Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Privitize VPN


  • This topic is locked This topic is locked
31 replies to this topic

#1 gotz

gotz

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 07 December 2012 - 05:36 AM

Hello,

I need help removing Privitize VPN that was downloaded onto my computer. I uninstalled the program using its Uninstaller, but there seems to be remnants in my internet browsers so I am not entirely convinced that is gone.

I deleted the search engine from both firefox and google chrome, however, when I use the URL bar to search for things rather than the search bar itself, I can see at the bottom it goes through a privitize search engine before it redirects me to google.

Thanks in advanced for the help!

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 1.6.0_37
Run by Matrix at 0:32:11 on 2012-12-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8160.5852 [GMT -10:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe
C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
C:\Program Files (x86)\Logitech\G930\G930.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\NVIDIA Corporation\Display\NvTray.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.privitize.com/?aff=7
mStart Page = hxxp://search.privitize.com/?aff=7
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: DWABrowserHlprObj Class: {2709D830-B643-4e72-9A1E-701CFFFCF30C} -
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [AdobeBridge] <no file>
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [Logitech G930] C:\Program Files (x86)\Logitech\G930\G930.exe
StartupFolder: C:\Users\Matrix\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech\G930\eReg.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: %SystemRoot%\system32\WTFastDrv.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxp://imua.moanalua.k12.hi.us/dwa7W.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{D791BFFE-BF89-4A20-AABC-235661F375E1} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SecurityProviders: SecurityProviders = credssp.dll, UstaptaWfisx.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" -f "C:\ProgramData\NVIDIA\Updatus\NvTmru\nvtmru.dat"
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Matrix\AppData\Roaming\Mozilla\Firefox\Profiles\vhdmkp65.default\
FF - prefs.js: browser.search.selectedEngine - Privitize VPN
FF - prefs.js: browser.startup.homepage - hxxp://search.privitize.com/?aff=7
FF - prefs.js: keyword.URL - hxxp://search.privitize.com/?aff=7&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-10-16 16:28; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-12-07 00:35; 50c1c67ee9577@50c1c67ee95ae.com; C:\Users\Matrix\AppData\Roaming\Mozilla\Firefox\Profiles\vhdmkp65.default\extensions\50c1c67ee9577@50c1c67ee95ae.com
FF - ExtSQL: !HIDDEN! 2011-12-25 22:57; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-4-1 8704]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\System32\drivers\mv91cons.sys [2010-11-21 24880]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-11-21 303408]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-17 399432]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-9-8 288256]
R2 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [2010-9-8 1034752]
R2 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [2010-9-8 485376]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-7-24 283200]
R3 LADF_BakerCOnly;BakerC Filter Driver;C:\Windows\System32\drivers\ladfBakerCamd64.sys [2011-3-18 410184]
R3 LADF_BakerROnly;BakerR Filter Driver;C:\Windows\System32\drivers\ladfBakerRamd64.sys [2011-3-18 335688]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-17 25928]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2011-12-30 32344]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2011-12-25 14136]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 RzSynapse;Razer Driver;C:\Windows\System32\drivers\RzSynapse.sys [2011-3-31 126464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-17 676936]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-25 135584]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;C:\Windows\System32\drivers\hitmanpro36.sys [2012-3-15 27424]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [2012-7-24 33592]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 NTIOLib_1_0_1;NTIOLib_1_0_1;C:\Program Files (x86)\MSI\ControlCenter\NTIOLib_X64.sys [2011-12-25 14136]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2012-7-24 14136]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-17 19456]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-17 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-17 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-25 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]
.
=============== Created Last 30 ================
.
2012-12-07 10:20:17 -------- d-----w- C:\ProgramData\Zoomex
2012-12-07 10:20:17 -------- d-----w- C:\ProgramData\Premium
2012-12-07 10:20:14 -------- d-----w- C:\ProgramData\InstallMate
2012-12-06 23:42:58 -------- d-----w- C:\Users\Matrix\AppData\Local\NVIDIA
2012-12-05 05:42:12 -------- d-----w- C:\Users\Matrix\AppData\Local\CrashRpt
2012-12-05 05:42:12 -------- d-----w- C:\Users\Matrix\AppData\Local\Arktos
2012-12-04 20:12:33 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-12-04 20:12:20 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-12-04 20:12:09 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-12-04 20:12:01 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-12-04 16:54:08 -------- d-----w- C:\Users\Matrix\AppData\Roaming\Softland
2012-12-04 16:54:07 25480 ----a-w- C:\Windows\System32\dopdfmn7.dll
2012-12-04 16:54:07 20872 ----a-w- C:\Windows\System32\dopdfmi7.dll
2012-12-04 16:54:07 1700352 ----a-w- C:\Windows\System32\GdiPlus.dll
2012-12-04 16:54:06 -------- d-----w- C:\Program Files\Softland
2012-11-28 03:21:23 79464 ----a-w- C:\Windows\System32\WTFastDrv.dll
2012-11-28 03:21:23 72296 ----a-w- C:\Windows\SysWow64\WTFastDrv.dll
2012-11-28 03:21:23 11264 ----a-w- C:\Windows\SysWow64\SPORDER.DLL
2012-11-28 03:21:23 -------- d-----w- C:\Program Files (x86)\WTFast
2012-11-20 03:34:48 -------- d-----w- C:\Users\Matrix\AppData\Roaming\AVG
2012-11-20 03:34:27 -------- d-----w- C:\ProgramData\AVG
2012-11-20 03:34:22 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-11-18 06:32:46 -------- d-----w- C:\Users\Matrix\AppData\Roaming\AVG2013
2012-11-18 06:29:42 -------- d-----w- C:\Users\Matrix\AppData\Roaming\TuneUp Software
2012-11-18 06:28:05 -------- d-----w- C:\ProgramData\AVG2013
2012-11-18 06:02:49 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-18 06:02:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-18 06:02:12 -------- d-----w- C:\Users\Matrix\AppData\Local\MFAData
2012-11-18 06:02:12 -------- d-----w- C:\Users\Matrix\AppData\Local\Avg2013
2012-11-18 00:50:01 -------- d-----w- C:\Program Files\Defraggler
2012-11-18 00:46:17 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-11-18 00:46:17 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-11-18 00:46:14 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-11-18 00:46:14 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-11-18 00:46:14 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-11-18 00:46:14 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-18 00:46:14 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-11-18 00:46:14 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-18 00:46:14 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-11-18 00:46:14 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-11-18 00:46:14 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2012-11-15 13:04:44 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-15 13:04:44 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-15 13:04:44 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-15 13:04:44 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-15 13:00:31 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-15 13:00:31 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-15 13:00:31 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-15 13:00:31 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-15 13:00:30 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-15 13:00:30 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-15 13:00:30 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-13 13:38:43 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-11-13 13:38:04 -------- d-----w- C:\Users\Matrix\AppData\Local\Microsoft Help
2012-11-10 01:59:46 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
.
==================== Find3M ====================
.
2012-11-06 02:42:37 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-06 02:42:37 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-22 23:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-15 13:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-05 13:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-10-02 23:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-10-02 19:51:15 3536817 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-10-02 19:51:11 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-10-02 19:51:04 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
2012-10-02 19:50:57 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-10-02 19:50:57 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-10-02 19:50:57 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-10-02 13:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-09-29 07:42:04 2177704 ----a-w- C:\Windows\System32\coin92.dll
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-25 01:32:24 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-09-25 01:32:20 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-21 13:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-09-21 13:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-14 13:05:18 40800 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
.
============= FINISH: 0:32:22.04 ===============

