-10 02:22 . 2012-10-10 02:22 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-10-10 02:22 . 2012-10-10 02:22 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-10-10 02:22 . 2012-10-10 02:22 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-10-10 02:22 . 2012-10-10 02:22 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-10-10 02:22 . 2012-10-10 02:22 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-10-10 02:22 . 2012-10-10 02:22 2899968 ----a-w- c:\windows\SysWow64\igdbcl32.dll
2012-10-10 02:22 . 2012-10-10 02:22 277024 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-10-10 02:22 . 2012-10-10 02:22 185376 ----a-w- c:\windows\system32\difx64.exe
2012-10-10 02:22 . 2012-10-10 02:22 173568 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-10-10 02:22 . 2012-10-10 02:22 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-10-10 02:22 . 2012-10-10 02:22 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-10-10 02:22 . 2012-10-10 02:22 171040 ----a-w- c:\windows\system32\igfxtray.exe
2012-10-10 02:22 . 2012-10-10 02:22 11158528 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-10-10 02:22 . 2012-10-10 02:22 56320 ----a-w- c:\windows\SysWow64\Intel_OpenCL_ICD32.dll
2012-10-10 02:22 . 2012-10-10 02:22 509984 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-10-10 02:22 . 2012-10-10 02:22 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-10-10 02:22 . 2012-10-10 02:22 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-10-10 02:22 . 2012-10-10 02:22 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-10-10 02:22 . 2012-10-10 02:22 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-10-10 02:22 . 2012-10-10 02:22 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-10-10 02:22 . 2012-10-10 02:22 27643904 ----a-w- c:\windows\SysWow64\igdrcl32.dll
2012-10-10 02:22 . 2012-10-10 02:22 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-10-10 02:22 . 2012-09-27 06:35 56320 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-10-10 02:22 . 2012-10-10 02:22 8579584 ----a-w- c:\windows\SysWow64\ig7icd32.dll
2012-10-10 02:22 . 2012-10-10 02:22 482304 ----a-w- c:\windows\system32\igfx11cmrt64.dll
2012-10-10 02:22 . 2012-10-10 02:22 11595776 ----a-w- c:\windows\system32\ig7icd64.dll
2012-10-10 02:22 . 2012-09-27 06:35 386048 ----a-w- c:\windows\system32\igfxpph.dll
2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-10-10 02:22 . 2012-10-10 02:22 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2012-10-10 02:22 . 2012-10-10 02:22 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-10-10 02:22 . 2012-10-10 02:22 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-10-10 02:22 . 2012-10-10 02:22 252448 ----a-w- c:\windows\system32\igfxext.exe
2012-10-10 02:22 . 2012-09-27 06:35 11040256 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-10-10 02:22 . 2012-10-10 02:22 9728 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-10-10 02:22 . 2012-10-10 02:22 755048 ----a-w- c:\windows\system32\igcodeckrng700.bin
2012-10-10 02:22 . 2012-10-10 02:22 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-10-10 02:22 . 2012-10-10 02:22 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-10-08 11:42 . 2012-10-08 11:42 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-10-08 11:42 . 2012-10-08 11:42 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-08 11:42 . 2012-10-08 11:42 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
"GoogleChromeAutoLaunch_55AC3A8C3FD034998D3AE64E7D3A24BA"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2012-11-28 1242728]
"Spotify Web Helper"="c:\users\weepoorjimmy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-25 1199576]
"Spotify"="c:\users\weepoorjimmy\AppData\Roaming\Spotify\spotify.exe" [2012-11-25 7880664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Sound Blaster Recon3Di Control Panel"="c:\program files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe" [2011-12-22 880640]
"AlienwareOn-ScreenDisplay"="c:\program files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe" [2011-11-03 1546096]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-17 291608]
"Integrated Webcam Live! Central"="c:\program files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" [2012-03-06 577024]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-06 3143800]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-01 1263512]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Qualcomm Atheros Killer Network Manager.lnk - c:\program files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe [2012-2-24 549888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-06 5814392]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-09-27 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-09-27 79360]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [2012-03-04 398656]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-06 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-27 16152]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-08 30056]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2011-07-16 22128]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 BfLwf;Bigfoot Networks Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys [2012-02-24 75880]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-10-08 284008]
S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2012-02-09 14664]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2012-02-13 106144]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 CtHdaSvc;Sound Core3D Service;c:\windows\sysWow64\CtHdaSvc.exe [2012-03-28 122880]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-01-11 627936]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-02-01 161560]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;c:\program files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2012-02-24 492032]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2012-02-16 1695040]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-02-01 363800]
S3 Ak27x64;Killer Wireless-N 1102 device driver;c:\windows\system32\DRIVERS\Ak27x64.sys [2012-02-24 3571816]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-02-13 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-02-13 339616]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-02-13 110752]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2012-02-13 30368]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2012-02-13 167584]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2012-02-13 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2012-02-13 280992]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2012-02-13 550560]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-06-16 176000]
S3 cthda;Sound Core3D(CtHda.sys);c:\windows\system32\drivers\cthda.sys [2012-03-28 1052760]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-27 356120]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-27 787736]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-09-19 108656]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-01-31 340584]
S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_ACCEL.sys [2012-01-03 67184]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-27 13:16]
.
2012-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-05 16:25]
.
2012-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-05 16:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-02-13 1020064]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-02-13 800416]
"Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2012-02-09 12616]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.alienwarearena.com/welcome-uk
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: %SYSTEMROOT%\system32\BfLLR.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-06 19:40:08
ComboFix-quarantined-files.txt 2012-12-06 19:40
.
Pre-Run: 334,357,770,240 bytes free
Post-Run: 334,839,242,752 bytes free
.
- - End Of File - - 1C9E5B6C5E88FCD03497F4894C06FF9E

