Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Believe I have a Rootkit


  • This topic is locked This topic is locked
3 replies to this topic

#1 philo-sofa

philo-sofa

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Auckland, New Zealand
  • Local time:01:58 PM

Posted 08 January 2013 - 02:11 AM

I received 'You are about to be logged off" and a "3 minutes" Message". I'm fairly sure my questionable browsing caused this (I'm a journalist on a story, really, not as dodgy as it sounds).

DDS Copypasta follows:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2
Run by Alex at 6:56:39 on 2013-01-08
Microsoft Windows 7 Professional 6.1.7601.1.1252.64.1033.18.8086.4306 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\!INTER~1\AVGFRE~1\avgrsa.exe
C:\Program Files (x86)\!Internet\AVG Free 2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\!Internet\AVG Free 2013\avgidsagent.exe
C:\Program Files (x86)\!Internet\AVG Free 2013\avgwdsvc.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\!Games\Hamachi\hamachi-2.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\!Games\Hamachi\hamachi-2-ui.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files (x86)\!Internet\AVG Free 2013\avgnsa.exe
C:\Program Files (x86)\!Internet\AVG Free 2013\avgemca.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\!Drivers\EVGA Precision X\EVGAPrecision.exe
C:\Program Files (x86)\Corsair\CorsairLink 2\Sierra2.GPU.exe
C:\Program Files (x86)\Protected Search\ProtectedSearch.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\!Internet\PeerBlock\peerblock.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\!Internet\Phone\Skype.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\!Internet\AVG Free 2013\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\!Utilities\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\notepad.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\notepad.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
mStart Page = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2937
mSearch Bar = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
mSearch Page = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
mDefault_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\!Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [PeerBlock] C:\Program Files\!Internet\PeerBlock\peerblock.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [Skype] "C:\Program Files (x86)\!Internet\Phone\Skype.exe" /minimized /regrun
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [AVG_UI] "C:\Program Files (x86)\!Internet\AVG Free 2013\avgui.exe" /TRAYONLY
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\!Office\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\!Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.27.2.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{BAC79A49-455F-479C-A540-5050D87F68C6} : DHCPNameServer = 172.31.139.17 172.30.139.17
TCP: Interfaces\{F3AA4C83-86FA-41DD-991B-67E2F7BA1680} : DHCPNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\!Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\appinit_dll.dll C:\Windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\!Office\Office12\GrooveShellExtensions.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [Cm108Sound] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.cpl,CMICtrlWnd
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\6nvg1qux.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.nz/
FF - ExtSQL: 2012-11-14 01:05; {3f1182ea-3243-4d32-8826-71fb1cc9c328}; C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\6nvg1qux.default\extensions\{3f1182ea-3243-4d32-8826-71fb1cc9c328}.xpi
FF - ExtSQL: 2049-12-31 02:00; {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}; C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\6nvg1qux.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-10-20 16152]
R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2012-10-20 17192]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-11-28 279616]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Program Files (x86)\!Utilities\HWiNFO32\HWiNFO64A.SYS [2012-5-16 30592]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\!Internet\AVG Free 2013\avgidsagent.exe [2012-11-6 5814392]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\!Internet\AVG Free 2013\avgwdsvc.exe [2012-10-22 196664]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-11-22 166424]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\!Games\Hamachi\hamachi-2.exe [2012-12-10 2465712]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-16 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-10-20 128280]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-10-20 161560]
R2 MBAMService;MBAMService;C:\Program Files (x86)\!Utilities\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-10 366152]
R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2009-10-16 606048]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-10-20 363800]
R3 AmdTools64;AMD Special Tools Driver;C:\Windows\System32\drivers\AmdTools64.sys [2009-12-20 47160]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2012-11-2 160256]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-10-20 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-10-20 788760]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-5-9 425000]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-11-10 25416]
R3 pbfilter;pbfilter;C:\Program Files\!Internet\PeerBlock\pbfilter.sys [2010-11-26 24176]
R3 RAMDiskVE;RAMDiskVE;C:\Windows\System32\drivers\RAMDiskVE.sys [2011-9-19 70952]
R3 RTCore64;RTCore64;C:\Program Files (x86)\!Drivers\EVGA Precision X\RTCore64.sys [2012-10-17 15176]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-4-1 1105440]
R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\System32\drivers\seehcri.sys [2009-12-1 34032]
R3 VirtuWDDM;VirtuWDDM;C:\Windows\System32\drivers\VirtuWDDM.sys [2012-10-20 75592]