Attached Files


Edited by gotz, 07 December 2012 - 05:48 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:09 PM

Posted 07 December 2012 - 07:11 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gotz

gotz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 07 December 2012 - 07:28 AM

Thanks for such a fast reply!

Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 6 Update 22
Java™ 6 Update 37
Java version out of Date!
Adobe Flash Player 11.4.402.287 Flash Player out of Date!
Mozilla Firefox 16.0.2 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````



# AdwCleaner v2.011 - Logfile created 12/07/2012 at 02:19:09
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Matrix - MATRIX-PC
# Boot Mode : Normal
# Running from : C:\Users\Matrix\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Users\Matrix\AppData\LocalLow\boost_interprocess

***** [Registry] *****

Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Matrix\AppData\Roaming\Mozilla\Firefox\Profiles\vhdmkp65.default\prefs.js

Deleted : user_pref("extensions.enabledAddons", "DivXWebPlayer@divx.com:2.0.2.039,{23fcfd51-4958-4f00-80a3-ae9[...]

-\\ Google Chrome v23.0.1271.95

File : C:\Users\Matrix\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1277 octets] - [07/12/2012 02:19:09]

########## EOF - C:\AdwCleaner[S1].txt - [1337 octets] ##########




RogueKiller V8.3.2 [Dec 7 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Matrix [Admin rights]
Mode : Remove -- Date : 12/07/2012 02:27:09

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721050CLA362 ATA Device +++++
--- User ---
[MBR] 57aad0e07a2ab8c158889ef1aa0ae411
[BSP] 1b849ec36bba6435840cad37d07febe9 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_12072012_02d0227.txt >>
RKreport[1]_S_12072012_02d0226.txt ; RKreport[2]_D_12072012_02d0227.txt

Edited by gotz, 07 December 2012 - 07:28 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:09 PM

Posted 07 December 2012 - 11:30 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gotz

gotz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 07 December 2012 - 09:54 PM

Hmmm...disabled my AVG, ran ComboFix. The blue window said something along the lines of "generating report", then it disappeared and no report came up. Also, as soon as the window disappeared, the internet for my computer was no longer accessible. Did I do something wrong?