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:33 AM

Posted 07 December 2012 - 08:59 AM

Your logs are clean.

Every time I boot up my laptop it gives a
'Java Virtual Machine Launcher'
Error: Unable to access jarfile
/C:/Users/MyName/AppData/Local/Temp/igfxperf7836756306949195738.jar


I have managed to get rid of the error message on every boot up by disabling automatically loading the file on bootup.

The file .jar is no longer in your Temp folder.
However it there must be a renmant item in the registry that triggers this.

Lets check it out.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :regfind
    igfxperf7836756306949195738.jar

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:33 AM

Posted 13 December 2012 - 09:43 AM

Are you still with me?

#8 weepoorjimmy

weepoorjimmy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 13 December 2012 - 11:34 AM

Hi, sorry I have been busy recently and forgot to reply.
here is the log I got...
SystemLook 30.07.11 by jpshortstuff
Log created at 16:33 on 13/12/2012 by weepoorjimmy
Administrator - Elevation successful

========== regfind ==========

Searching for "igfxperf7836756306949195738.jar"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled]
"igfxperf"="C:\Program Files\Java\jre7\bin\javaw.exe -jar "/C:/Users/weepoorjimmy/AppData/Local/Temp/igfxperf7836756306949195738.jar""
[HKEY_USERS\S-1-5-21-2648994698-3718374554-2988899938-1001\Software\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled]
"igfxperf"="C:\Program Files\Java\jre7\bin\javaw.exe -jar "/C:/Users/weepoorjimmy/AppData/Local/Temp/igfxperf7836756306949195738.jar""

-= EOF =-

Thanks

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:33 AM

Posted 13 December 2012 - 02:11 PM

Open notepad and copy/paste the text in the quote box below into it:

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled]
"igfxperf"=-
[HKEY_USERS\S-1-5-21-2648994698-3718374554-2988899938-1001\Software\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled]
"igfxperf"=-

ClearJavaCache::


Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log and let me know what problem persists.

#10 weepoorjimmy

weepoorjimmy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 13 December 2012 - 03:11 PM

