Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe Win32:PuP virus


  • This topic is locked This topic is locked
29 replies to this topic

#1 Scyron

Scyron

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 09 January 2013 - 03:08 PM

I was finally able to get the chance to run DDS and these are the results that came up.

First Document that came up

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 12/28/2012 9:26:44 AM
System Uptime: 1/6/2013 10:40:25 PM (64 hours ago)
.
Motherboard: ASRock | | Z77 Extreme4
Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz | CPUSocket | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 759.081 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP43: 1/7/2013 12:54:51 AM - Scheduled Checkpoint
RP44: 1/9/2013 6:35:45 AM - Windows Update
RP45: 1/9/2013 2:36:29 PM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.2
Advanced SystemCare 6
Aeria Ignite
Akamai NetSession Interface
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Amnesia: The Dark Descent
Apple Application Support
Apple Software Update
Application Profiles
Asmedia ASM104x USB 3.0 Host Controller Driver
Asmedia ASM106x SATA Host Controller Driver
ASRock App Charger v1.0.5
ASRock eXtreme Tuner v0.1.257
ASRock InstantBoot v1.29
ASRock SmartConnect v1.0.6
ASRock XFast RAM v2.0.9
avast! Free Antivirus
Bastion
BioShock
BioShock 2
Broadcom NetLink Controller
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Curse Client
CyberLink MediaEspresso
DragonNest
Dream of the Blood Moon
Dungeon Defenders
eReg
Far Cry 3
Google Chrome
Google Update Helper
Half-Life 2
Half-Life 2: Deathmatch
HP Officejet Pro 8600 Basic Device Software
HydraVision
Intel® Control Center
Intel® Manageability Engine Firmware Recovery Agent
Intel® Management Engine Components
Intel® OpenCL CPU Runtime
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® Smart Connect Technology 2.0 x64
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
Java 7 Update 10 (64-bit)
League of Legends
Left 4 Dead
Left 4 Dead 2
LIMBO
Logitech SetPoint 6.51
Malwarebytes Anti-Malware version 1.70.0.1100
MapleStory
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft XNA Framework Redistributable 3.1
Nexon Game Manager
Orcs Must Die! 2
Pando Media Booster
Portal
Portal 2
Project64 1.6
PunkBuster Services
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Shaiya
Skype™ 6.0
Splashtop Connect IE
Steam
Team Fortress 2
The Binding of Isaac
THX TruStudio
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Uplay
VIRTU MVP 2.1.221
WinRAR 4.20 (64-bit)
XFast LAN v6.61
XFastUSB
XSplit
.
==== Event Viewer Messages From Past Week ========
.
1/6/2013 9:45:00 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Interactive Services Detection service to connect.
1/6/2013 9:45:00 PM, Error: Service Control Manager [7000] - The Interactive Services Detection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/6/2013 1:34:49 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
1/5/2013 12:54:54 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
1/5/2013 12:18:19 PM, Error: Service Control Manager [7034] - The Advanced SystemCare Service 6 service terminated unexpectedly. It has done this 1 time(s).
1/5/2013 11:47:49 AM, Error: Service Control Manager [7034] - The UMVPFSrv service terminated unexpectedly. It has done this 1 time(s).
1/5/2013 1:23:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Print Spooler service to connect.
1/5/2013 1:23:55 PM, Error: Service Control Manager [7000] - The Print Spooler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/5/2013 1:23:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Advanced SystemCare Service 6 service to connect.
1/5/2013 1:23:41 PM, Error: Service Control Manager [7000] - The Advanced SystemCare Service 6 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/4/2013 3:09:48 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
1/2/2013 11:08:10 PM, Error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