Edit: Crap...apparently I did not disable AVG properly and it virus vaulted ComboFix O_o Downloading again and running again. (Internet is working again btw after restart)

ComboFix 12-12-07.01 - Matrix 12/07/2012 16:57:21.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8160.5998 [GMT -10:00]
Running from: c:\users\Matrix\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\SysWow64\setup.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-11-08 to 2012-12-08 )))))))))))))))))))))))))))))))
.
.
2012-12-08 03:01 . 2012-12-08 03:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-08 03:01 . 2012-12-08 03:01 -------- d-----w- c:\users\UpdatusUser.Matrix-PC\AppData\Local\temp
2012-12-08 03:01 . 2012-12-08 03:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-07 10:51 . 2012-12-07 10:51 -------- d-----w- c:\program files (x86)\SplitMediaLabs
2012-12-07 10:20 . 2012-12-07 10:20 -------- d-----w- c:\programdata\Zoomex
2012-12-06 23:42 . 2012-12-06 23:42 -------- d-----w- c:\users\Matrix\AppData\Local\NVIDIA
2012-12-05 05:42 . 2012-12-05 05:42 -------- d-----w- c:\users\Matrix\AppData\Local\CrashRpt
2012-12-05 05:42 . 2012-12-05 05:42 -------- d-----w- c:\users\Matrix\AppData\Local\Arktos
2012-12-04 20:12 . 2012-12-04 20:12 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-12-04 20:12 . 2012-12-04 20:12 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-12-04 20:12 . 2012-12-04 20:12 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-12-04 20:12 . 2012-12-04 20:12 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-12-04 20:01 . 2012-12-04 20:04 -------- d-----w- c:\users\Matrix\AppData\Roaming\U3
2012-12-04 16:54 . 2012-12-04 16:54 -------- d-----w- c:\users\Matrix\AppData\Roaming\Softland
2012-12-04 16:54 . 2012-10-03 22:50 25480 ----a-w- c:\windows\system32\dopdfmn7.dll
2012-12-04 16:54 . 2012-10-03 22:50 20872 ----a-w- c:\windows\system32\dopdfmi7.dll
2012-12-04 16:54 . 2010-02-06 01:00 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2012-12-04 16:54 . 2012-12-04 16:54 -------- d-----w- c:\program files\Softland
2012-12-01 05:17 . 2012-12-01 05:17 -------- d-----w- c:\programdata\Logitech
2012-12-01 05:17 . 2012-12-01 05:17 -------- d-----w- c:\program files\Logitech
2012-12-01 05:17 . 2012-12-01 05:17 -------- d-----w- c:\program files (x86)\Logitech
2012-11-28 03:21 . 2012-11-28 03:21 -------- d-----w- c:\program files (x86)\WTFast
2012-11-28 03:21 . 2012-07-11 23:12 79464 ----a-w- c:\windows\system32\WTFastDrv.dll
2012-11-28 03:21 . 2012-07-11 23:12 72296 ----a-w- c:\windows\SysWow64\WTFastDrv.dll
2012-11-28 03:21 . 1997-06-07 01:52 11264 ----a-w- c:\windows\SysWow64\SPORDER.DLL
2012-11-20 03:34 . 2012-11-20 03:34 -------- d-----w- c:\users\Matrix\AppData\Roaming\AVG
2012-11-20 03:34 . 2012-11-20 03:35 -------- d-----w- c:\programdata\AVG
2012-11-20 03:34 . 2012-11-20 03:34 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-11-18 06:29 . 2012-11-18 06:29 -------- d-----w- c:\users\Matrix\AppData\Roaming\TuneUp Software
2012-11-18 06:02 . 2012-11-18 06:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-18 06:02 . 2012-09-30 05:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-18 06:02 . 2012-11-19 08:43 -------- d-----w- c:\users\Matrix\AppData\Local\Avg2013
2012-11-18 06:02 . 2012-11-18 06:02 -------- d-----w- c:\users\Matrix\AppData\Local\MFAData
2012-11-18 00:50 . 2012-11-18 00:50 -------- d-----w- c:\program files\Defraggler
2012-11-18 00:46 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-11-18 00:46 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-11-18 00:46 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-11-18 00:46 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-11-18 00:46 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-11-18 00:46 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-18 00:46 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-11-18 00:46 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-11-18 00:46 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-11-18 00:46 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-11-18 00:46 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-11-15 13:04 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 13:04 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 13:04 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-15 13:04 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-15 13:00 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-15 13:00 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-15 13:00 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 13:00 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 13:00 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 13:00 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-15 13:00 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-14 13:00 . 2012-11-14 13:00 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-11-13 13:40 . 2012-11-14 13:02 -------- d-----w- c:\program files (x86)\Microsoft Works
2012-11-13 13:38 . 2012-11-13 13:38 -------- d-----w- c:\program files\Microsoft Office
2012-11-13 13:38 . 2012-11-13 13:38 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-11-13 13:38 . 2012-11-13 13:38 -------- d-----w- c:\users\Matrix\AppData\Local\Microsoft Help
2012-11-13 13:38 . 2012-11-16 13:03 -------- d-----w- c:\programdata\Microsoft Help
2012-11-13 13:37 . 2012-11-13 13:37 -------- d-----r- C:\MSOCache
2012-11-10 01:59 . 2012-11-10 01:59 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-08 02:53 . 2012-02-16 05:09 22368 ----a-w- c:\windows\system32\drivers\AFD.SYS
2012-12-08 02:53 . 2009-07-14 00:10 22368 ----a-w- c:\windows\system32\drivers\WS2IFSL.SYS