Here are the logs,
ComboFix 12-12-13.02 - weepoorjimmy 13/12/2012 20:04:16.4.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16266.12719 [GMT 0:00]
Running from: c:\users\weepoorjimmy\Downloads\ComboFix.exe
Command switches used :: c:\users\weepoorjimmy\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-13 to 2012-12-13 )))))))))))))))))))))))))))))))
.
.
2012-12-13 20:08 . 2012-12-13 20:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-13 20:08 . 2012-12-13 20:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-13 18:44 . 2012-12-13 18:49 -------- d-----w- c:\program files (x86)\Replay Music 5
2012-12-13 16:31 . 2012-12-13 16:58 -------- d-----w- c:\users\weepoorjimmy\AppData\Roaming\ftblauncher
2012-12-12 18:23 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 18:20 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 18:20 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-09 21:07 . 2012-12-10 17:22 -------- d-----w- c:\users\weepoorjimmy\AppData\Roaming\TS3Client
2012-12-09 20:36 . 2012-12-09 20:36 -------- d-----w- c:\program files (x86)\TeamSpeak 3 Client
2012-12-09 17:25 . 2012-12-09 17:25 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2012-12-09 15:57 . 2012-12-12 20:33 -------- d-----w- c:\users\weepoorjimmy\AppData\Roaming\FileZilla
2012-12-09 15:57 . 2012-12-09 15:57 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2012-12-07 20:32 . 2012-12-07 20:32 -------- d-----w- c:\users\weepoorjimmy\AppData\Local\Razer
2012-12-07 20:32 . 2012-12-07 20:32 -------- d-----w- c:\programdata\Razer
2012-12-07 20:32 . 2012-12-07 20:32 -------- d-----w- c:\program files (x86)\Razer
2012-12-05 20:08 . 2012-12-05 20:08 -------- d-----w- c:\users\weepoorjimmy\AppData\Local\Secunia PSI
2012-12-05 20:06 . 2012-12-05 20:06 -------- d-----w- c:\program files (x86)\Secunia
2012-12-04 20:57 . 2012-12-04 20:57 -------- d-----w- c:\users\weepoorjimmy\AppData\Roaming\Malwarebytes
2012-12-04 20:57 . 2012-12-04 20:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-04 20:57 . 2012-12-04 20:57 -------- d-----w- c:\programdata\Malwarebytes
2012-12-04 20:57 . 2012-09-29 19:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-03 21:05 . 2012-12-03 21:15 -------- d-----w- c:\users\weepoorjimmy\AppData\Local\Darksiders
2012-12-03 21:04 . 2012-12-03 21:04 -------- d-----w- c:\windows\msdownld.tmp
2012-12-03 21:04 . 2012-12-03 21:04 -------- d-----w- c:\program files (x86)\THQ
2012-12-01 12:56 . 2012-12-12 20:32 -------- d-----w- c:\users\weepoorjimmy\AppData\Roaming\.techniclauncher
2012-12-01 12:56 . 2012-12-12 20:32 -------- d-----w- c:\users\weepoorjimmy\AppData\Roaming\logs
2012-11-28 18:46 . 2008-05-30 14:18 238088 ----a-w- c:\windows\SysWow64\xactengine3_1.dll
2012-11-25 20:32 . 2012-12-13 18:20 -------- d-----w- c:\users\weepoorjimmy\AppData\Local\Spotify
2012-11-25 20:31 . 2012-12-13 19:23 -------- d-----w- c:\users\weepoorjimmy\AppData\Roaming\Spotify
2012-11-25 14:59 . 2012-11-25 14:59 -------- d-----w- c:\users\weepoorjimmy\AppData\Local\SCE
2012-11-25 14:59 . 2012-11-25 14:59 -------- d-----w- C:\Crash
2012-11-25 14:59 . 2012-11-25 14:59 -------- d-----w- c:\users\weepoorjimmy\AppData\Local\Sony Online Entertainment
2012-11-20 18:32 . 2012-11-20 18:33 -------- d-----w- c:\users\weepoorjimmy\AppData\Roaming\Notepad++
2012-11-20 18:32 . 2012-11-20 18:32 -------- d-----w- c:\program files (x86)\Notepad++
2012-11-18 20:52 . 2012-11-18 21:12 -------- d-----w- c:\programdata\TrackMania
2012-11-18 20:52 . 2012-11-18 20:52 -------- d-----w- c:\programdata\Creative Labs
2012-11-18 20:15 . 2012-11-18 20:15 -------- d-----w- c:\users\weepoorjimmy\AppData\Roaming\digipen
2012-11-18 20:15 . 2012-11-18 20:15 -------- d-----w- c:\users\weepoorjimmy\AppData\Local\digipen
2012-11-18 17:50 . 2012-11-18 17:58 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-11-18 17:50 . 2012-11-18 17:50 -------- d-----w- c:\users\weepoorjimmy\AppData\Local\PunkBuster
2012-11-18 17:43 . 2012-11-18 17:43 -------- d-----w- c:\windows\SysWow64\Adobe
2012-11-18 16:31 . 2012-11-18 16:58 -------- d-----w- c:\users\weepoorjimmy\AppData\Roaming\Apple Computer
2012-11-18 16:31 . 2012-11-18 16:31 -------- d-----w- c:\users\weepoorjimmy\AppData\Local\Apple Computer
2012-11-18 16:30 . 2012-08-21 13:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-11-18 16:30 . 2012-11-18 16:30 -------- d-----w- c:\program files\iPod
2012-11-18 16:30 . 2012-11-18 16:30 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-18 16:30 . 2012-11-18 16:30 -------- d-----w- c:\program files\iTunes
2012-11-18 16:30 . 2012-11-18 16:30 -------- d-----w- c:\program files (x86)\iTunes
2012-11-18 16:30 . 2012-11-18 16:30 -------- d-----w- c:\programdata\Apple Computer
2012-11-18 16:27 . 2012-11-18 16:27 -------- d-----w- c:\users\weepoorjimmy\AppData\Local\Apple
2012-11-18 16:27 . 2012-11-18 16:27 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-11-18 16:27 . 2012-11-18 16:27 -------- d-----w- c:\program files\Common Files\Apple