R3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Corsair\CorsairLink 2\WinRing0x64.sys [2012-10-31 14544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Sierra2Service;Sierra2Service;C:\Program Files (x86)\Corsair\CorsairLink 2\SierraService.exe [2012-11-20 15872]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\!Internet\Updater\Updater.exe [2012-11-9 160944]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-12-5 95248]
S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2009-12-20 12744]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-1-3 130976]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\System32\drivers\ICCWDT.sys [2012-7-17 26432]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-12-6 331264]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2009-11-10 74256]
S3 LGPBTDD;LGPBTDD.sys Display Driver;C:\Windows\System32\drivers\LGPBTDD.sys [2009-6-30 30728]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2009-11-10 13328]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-9 22528]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-23 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);C:\Windows\System32\drivers\s0016bus.sys [2009-12-1 115240]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;C:\Windows\System32\drivers\s0016mdfl.sys [2009-12-1 19496]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;C:\Windows\System32\drivers\s0016mdm.sys [2009-12-1 158760]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);C:\Windows\System32\drivers\s0016mgmt.sys [2009-12-1 137256]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);C:\Windows\System32\drivers\s0016nd5.sys [2009-12-1 34344]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;C:\Windows\System32\drivers\s0016obex.sys [2009-12-1 136744]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);C:\Windows\System32\drivers\s0016unic.sys [2009-12-1 151592]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-23 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 USBPNPA;USB PnP Sound Device Interface;C:\Windows\System32\drivers\CM10864.sys [2009-10-3 1276928]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-9 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2013-01-08 06:30:09 98816 ----a-w- C:\Windows\sed.exe
2013-01-08 06:30:09 256000 ----a-w- C:\Windows\PEV.exe
2013-01-08 06:30:09 208896 ----a-w- C:\Windows\MBR.exe
2013-01-08 06:29:58 -------- d-----w- C:\ComboFix
2013-01-05 19:12:44 -------- d-----w- C:\Windows\46ED2B6485C74E1F920CA555B21F2E4C.TMP
2013-01-05 19:11:41 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2013-01-05 19:11:37 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2013-01-03 11:41:53 95184 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-30 00:50:54 -------- d-----w- C:\Program Files (x86)\Silabs
2012-12-30 00:50:07 -------- d-----w- C:\Users\Alex\AppData\Roaming\Corsair
2012-12-30 00:49:32 -------- d-----w- C:\Program Files (x86)\Corsair
2012-12-30 00:48:46 -------- d-----w- C:\Users\Alex\AppData\Local\Downloaded Installations
2012-12-23 13:22:30 -------- d-----w- C:\Windows\SysWow64\NV
2012-12-23 13:22:30 -------- d-----w- C:\Windows\System32\NV
2012-12-23 13:12:05 -------- d-----w- C:\ProgramData\VS
2012-12-23 13:00:34 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-12-23 13:00:34 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-12-23 13:00:34 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-12-23 13:00:34 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-12-23 13:00:34 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-12-23 13:00:34 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-12-23 13:00:34 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-12-23 13:00:34 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-12-23 13:00:34 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2012-12-23 12:56:48 -------- d-----w- C:\Users\Alex\AppData\Roaming\AVG2013
2012-12-23 12:55:50 -------- d-----w- C:\Users\Alex\AppData\Roaming\TuneUp Software
2012-12-23 12:55:12 -------- d-----w- C:\ProgramData\AVG2013
2012-12-23 12:50:26 -------- d-----w- C:\Users\Alex\AppData\Local\MFAData
2012-12-23 12:50:26 -------- d-----w- C:\Users\Alex\AppData\Local\Avg2013
2012-12-23 02:46:31 -------- d-----w- C:\Users\Alex\AppData\Local\dxhr
2012-12-23 02:44:39 -------- d-----w- C:\Users\Alex\AppData\Local\28050
2012-12-22 21:25:30 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-22 21:25:30 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-22 21:25:30 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-22 21:25:29 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-18 01:50:22 83560 ----a-w- C:\ProgramData\Microsoft\BingDesktop\Updater\BingDesktopRestarter.exe
2012-12-12 02:40:08 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-12-12 02:40:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-12-12 02:40:02 3149824 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2013-01-04 19:47:35 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-01-04 19:47:35 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-01-04 19:47:02 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-01-03 11:41:45 859072 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-01-03 11:41:45 779704 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-12-31 16:20:53 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-12-11 22:15:38 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-11 22:15:38 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-01 05:49:26 3663213 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-12-01 05:49:26 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-12-01 05:49:25 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-12-01 05:49:25 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-12-01 05:49:24 890216 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-12-01 05:48:41 6223208 ----a-w- C:\Windows\System32\nvcpl.dll
2012-12-01 05:48:37 3311464 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-11-30 22:43:52 438632 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-10-22 13:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-15 03:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
.
============= FINISH: 6:56:44.22 ===============