2012-11-15 13:01 . 2011-12-25 15:03 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-06 02:42 . 2012-08-04 10:56 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-06 02:42 . 2012-08-04 10:56 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-22 23:02 . 2012-10-22 23:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-16 08:38 . 2012-11-28 03:02 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 03:02 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 03:02 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 13:48 . 2012-10-15 13:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-10-05 13:32 . 2012-10-05 13:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-10-02 23:15 . 2012-10-02 23:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-10-02 22:21 . 2012-09-01 20:40 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-02 22:21 . 2012-09-01 20:40 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-02 22:21 . 2012-08-23 05:31 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-10-02 22:21 . 2012-08-23 05:31 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-02 22:21 . 2012-08-23 05:31 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-02 22:21 . 2012-08-23 05:31 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-02 22:21 . 2012-08-23 05:31 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-02 22:21 . 2012-02-22 17:02 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-02 19:51 . 2012-08-23 05:32 3536817 ----a-w- c:\windows\system32\nvcoproc.bin
2012-10-02 19:51 . 2012-08-23 05:32 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2012-08-23 05:32 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2012-08-23 05:32 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2012-08-23 05:32 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2012-08-23 05:32 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 13:30 . 2012-10-02 13:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-09-29 07:42 . 2012-09-29 07:42 2177704 ----a-w- c:\windows\system32\coin92.dll
2012-09-25 01:32 . 2012-07-28 01:49 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-25 01:32 . 2011-12-26 07:32 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-21 13:46 . 2012-09-21 13:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-09-21 13:46 . 2012-09-21 13:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys
2012-09-14 19:19 . 2012-10-10 05:23 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 05:23 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-14 13:05 . 2012-09-14 13:05 40800 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Matrix\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Matrix\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Matrix\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Matrix\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\StartSuperCharger.exe" [2011-07-07 303104]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-01 1374720]
"Razer Naga Driver"="c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe" [2011-04-13 953232]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]
"Logitech G930"="c:\program files (x86)\Logitech\G930\G930.exe" [2011-03-23 1516888]
.
c:\users\Matrix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech blank Product Registration.lnk - c:\program files (x86)\Logitech\G930\eReg.exe [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders credssp.dll, UstaptaWfisx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 5814392]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-10 135584]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-03-15 27424]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [2010-05-10 33592]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 NTIOLib_1_0_1;NTIOLib_1_0_1;c:\program files (x86)\MSI\ControlCenter\NTIOLib_X64.sys [2009-10-06 14136]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-22 14136]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-25 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [2010-11-22 24880]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-11-22 303408]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-09-08 288256]
S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [2010-09-08 1034752]
S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [2010-09-08 485376]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-25 283200]
S3 LADF_BakerCOnly;BakerC Filter Driver;c:\windows\system32\DRIVERS\ladfBakerCamd64.sys [2011-03-19 410184]
S3 LADF_BakerROnly;BakerR Filter Driver;c:\windows\system32\DRIVERS\ladfBakerRamd64.sys [2011-03-19 335688]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-18 32344]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2010-07-13 14136]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner 2.2.3\RTCore64.sys [2012-07-24 10568]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-04-01 126464]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 02:42]
.
2012-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-13 04:19]
.
2012-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-13 04:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Matrix\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Matrix\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Matrix\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Matrix\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-06 7560808]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://search.privitize.com/?aff=7
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\WTFastDrv.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Matrix\AppData\Roaming\Mozilla\Firefox\Profiles\vhdmkp65.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.privitize.com/?aff=7&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-16 16:28; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-12-07 00:35; 50c1c67ee9577@50c1c67ee95ae.com; c:\users\Matrix\AppData\Roaming\Mozilla\Firefox\Profiles\vhdmkp65.default\extensions\50c1c67ee9577@50c1c67ee95ae.com
FF - ExtSQL: !HIDDEN! 2011-12-25 22:57; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-93729172.sys
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-07 17:02:11
ComboFix-quarantined-files.txt 2012-12-08 03:02
.
Pre-Run: 335,480,774,656 bytes free
Post-Run: 335,320,117,248 bytes free
.
- - End Of File - - B299128464E9F475700B2C3B98B2467B

Edited by gotz, 07 December 2012 - 10:04 PM.