2012-11-18 16:27 . 2012-11-18 16:27 -------- d-----w- c:\program files\Bonjour
2012-11-18 16:27 . 2012-11-18 16:27 -------- d-----w- c:\program files (x86)\Bonjour
2012-11-18 16:27 . 2012-11-18 16:30 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-11-18 16:27 . 2012-11-18 16:27 -------- d-----w- c:\programdata\Apple
2012-11-17 19:24 . 2012-11-17 19:24 -------- d-----w- c:\users\weepoorjimmy\AppData\Local\DDMSettings
2012-11-17 19:23 . 2012-11-17 19:23 -------- d-----w- c:\program files\DivX
2012-11-17 19:23 . 2012-11-17 19:23 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2012-11-17 19:22 . 2012-11-17 19:23 -------- d-----w- c:\program files (x86)\DivX
2012-11-17 19:22 . 2012-11-17 19:23 -------- d-----w- c:\programdata\DivX
2012-11-17 19:10 . 2012-11-17 19:10 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2012-11-17 19:10 . 2012-11-17 19:10 -------- d-----w- c:\users\weepoorjimmy\AppData\Roaming\SystemRequirementsLab
2012-11-17 13:04 . 2008-05-30 14:11 3850760 ----a-w- c:\windows\SysWow64\D3DX9_38.dll
2012-11-17 13:04 . 2012-11-17 13:04 -------- d-----w- c:\users\weepoorjimmy\AppData\Local\Square Enix
2012-11-14 17:05 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 17:05 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 17:05 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-14 17:05 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-14 16:59 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 16:59 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 16:59 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-14 16:59 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-14 16:59 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-14 16:59 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-14 16:59 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 21:16 . 2012-11-09 21:52 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 19:24 . 2012-09-27 04:54 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 19:24 . 2012-09-27 04:54 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 19:24 . 2012-11-07 18:24 16363960 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-11-18 17:50 . 2012-11-13 16:12 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-11-18 17:42 . 2012-11-13 16:12 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-11-05 16:35 . 2012-11-05 16:35 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-11-05 16:35 . 2012-11-05 16:35 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-05 16:35 . 2012-11-05 16:35 289768 ----a-w- c:\windows\system32\javaws.exe
2012-11-05 16:35 . 2012-11-05 16:35 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-05 16:35 . 2012-11-05 16:35 189416 ----a-w- c:\windows\system32\javaw.exe
2012-11-05 16:35 . 2012-11-05 16:35 188904 ----a-w- c:\windows\system32\java.exe
2012-11-05 16:30 . 2012-11-05 16:30 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-05 16:30 . 2012-11-05 16:30 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-05 16:30 . 2012-11-05 16:30 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-22 13:02 . 2012-10-22 13:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-16 08:38 . 2012-11-28 16:18 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 16:18 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 16:18 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 03:48 . 2012-10-15 03:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-10-10 02:22 . 2012-10-10 02:22 80384 ----a-w- c:\windows\system32\igdde64.dll
2012-10-10 02:22 . 2012-10-10 02:22 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-10-10 02:22 . 2012-10-10 02:22 21818368 ----a-w- c:\windows\SysWow64\igdfcl32.dll
2012-10-10 02:22 . 2012-10-10 02:22 216064 ----a-w- c:\windows\system32\iglhcp64.dll
2012-10-10 02:22 . 2012-10-10 02:22 180224 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-10-10 02:22 . 2012-10-10 02:22 5903392 ----a-w- c:\windows\system32\GfxUI.exe
2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-10-10 02:22 . 2012-10-10 02:22 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-10-10 02:22 . 2012-10-10 02:22 3776512 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-10-10 02:22 . 2012-10-10 02:22 27438080 ----a-w- c:\windows\system32\igdfcl64.dll
2012-10-10 02:22 . 2012-10-10 02:22 64512 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-10-10 02:22 . 2012-10-10 02:22 501760 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-10-10 02:22 . 2012-10-10 02:22 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-10-10 02:22 . 2012-10-10 02:22 431104 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-10-10 02:22 . 2012-10-10 02:22 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2012-10-10 02:22 . 2012-10-10 02:22 27664896 ----a-w- c:\windows\system32\igdrcl64.dll
2012-10-10 02:22 . 2012-09-27 06:35 12836864 ----a-w- c:\windows\system32\igd10umd64.dll
2012-10-10 02:22 . 2012-09-27 06:35 110592 ----a-w- c:\windows\system32\hccutils.dll