Attached Files


Edited by philo-sofa, 08 January 2013 - 02:15 AM.

i7 860 @ 4.0Ghz | Prolimatech Megashadow & 120mm Gelid | MSI P55-GD65 | 8 GB G.Skill DDR3 1600 CL8 | Sapphire AMD HD 6970 (flashed from HD 6950) @ 910/5600 MHz | 2x 160GB Intel 320 Series (RAID 0), 1.5TB + 2TB Seagate | Corsair AX-750 | Silverstone TJ10B-WESA | Samsung 2443BW | Logitech G19 | Logitech G500

BC AdBot (Login to Remove)

 


#2 philo-sofa

philo-sofa
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Auckland, New Zealand
  • Local time:01:58 PM

Posted 08 January 2013 - 02:13 AM

Combmbofix Copypasta Follows (yeah I know I'm technically not supposed to jump here but hey):

ComboFix 13-01-06.01 - Alex 08/01/2013 7:03.4.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.64.1033.18.8086.4677 [GMT 0:00]
Running from: d:\install\System\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-12-08 to 2013-01-08 )))))))))))))))))))))))))))))))
.
.
2013-01-08 07:06 . 2013-01-08 07:06 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-08 07:06 . 2013-01-08 07:06 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-01-08 07:06 . 2013-01-08 07:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-05 19:12 . 2013-01-05 19:12 -------- d-----w- c:\windows\46ED2B6485C74E1F920CA555B21F2E4C.TMP
2013-01-05 19:11 . 2010-05-26 11:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2013-01-05 19:11 . 2010-05-26 11:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2013-01-03 11:41 . 2013-01-03 11:41 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-30 00:50 . 2012-12-30 00:50 -------- d-----w- c:\program files (x86)\Silabs
2012-12-30 00:50 . 2012-12-30 00:51 -------- d-----w- c:\users\Alex\AppData\Roaming\Corsair
2012-12-30 00:49 . 2012-12-30 00:49 -------- d-----w- c:\program files (x86)\Corsair
2012-12-30 00:48 . 2012-12-30 00:48 -------- d-----w- c:\users\Alex\AppData\Local\Downloaded Installations
2012-12-23 13:22 . 2012-12-23 13:22 -------- d-----w- c:\windows\SysWow64\NV
2012-12-23 13:22 . 2012-12-23 13:22 -------- d-----w- c:\windows\system32\NV
2012-12-23 13:12 . 2012-12-23 13:12 -------- d-----w- c:\programdata\VS
2012-12-23 13:00 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-12-23 13:00 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-12-23 13:00 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-12-23 13:00 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-12-23 13:00 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-12-23 13:00 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-12-23 13:00 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-12-23 13:00 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-12-23 13:00 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-12-23 12:56 . 2012-12-23 12:56 -------- d-----w- c:\users\Alex\AppData\Roaming\AVG2013
2012-12-23 12:55 . 2012-12-23 12:55 -------- d-----w- c:\users\Alex\AppData\Roaming\TuneUp Software
2012-12-23 12:55 . 2012-12-23 12:56 -------- d-----w- c:\programdata\AVG2013
2012-12-23 12:50 . 2012-12-23 14:28 -------- d-----w- c:\users\Alex\AppData\Local\Avg2013
2012-12-23 12:50 . 2012-12-23 12:50 -------- d-----w- c:\users\Alex\AppData\Local\MFAData
2012-12-23 02:46 . 2012-12-23 02:51 -------- d-----w- c:\users\Alex\AppData\Local\dxhr
2012-12-23 02:44 . 2012-12-23 02:44 -------- d-----w- c:\users\Alex\AppData\Local\28050
2012-12-22 21:25 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 21:25 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 21:25 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-22 21:25 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-18 01:50 . 2012-03-30 13:41 83560 ----a-w- c:\programdata\Microsoft\BingDesktop\Updater\BingDesktopRestarter.exe
2012-12-16 07:38 . 2012-12-16 07:38 -------- d-----w- c:\users\Alex\AppData\Roaming\Yahoo!
2012-12-12 02:40 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 02:40 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-12 02:40 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-04 19:47 . 2009-10-03 03:59 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-01-04 19:47 . 2009-10-03 03:59 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-01-04 19:47 . 2009-10-03 03:59 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-01-03 11:41 . 2012-06-24 06:01 859072 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-01-03 11:41 . 2011-05-07 12:47 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-31 16:20 . 2010-04-30 16:36 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-12-29 16:07 . 2010-10-03 02:39 84448 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-12-13 21:56 . 2009-10-02 06:14 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-11 22:15 . 2012-04-03 20:22 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-11 22:15 . 2011-07-02 13:27 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-03 15:47 . 2012-12-04 19:40 9271352 ----a-w- c:\windows\system32\nvcuda.dll
2012-12-03 15:47 . 2012-12-04 19:40 841272 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-12-03 15:47 . 2012-12-04 19:40 7819016 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-12-03 15:47 . 2012-12-04 19:40 7446192 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-03 15:47 . 2012-12-04 19:40 6149904 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-12-03 15:47 . 2012-12-04 19:40 417128 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2012-12-03 15:47 . 2012-12-04 19:40 361832 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2012-12-03 15:47 . 2012-12-04 19:40 2784104 ----a-w- c:\windows\system32\nvcuvid.dll