#6 gotz

gotz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 07 December 2012 - 10:09 PM

Okay, now I have another problem haha (SORRY!)

After posting the ComboFix log, I restarted my computer and it asked me to go into Windows Launch Repair. I chose to start windows normally. Some programs (AVG, AfterBurner, etc) no longer started on system start. My internet was also out. Currently restarting again to see if it makes a difference.

Computer restarted and still no internet. I'll wait for a reply, thank you in advanced!

Edited by gotz, 07 December 2012 - 10:13 PM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:09 PM

Posted 07 December 2012 - 10:17 PM

use system restore to before we ran combofix


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gotz

gotz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 07 December 2012 - 10:23 PM

The only restore point available was from quite a few hours ago...Currently restoring. Will this also bring back the Privitize VPN? This was about the time that it was installed.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:09 PM

Posted 07 December 2012 - 10:29 PM

if it does we will remove it again


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gotz

gotz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 07 December 2012 - 10:33 PM

System restore completed and internet is back! However, it is quite sluggish again. I think it's back =(

Edit: Yes, it's definitely back. I saw the search.privitize.com scroll by as I was searching something random in FireFox.

Edited by gotz, 07 December 2012 - 10:34 PM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:09 PM

Posted 07 December 2012 - 10:46 PM

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gotz

gotz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 07 December 2012 - 10:53 PM

ADW did not produce a log file. Searched computer for it as well as the location you gave. I'll try running it again.

RogueKiller V8.3.2 [Dec 7 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Matrix [Admin rights]
Mode : Remove -- Date : 12/07/2012 17:52:10

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][NOTFOUND] HKLM\[...]\Run : THXCfg64 (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Run : Nvtmru ("C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" -f "C:\ProgramData\NVIDIA\Updatus\NvTmru\nvtmru.dat") -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721050CLA362 ATA Device +++++
--- User ---
[MBR] 57aad0e07a2ab8c158889ef1aa0ae411
[BSP] 1b849ec36bba6435840cad37d07febe9 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_12072012_02d1752.txt >>
RKreport[1]_S_12072012_02d1751.txt ; RKreport[2]_D_12072012_02d1752.txt

Edited by gotz, 07 December 2012 - 10:55 PM.


#13 gotz

gotz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 07 December 2012 - 10:58 PM

Worked the second time

# AdwCleaner v2.011 - Logfile created 12/07/2012 at 17:56:20
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Matrix - MATRIX-PC
# Boot Mode : Normal
# Running from : C:\Users\Matrix\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Matrix\AppData\Roaming\Mozilla\Firefox\Profiles\vhdmkp65.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Users\Matrix\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [842 octets] - [07/12/2012 17:56:20]

########## EOF - C:\AdwCleaner[S2].txt - [901 octets] ##########

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:09 PM

Posted 07 December 2012 - 11:16 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gotz

gotz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 07 December 2012 - 11:27 PM

OTL logfile created on: 12/7/2012 6:20:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matrix\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.97 Gb Total Physical Memory | 5.88 Gb Available Physical Memory | 73.77% Memory free
15.94 Gb Paging File | 13.48 Gb Available in Paging File | 84.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 312.50 Gb Free Space | 67.11% Space Free | Partition Type: NTFS