2012-10-10 02:22 . 2012-10-10 02:22 598780 ----a-w- c:\windows\system32\igvpkrng700.bin
2012-10-10 02:22 . 2012-10-10 02:22 330240 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-10-10 02:22 . 2012-10-10 02:22 12604416 ----a-w- c:\windows\system32\igdumd64.dll
2012-10-10 02:22 . 2012-10-10 02:22 56832 ----a-w- c:\windows\system32\Intel_OpenCL_ICD64.dll
2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-10-10 02:22 . 2012-10-10 02:22 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-10-10 02:22 . 2012-10-10 02:22 3582976 ----a-w- c:\windows\system32\igdbcl64.dll
2012-10-10 02:22 . 2012-10-10 02:22 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-10-10 02:22 . 2012-09-27 06:35 56832 ----a-w- c:\windows\system32\OpenCL.dll
2012-10-10 02:22 . 2012-10-10 02:22 5343584 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-10-10 02:22 . 2012-10-10 02:22 448512 ----a-w- c:\windows\SysWow64\igfx11cmrt32.dll
2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-10-10 02:22 . 2012-10-10 02:22 399392 ----a-w- c:\windows\system32\hkcmd.exe
2012-10-10 02:22 . 2012-10-10 02:22 241664 ----a-w- c:\windows\system32\IntelOpenCL64.dll
2012-10-10 02:22 . 2012-10-10 02:22 195584 ----a-w- c:\windows\SysWow64\IntelOpenCL32.dll
2012-10-10 02:22 . 2012-10-10 02:22 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-10-10 02:22 . 2012-10-10 02:22 116224 ----a-w- c:\windows\system32\igfxCoIn_v2867.dll
2012-10-10 02:22 . 2012-09-27 06:35 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-10-10 02:22 . 2012-09-27 06:35 9007616 ----a-w- c:\windows\system32\igfxress.dll
2012-10-10 02:22 . 2012-09-27 06:35 441856 ----a-w- c:\windows\system32\igfxdev.dll
2012-10-10 02:22 . 2012-10-10 02:22 604160 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-10-10 02:22 . 2012-10-10 02:22 4571136 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-10-10 02:22 . 2012-10-10 02:22 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-10-10 02:22 . 2012-10-10 02:22 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-10-10 02:22 . 2012-10-10 02:22 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-10-10 02:22 . 2012-10-10 02:22 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-10-10 02:22 . 2012-10-10 02:22 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-10-10 02:22 . 2012-10-10 02:22 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-10-10 02:22 . 2012-10-10 02:22 2899968 ----a-w- c:\windows\SysWow64\igdbcl32.dll
2012-10-10 02:22 . 2012-10-10 02:22 277024 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-10-10 02:22 . 2012-10-10 02:22 185376 ----a-w- c:\windows\system32\difx64.exe
2012-10-10 02:22 . 2012-10-10 02:22 173568 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-10-10 02:22 . 2012-10-10 02:22 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-10-10 02:22 . 2012-10-10 02:22 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-10-10 02:22 . 2012-10-10 02:22 171040 ----a-w- c:\windows\system32\igfxtray.exe
2012-10-10 02:22 . 2012-10-10 02:22 11158528 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-10-10 02:22 . 2012-10-10 02:22 56320 ----a-w- c:\windows\SysWow64\Intel_OpenCL_ICD32.dll
2012-10-10 02:22 . 2012-10-10 02:22 509984 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-10-10 02:22 . 2012-10-10 02:22 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-10-10 02:22 . 2012-10-10 02:22 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-10-10 02:22 . 2012-10-10 02:22 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-10-10 02:22 . 2012-10-10 02:22 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-10-10 02:22 . 2012-10-10 02:22 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-10-10 02:22 . 2012-10-10 02:22 27643904 ----a-w- c:\windows\SysWow64\igdrcl32.dll
2012-10-10 02:22 . 2012-10-10 02:22 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-10-10 02:22 . 2012-09-27 06:35 56320 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-10-10 02:22 . 2012-10-10 02:22 8579584 ----a-w- c:\windows\SysWow64\ig7icd32.dll
2012-10-10 02:22 . 2012-10-10 02:22 482304 ----a-w- c:\windows\system32\igfx11cmrt64.dll
2012-10-10 02:22 . 2012-10-10 02:22 11595776 ----a-w- c:\windows\system32\ig7icd64.dll
2012-10-10 02:22 . 2012-09-27 06:35 386048 ----a-w- c:\windows\system32\igfxpph.dll
2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-10-10 02:22 . 2012-10-10 02:22 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2012-10-10 02:22 . 2012-10-10 02:22 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-10-10 02:22 . 2012-10-10 02:22 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-10-10 02:22 . 2012-10-10 02:22 252448 ----a-w- c:\windows\system32\igfxext.exe
2012-10-10 02:22 . 2012-09-27 06:35 11040256 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-10-10 02:22 . 2012-10-10 02:22 9728 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-10-10 02:22 . 2012-10-10 02:22 755048 ----a-w- c:\windows\system32\igcodeckrng700.bin