2012-12-03 15:47 . 2012-12-04 19:40 26811240 ----a-w- c:\windows\system32\nvoglv64.dll
2012-12-03 15:47 . 2012-12-04 19:40 2606440 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-12-03 15:47 . 2012-12-04 19:40 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-12-03 15:47 . 2012-12-04 19:40 245432 ----a-w- c:\windows\system32\nvinitx.dll
2012-12-03 15:47 . 2012-12-04 19:40 2226024 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-12-03 15:47 . 2012-12-04 19:40 20335976 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-12-03 15:47 . 2012-12-04 19:40 201136 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-12-03 15:47 . 2012-12-04 19:40 1874280 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-12-03 15:47 . 2012-12-04 19:40 18045968 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-12-03 15:47 . 2012-12-04 19:40 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-12-03 15:47 . 2012-12-04 19:40 12603960 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-12-03 15:47 . 2012-12-04 19:40 11532648 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-12-03 15:47 . 2012-11-20 22:44 15122280 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-12-03 15:47 . 2012-11-20 22:44 983936 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-12-03 15:47 . 2012-11-20 22:44 2816824 ----a-w- c:\windows\system32\nvapi64.dll
2012-12-03 15:47 . 2012-11-20 22:44 2496976 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-12-03 15:47 . 2012-11-20 22:44 1805672 ----a-w- c:\windows\system32\nvdispco64.dll
2012-12-03 15:47 . 2012-11-20 22:44 1504104 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-12-03 15:47 . 2012-11-20 22:44 15016256 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-12-01 05:49 . 2012-11-20 22:45 3663213 ----a-w- c:\windows\system32\nvcoproc.bin
2012-12-01 05:49 . 2012-11-20 22:45 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-12-01 05:49 . 2012-11-20 22:45 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-12-01 05:49 . 2012-11-20 22:45 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-01 05:49 . 2012-11-20 22:45 890216 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-01 05:48 . 2012-11-20 22:45 6223208 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-01 05:48 . 2012-11-20 22:45 3311464 ----a-w- c:\windows\system32\nvsvc64.dll
2012-11-30 22:43 . 2012-11-30 22:43 438632 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-10-22 13:02 . 2012-10-22 13:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-16 08:38 . 2012-11-28 12:39 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 12:39 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 12:39 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 03:48 . 2012-10-15 03:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"PeerBlock"="c:\program files\!Internet\PeerBlock\peerblock.exe" [2010-11-06 2646128]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872]
"Skype"="c:\program files (x86)\!Internet\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-10-17 284440]
"AVG_UI"="c:\program files (x86)\!Internet\AVG Free 2013\avgui.exe" [2012-11-06 3143800]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\appinit_dll.dll c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\!INTER~1\AVGFRE~1\avgrsa.exe /sync /restart
.
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Sierra2Service;Sierra2Service;c:\program files (x86)\Corsair\CorsairLink 2\SierraService.exe [2012-11-20 15872]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\!Internet\Updater\Updater.exe [2012-11-09 160944]
R3 ALSysIO;ALSysIO;c:\users\Alex\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
R3 atillk64;atillk64;c:\ati_winflash_2.0.1.18\atillk64.sys [x]
R3 cpuz130;cpuz130;c:\users\Alex\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2009-10-16 22016]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2008-09-17 12744]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2012-07-17 26432]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2009-11-10 74256]
R3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys [2009-06-30 30728]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2009-11-10 13328]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-09 22528]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [2009-10-16 28160]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\!Utilities\RivaTuner v2.24\RivaTuner64.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-15 115240]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-15 19496]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-15 158760]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-15 137256]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-15 34344]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-15 136744]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-15 151592]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM10864.sys [2008-01-03 1276928]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-09 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-27 16152]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2011-05-10 17192]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-28 279616]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files (x86)\!Utilities\HWiNFO32\HWiNFO64A.SYS [2012-02-07 30592]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\!Internet\AVG Free 2013\avgidsagent.exe [2012-11-06 5814392]