Computer Name: MATRIX-PC | User Name: Matrix | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Matrix\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\MSI Afterburner 2.2.3\Bundle\OSDServer\RTSS.exe ()
PRC - C:\Program Files (x86)\MSI Afterburner 2.2.3\MSIAfterburner.exe ()
PRC - C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe ()
PRC - C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
PRC - C:\Program Files (x86)\Logitech\G930\G930.exe (Logitech©)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avutil-51.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avformat-54.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner 2.2.3\Bundle\OSDServer\RTSS.exe ()
MOD - C:\Program Files (x86)\MSI Afterburner 2.2.3\MSIAfterburner.exe ()
MOD - C:\Program Files (x86)\MSI Afterburner 2.2.3\RTMUI.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner 2.2.3\RTHAL.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner 2.2.3\RTCore.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner 2.2.3\RTUI.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner 2.2.3\RTFC.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner 2.2.3\Bundle\OSDServer\RTSSHooks.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner 2.2.3\Bundle\OSDServer\RTMUI.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner 2.2.3\Bundle\OSDServer\RTUI.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner 2.2.3\Bundle\OSDServer\RTFC.dll ()
MOD - C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe ()
MOD - C:\Program Files (x86)\MSI Afterburner 2.2.3\RTTSH.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner 2.2.3\Bundle\OSDServer\RTTSH.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (WDFME) -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe ()
SRV - (WDSC) -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (hitmanpro35) -- C:\Windows\SysNative\drivers\hitmanpro36.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (RzSynapse) -- C:\Windows\SysNative\drivers\RzSynapse.sys (Razer USA Ltd)
DRV:64bit: - (LADF_BakerCOnly) -- C:\Windows\SysNative\drivers\ladfBakerCamd64.sys (Logitech)
DRV:64bit: - (LADF_BakerROnly) -- C:\Windows\SysNative\drivers\ladfBakerRamd64.sys (Logitech)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (mv91cons) -- C:\Windows\SysNative\drivers\mv91cons.sys (Marvell Semiconductor Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV - (RTCore64) -- C:\Program Files (x86)\MSI Afterburner 2.2.3\RTCore64.sys ()
DRV - (NTIOLib_1_0_4) -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys (MSI)
DRV - (NTIOLib_1_0_3) -- C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys (MSI)
DRV - (MSI_MSIBIOS_010507) -- C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys (Your Corporation)
DRV - (NTIOLib_1_0_1) -- C:\Program Files (x86)\MSI\ControlCenter\NTIOLib_X64.sys (MSI)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.privitize.com/?aff=7
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{C4AA3682-54FD-458D-8EF7-2AF7058CF8A9}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4120964355-3089664052-476732360-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.privitize.com/?aff=7
IE - HKU\S-1-5-21-4120964355-3089664052-476732360-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4120964355-3089664052-476732360-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-4120964355-3089664052-476732360-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0B 24 C9 70 40 D2 CD 01 [binary data]
IE - HKU\S-1-5-21-4120964355-3089664052-476732360-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4120964355-3089664052-476732360-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.privitize.com/?aff=7&q={searchTerms}
IE - HKU\S-1-5-21-4120964355-3089664052-476732360-1000\..\SearchScopes\{C4AA3682-54FD-458D-8EF7-2AF7058CF8A9}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4120964355-3089664052-476732360-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4120964355-3089664052-476732360-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-4120964355-3089664052-476732360-1005\..\SearchScopes,DefaultScope =

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Privitize VPN"
FF - prefs.js..browser.search.defaultenginename: "Privitize VPN"
FF - prefs.js..browser.search.order.1: "Privitize VPN"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "http://search.privitize.com/?aff=7&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/25 22:57:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/05/12 18:20:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/17 15:14:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/17 15:14:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/25 22:57:55 | 000,000,000 | ---D | M]