2012-10-10 02:22 . 2012-10-10 02:22 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
"GoogleChromeAutoLaunch_55AC3A8C3FD034998D3AE64E7D3A24BA"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2012-11-28 1242728]
"Spotify Web Helper"="c:\users\weepoorjimmy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-25 1199576]
"Spotify"="c:\users\weepoorjimmy\AppData\Roaming\Spotify\spotify.exe" [2012-11-25 7880664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Sound Blaster Recon3Di Control Panel"="c:\program files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe" [2011-12-22 880640]
"AlienwareOn-ScreenDisplay"="c:\program files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe" [2011-11-03 1546096]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-17 291608]
"Integrated Webcam Live! Central"="c:\program files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" [2012-03-06 577024]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-06 3143800]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-01 1263512]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Qualcomm Atheros Killer Network Manager.lnk - c:\program files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe [2012-2-24 549888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-06 5814392]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-09-27 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-09-27 79360]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [2012-03-04 398656]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-06 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-11-13 14544]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-27 16152]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-08 30056]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2011-07-16 22128]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 BfLwf;Bigfoot Networks Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys [2012-02-24 75880]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-10-08 284008]
S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2012-02-09 14664]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2012-02-13 106144]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 CtHdaSvc;Sound Core3D Service;c:\windows\sysWow64\CtHdaSvc.exe [2012-03-28 122880]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-01-11 627936]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-02-01 161560]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;c:\program files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2012-02-24 492032]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2012-02-16 1695040]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-02-01 363800]
S3 Ak27x64;Killer Wireless-N 1102 device driver;c:\windows\system32\DRIVERS\Ak27x64.sys [2012-02-24 3571816]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-02-13 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-02-13 339616]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-02-13 110752]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2012-02-13 30368]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2012-02-13 167584]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2012-02-13 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2012-02-13 280992]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2012-02-13 550560]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-06-16 176000]
S3 cthda;Sound Core3D(CtHda.sys);c:\windows\system32\drivers\cthda.sys [2012-03-28 1052760]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-27 356120]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-27 787736]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-09-19 108656]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-01-31 340584]
S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_ACCEL.sys [2012-01-03 67184]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PCDSRVC{0FF99CEB-15C9CE9E-06020200}_0
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-27 19:24]
.
2012-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-05 16:25]
.
2012-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-05 16:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-02-13 1020064]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-02-13 800416]
"Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2012-02-09 12616]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.alienwarearena.com/welcome-uk
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: %SYSTEMROOT%\system32\BfLLR.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-13 20:10:27
ComboFix-quarantined-files.txt 2012-12-13 20:10
ComboFix2.txt 2012-12-06 19:40
.
Pre-Run: 318,682,615,808 bytes free
Post-Run: 318,389,014,528 bytes free
.
- - End Of File - - 792B366F37CFD6215A31E18FE6AC5312

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:33 AM

Posted 14 December 2012 - 08:49 AM

Any remaining problems?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users