S2 avgwd;AVG WatchDog;c:\program files (x86)\!Internet\AVG Free 2013\avgwdsvc.exe [2012-10-22 196664]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-11-22 166424]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\!Games\Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13592]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-02-21 128280]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-02-21 161560]
S2 MBAMService;MBAMService;c:\program files (x86)\!Utilities\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2009-10-16 606048]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-02-28 363800]
S3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [2008-04-27 47160]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2012-02-01 160256]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-27 356120]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-27 788760]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-09 425000]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 25416]
S3 pbfilter;pbfilter;c:\program files\!Internet\PeerBlock\pbfilter.sys [2010-11-06 24176]
S3 RAMDiskVE;RAMDiskVE;c:\windows\system32\Drivers\RAMDiskVE.sys [2011-09-19 70952]
S3 RTCore64;RTCore64;c:\program files (x86)\!Drivers\EVGA Precision X\RTCore64.sys [2012-10-17 15176]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-05-12 1105440]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-08 34032]
S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys [2012-06-17 75592]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Corsair\CorsairLink 2\WinRing0x64.sys [2012-10-31 14544]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 22:15]
.
2013-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-02 06:09]
.
2013-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-02 06:09]
.
2013-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2693711153-3735113719-2209539780-1001Core.job
- c:\users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-13 20:29]
.
2013-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2693711153-3735113719-2209539780-1001UA.job
- c:\users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-13 20:29]
.
2013-01-08 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 12:41]
.
2013-01-07 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 12:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cm108Sound"="c:\windows\Syswow64\cm108.cpl" [2008-01-09 6475776]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\appinit_dll.dll c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uSearch Page = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
uStart Page = hxxp://www.google.co.uk/
uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
mDefault_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
mStart Page = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2937
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
mSearch Bar = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE: E&xport to Microsoft Excel - c:\progra~2\!Office\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\6nvg1qux.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.nz/
FF - ExtSQL: 2012-11-14 01:05; {3f1182ea-3243-4d32-8826-71fb1cc9c328}; c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\6nvg1qux.default\extensions\{3f1182ea-3243-4d32-8826-71fb1cc9c328}.xpi
FF - ExtSQL: 2049-12-31 02:00; {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}; c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\6nvg1qux.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-CMIUSB&1B1C&1C00 - c:\program files (x86)\Silabs\MCU\USBXpress\DriverUninstaller.exe USBXpress\CMIUSB&1B1C&1C00
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2693711153-3735113719-2209539780-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*^=]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2693711153-3735113719-2209539780-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*^=\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2693711153-3735113719-2209539780-1001\Software\SecuROM\License information*]
"datasecu"=hex:f6,ab,0e,f9,7b,b8,9d,ef,3d,cc,1d,bc,ab,4d,12,b7,16,a4,44,22,80,
70,08,0c,42,bf,cc,e4,ac,42,3f,c3,e4,d5,23,96,1b,58,ba,c7,4d,dc,12,11,42,55,\
"rkeysecu"=hex:77,a9,c4,0f,48,82,8f,e9,4c,02,af,e7,73,64,43,41
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-08 07:09:34
ComboFix-quarantined-files.txt 2013-01-08 07:09
ComboFix2.txt 2013-01-08 06:44
.
Pre-Run: 249,139,552,256 bytes free
Post-Run: 249,017,106,432 bytes free
.
- - End Of File - - 6509C0630B5B94821819D989F75EF986
i7 860 @ 4.0Ghz | Prolimatech Megashadow & 120mm Gelid | MSI P55-GD65 | 8 GB G.Skill DDR3 1600 CL8 | Sapphire AMD HD 6970 (flashed from HD 6950) @ 910/5600 MHz | 2x 160GB Intel 320 Series (RAID 0), 1.5TB + 2TB Seagate | Corsair AX-750 | Silverstone TJ10B-WESA | Samsung 2443BW | Logitech G19 | Logitech G500

#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:58 PM

Posted 09 January 2013 - 10:21 AM

Please run the following:


Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:58 PM

Posted 18 January 2013 - 11:54 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users