[2011/12/25 22:24:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matrix\AppData\Roaming\Mozilla\Extensions
[2012/12/07 00:20:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matrix\AppData\Roaming\Mozilla\Firefox\Profiles\vhdmkp65.default\extensions
[2012/12/07 00:20:19 | 000,000,000 | ---D | M] (Zoomex) -- C:\Users\Matrix\AppData\Roaming\Mozilla\Firefox\Profiles\vhdmkp65.default\extensions\50c1c67ee9577@50c1c67ee95ae.com
[2012/05/12 18:18:02 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Matrix\AppData\Roaming\Mozilla\Firefox\Profiles\vhdmkp65.default\extensions\DivXWebPlayer@divx.com.xpi
[2012/11/27 17:29:40 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Matrix\AppData\Roaming\Mozilla\Firefox\Profiles\vhdmkp65.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/11/17 15:14:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/17 15:14:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/11/17 15:14:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/05/12 18:20:47 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/11/17 15:14:14 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/05 15:17:58 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/27 01:45:14 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://search.privitize.com/?aff=7
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://search.privitize.com/?aff=7
CHR - plugin: Shockwave Flash (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Matrix\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U33 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Matrix\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Adblock Plus = C:\Users\Matrix\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.1_0\
CHR - Extension: Google Search = C:\Users\Matrix\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Recent History = C:\Users\Matrix\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbmkfdfomhhlonpbnpiibloacemdhjjm\2.1.4.1_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Matrix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Matrix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/03/12 19:50:00 | 000,000,019 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (DWABrowserHlprObj Class) - {2709D830-B643-4e72-9A1E-701CFFFCF30C} - C:\Windows\SysWow64\dwabho.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Logitech G930] C:\Program Files (x86)\Logitech\G930\G930.exe (Logitech©)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe (MSI)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4120964355-3089664052-476732360-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-4120964355-3089664052-476732360-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4120964355-3089664052-476732360-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-4120964355-3089664052-476732360-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O4 - Startup: C:\Users\Matrix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Product Registration.lnk = C:\Program Files (x86)\Logitech\G930\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-4120964355-3089664052-476732360-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4120964355-3089664052-476732360-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\WTFastDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\WTFastDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\WTFastDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\WTFastDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\WTFastDrv.dll (Initex)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\WTFastDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\WTFastDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\WTFastDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\WTFastDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\WTFastDrv.dll (Initex)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D791BFFE-BF89-4A20-AABC-235661F375E1}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (UstaptaWfisx.dll) - File not found
O29 - HKLM SecurityProviders - (UstaptaWfisx.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{eea5f3f8-2f7d-11e1-8969-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{eea5f3f8-2f7d-11e1-8969-806e6f6e6963}\Shell\AutoRun\command - "" = D:\install.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/07 16:42:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/07 16:42:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/12/07 02:23:10 | 000,000,000 | ---D | C] -- C:\Users\Matrix\Desktop\RK_Quarantine
[2012/12/07 00:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
[2012/12/07 00:51:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SplitMediaLabs
[2012/12/07 00:20:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Zoomex
[2012/12/07 00:20:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoomex
[2012/12/06 13:42:58 | 000,000,000 | ---D | C] -- C:\Users\Matrix\AppData\Local\NVIDIA
[2012/12/04 19:42:12 | 000,000,000 | ---D | C] -- C:\Users\Matrix\AppData\Local\CrashRpt
[2012/12/04 19:42:12 | 000,000,000 | ---D | C] -- C:\Users\Matrix\Documents\Arktos
[2012/12/04 19:42:12 | 000,000,000 | ---D | C] -- C:\Users\Matrix\AppData\Local\Arktos
[2012/12/04 19:12:07 | 000,000,000 | ---D | C] -- C:\Users\Matrix\Documents\The War Z
[2012/12/04 19:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The War Z
[2012/12/04 10:01:32 | 000,000,000 | ---D | C] -- C:\Users\Matrix\AppData\Roaming\U3
[2012/12/04 06:54:08 | 000,000,000 | ---D | C] -- C:\Users\Matrix\AppData\Roaming\Softland
[2012/12/04 06:54:07 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll
[2012/12/04 06:54:07 | 000,025,480 | ---- | C] (Softland) -- C:\Windows\SysNative\dopdfmn7.dll
[2012/12/04 06:54:07 | 000,020,872 | ---- | C] (Softland) -- C:\Windows\SysNative\dopdfmi7.dll
[2012/12/04 06:54:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doPDF 7
[2012/12/04 06:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\Softland
[2012/11/30 19:17:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2012/11/30 19:17:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012/11/30 19:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012/11/30 19:17:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2012/11/27 17:21:23 | 000,079,464 | ---- | C] (Initex) -- C:\Windows\SysNative\WTFastDrv.dll
[2012/11/27 17:21:23 | 000,072,296 | ---- | C] (Initex) -- C:\Windows\SysWow64\WTFastDrv.dll
[2012/11/27 17:21:23 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SPORDER.DLL
[2012/11/27 17:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WTFast
[2012/11/27 17:21:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WTFast
[2012/11/19 17:34:48 | 000,000,000 | ---D | C] -- C:\Users\Matrix\AppData\Roaming\AVG
[2012/11/19 17:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2012/11/19 17:34:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2012/11/17 20:32:46 | 000,000,000 | ---D | C] -- C:\Users\Matrix\AppData\Roaming\AVG2013
[2012/11/17 20:29:42 | 000,000,000 | ---D | C] -- C:\Users\Matrix\AppData\Roaming\TuneUp Software
[2012/11/17 20:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/11/17 20:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/17 20:02:49 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/11/17 20:02:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/17 20:02:12 | 000,000,000 | ---D | C] -- C:\Users\Matrix\AppData\Local\MFAData
[2012/11/17 20:02:12 | 000,000,000 | ---D | C] -- C:\Users\Matrix\AppData\Local\Avg2013
[2012/11/17 15:14:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/11/17 14:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
[2012/11/17 14:50:01 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2012/11/17 14:48:41 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2012/11/17 14:48:41 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012/11/17 14:48:41 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012/11/17 14:48:40 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2012/11/17 14:48:40 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2012/11/17 14:48:40 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2012/11/17 14:48:39 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012/11/17 14:48:39 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2012/11/17 14:48:39 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012/11/17 14:48:39 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2012/11/17 14:48:39 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2012/11/17 14:48:39 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2012/11/17 14:48:39 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2012/11/17 14:48:39 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012/11/17 14:48:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012/11/17 14:48:39 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2012/11/17 14:48:39 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2012/11/17 14:48:39 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2012/11/17 14:48:38 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012/11/17 14:48:38 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012/11/17 14:48:38 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/11/17 14:48:38 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012/11/17 14:48:38 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012/11/17 14:48:38 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2012/11/17 14:48:38 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2012/11/17 14:46:17 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/11/17 14:46:17 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/11/17 14:46:14 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/11/17 14:46:14 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/11/15 03:04:44 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/11/15 03:04:44 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/11/15 03:02:09 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/11/15 03:02:09 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/11/15 03:02:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/11/15 03:02:09 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/11/15 03:02:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/11/15 03:02:09 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/11/15 03:02:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/11/15 03:02:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/11/15 03:02:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/11/15 03:02:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/11/15 03:02:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/11/15 03:02:09 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/11/15 03:02:08 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/11/15 03:02:08 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/11/15 03:02:08 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/11/15 03:00:31 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/11/15 03:00:30 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/11/15 03:00:30 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/11/15 03:00:30 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/11/14 18:05:48 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012/11/14 18:05:48 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012/11/14 18:05:48 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012/11/14 18:05:44 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012/11/14 18:05:44 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012/11/14 18:05:44 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012/11/14 18:05:44 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012/11/14 18:05:44 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012/11/14 18:05:44 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012/11/14 18:05:28 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/11/14 18:05:28 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/11/13 03:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/11/13 03:40:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2012/11/13 03:40:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2012/11/13 03:40:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/11/13 03:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/11/13 03:38:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012/11/13 03:38:04 | 000,000,000 | ---D | C] -- C:\Users\Matrix\AppData\Local\Microsoft Help
[2012/11/13 03:38:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012/11/13 03:38:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/11/13 03:37:07 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/11/12 23:20:15 | 026,331,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/11/12 23:20:15 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/11/12 23:20:15 | 019,906,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/11/12 23:20:15 | 018,252,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012/11/12 23:20:15 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/11/12 23:20:15 | 009,146,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/11/12 23:20:15 | 007,697,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/11/12 23:20:15 | 007,414,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2012/11/12 23:20:15 | 006,127,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2012/11/12 23:20:15 | 002,747,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/11/12 23:20:15 | 002,574,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/11/12 23:20:15 | 002,218,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/11/12 23:20:15 | 001,867,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/11/12 23:20:15 | 000,831,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012/11/12 23:20:15 | 000,247,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012/11/12 23:20:15 | 000,202,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012/11/09 15:59:46 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/07 18:04:53 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/07 18:04:53 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/07 18:01:59 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/07 18:01:59 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/07 18:01:59 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/07 17:57:45 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/07 17:57:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/07 17:57:30 | 2122,244,095 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/07 17:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/07 17:43:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/06 13:42:23 | 000,001,347 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2012/12/06 13:40:39 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\WTFast.lnk
[2012/11/27 01:58:55 | 001,972,682 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/11/17 16:55:00 | 004,997,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/17 14:50:13 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/06 13:42:23 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2012/12/06 13:40:39 | 000,001,116 | ---- | C] () -- C:\Users\Matrix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Product Registration.lnk
[2012/12/05 10:32:21 | 000,266,820 | ---- | C] () -- C:\Users\Matrix\Documents\Pages from Charlotte's Web Trifolds (1).pdf
[2012/12/04 06:55:13 | 000,133,289 | ---- | C] () -- C:\Users\Matrix\Documents\How-to Paragraphs.pdf
[2012/12/04 06:54:07 | 000,007,549 | ---- | C] () -- C:\Windows\SysNative\dopdf7.ctm
[2012/11/27 17:21:23 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\WTFast.lnk
[2012/11/18 21:13:20 | 001,972,682 | ---- | C] () -- C:\Users\Matrix\Documents\super seniors.psd
[2012/11/17 20:29:43 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/11/17 16:53:34 | 004,997,000 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/17 14:50:13 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/11/15 03:04:44 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/15 03:00:30 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/09/19 19:02:37 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/09/19 19:02:37 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/09/13 16:18:59 | 000,003,584 | ---- | C] () -- C:\Users\Matrix\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/09 20:40:58 | 000,000,778 | ---- | C] () -- C:\Windows\hpomdl35.dat.temp
[2012/08/17 20:23:46 | 000,003,072 | ---- | C] () -- C:\Users\Matrix\AppData\Local\file__0.localstorage
[2012/07/24 18:04:06 | 000,007,597 | ---- | C] () -- C:\Users\Matrix\AppData\Local\Resmon.ResmonCfg
[2012/03/12 14:44:11 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/03/12 14:44:11 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/12/25 22:52:22 | 000,220,645 | ---- | C] () -- C:\Windows\hpoins35.dat
[2011/12/25 22:52:22 | 000,000,778 | ---- | C] () -- C:\Windows\hpomdl35.dat
[2011/12/25 22:50:45 | 000,000,974 | ---- | C] () -- C:\Windows\SysWow64\setup.ini
[2011/12/25 22:50:45 | 000,000,473 | ---- | C] () -- C:\Windows\SysWow64\layout.bin
[2011/12/25 22:01:12 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/12/25 06:00:41 | 000,001,313 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011/12/25 06:00:41 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011/12/25 06:00:41 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011/12/25 06:00:37 | 000,182,272 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/12/25 06:00:37 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/09/19 03:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll

========== ZeroAccess Check ==========

[2009/07/13 18:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 19:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 15:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 17:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 15:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Edited by gotz, 08 December 2012 - 10:51 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users