Second Document
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by Brandon at 14:45:28 on 2013-01-09
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8076.4767 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\ASRock\XFast LAN\spd.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Users\Brandon\AppData\Local\Akamai\netsession_win.exe
C:\Users\Brandon\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\XFastUSB\XFastUsb.exe
C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
C:\Program Files\Lucidlogix Technologies\VIRTU MVP\EKAG20NT.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Lucidlogix Technologies\VIRTU MVP\lucidservices.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wuauclt.exe
C:\Users\Brandon\Important Downloads\Games\LeagueOfLegends\League of Legends\RADS\system\rads_user_kernel.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Users\Brandon\Important Downloads\Games\LeagueOfLegends\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.104\deploy\LoLLauncher.exe
C:\Users\Brandon\Important Downloads\Games\LeagueOfLegends\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.229\deploy\LolClient.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2742595-x64.exe
C:\Windows\system32\SearchFilterHost.exe
c:\ab5f59db49571270b37b0e39\Setup.exe
c:\Windows\system32\MsiExec.exe
c:\Windows\syswow64\MsiExec.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
c:\Windows\system32\MsiExec.exe
c:\Windows\syswow64\MsiExec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:splashtopconnect
uProxyOverride = <local>
uURLSearchHooks: Splashtop Connect SearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll
mWinlogon: Userinit = userinit.exe
BHO: Splashtop Connect VisualBookmark: {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [ASRockXTU] <no file>
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"
mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SmartViewAgent] "C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe"
mRun: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
mRun: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe] C:\ProgramData\Adobe\EF99A.vbe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\Users\Brandon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\logishrd\eReg\SetPoint\eReg.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{AE20441A-C99F-47FF-AAF2-0F958573BFD2} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\Windows\SysWOW64\appinit_dll.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [VIRTU MVP] C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe /hide
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-9-21 49760]
R0 AsrRamDisk;AsrRamDisk;C:\Windows\System32\drivers\AsrRamDisk.sys [2012-12-28 31016]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-12-28 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2012-12-28 17192]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-1-5 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-1-5 370288]
R1 FNETURPX;FNETURPX;C:\Windows\System32\drivers\FNETURPX.SYS [2012-12-28 15936]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-12-27 464256]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-13 239616]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-1-5 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-1-5 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-1-5 44808]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-12-28 13632]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-12-28 128280]
R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2012-2-9 133632]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-12-28 161560]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-5 398184]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
R2 SCBackService;Splashtop Connect Service;C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-12-28 363800]
R2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-3-22 497480]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-3-4 126952]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-3-4 390632]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-12-28 96896]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2012-2-9 25536]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2012-2-9 25536]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-12-28 331264]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2012-2-9 44992]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-12-28 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-12-28 788760]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-5-9 425000]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-5 24176]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2012-12-28 32344]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 SaiK0728;SaiK0728;C:\Windows\System32\drivers\SaiK0728.sys [2008-1-21 129024]
R3 VirtuWDDM;VirtuWDDM;C:\Windows\System32\drivers\VirtuWDDM.sys [2013-1-5 97072]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\drivers\WPRO_41_2001.sys [2012-12-28 34752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-5 682344]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S2 SmartViewService;SmartView service;C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe --> C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-2 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-2 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-28 1255736]
.
=============== Created Last 30 ================
.
2013-01-09 19:44:15 -------- d-----w- C:\ab5f59db49571270b37b0e39
2013-01-09 11:57:43 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{781ADD58-F6EB-440B-9FA9-30E9D5D225F6}\mpengine.dll
2013-01-09 11:37:25 9125352 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-07 05:12:21 94656 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmp
2013-01-06 17:25:09 53248 ----a-r- C:\Users\Brandon\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-01-06 17:24:01 -------- d-----w- C:\Users\Brandon\AppData\Roaming\Logishrd
2013-01-05 18:41:38 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-01-05 18:41:33 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-01-05 18:41:30 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-01-05 18:40:51 41224 ----a-w- C:\Windows\avastSS.scr
2013-01-05 18:40:42 -------- d-----w- C:\ProgramData\AVAST Software
2013-01-05 18:40:42 -------- d-----w- C:\Program Files\AVAST Software
2013-01-05 18:35:37 -------- d-----w- C:\ProgramData\HitmanPro
2013-01-05 17:26:37 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{16E13CC2-660B-409A-8F86-E8ACED515800}\gapaengine.dll
2013-01-05 17:25:15 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-01-05 17:25:10 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-01-05 16:55:14 -------- d-----w- C:\Users\Brandon\AppData\Roaming\Malwarebytes
2013-01-05 16:55:06 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-01-05 16:55:06 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-05 16:55:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-05 16:54:55 -------- d-----w- C:\Users\Brandon\AppData\Local\Programs
2013-01-05 16:19:35 -------- d-----w- C:\Users\Brandon\AppData\Local\ElevatedDiagnostics
2013-01-05 16:05:23 -------- d-sha-r- C:\ProgramData\Key-Base
2013-01-05 16:03:42 -------- d-----w- C:\Users\Brandon\AppData\Local\Aeria Games
2013-01-05 16:03:39 97072 ----a-w- C:\Windows\System32\drivers\VirtuWDDM.sys
2013-01-05 16:03:29 473392 ----a-w- C:\Windows\System32\appinit_dll.dll
2013-01-05 16:03:27 434480 ----a-w- C:\Windows\SysWow64\appinit_dll.dll
2013-01-05 16:03:25 -------- d-----w- C:\Program Files\Lucidlogix Technologies
2013-01-05 16:03:04 -------- d-----w- C:\ProgramData\Aeria Games
2013-01-05 06:47:20 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2013-01-05 06:47:20 -------- d-----w- C:\Program Files (x86)\Aeria Games
2013-01-05 06:39:22 -------- d-----w- C:\Users\Brandon\AppData\Local\Akamai
2013-01-05 06:39:20 -------- d-----w- C:\AeriaGames
2013-01-05 02:32:56 -------- d-----w- C:\ProgramData\Nexon
2013-01-05 01:27:14 -------- d-----w- C:\ProgramData\fltk.org
2013-01-04 11:31:07 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7E36FAE1-9903-4BB6-BCEF-325C50B2C2C5}\mpengine.dll
2013-01-03 19:30:10 -------- d-----w- C:\Users\Brandon\AppData\Local\SKIDROW
2013-01-03 00:37:01 680036 ----a-w- C:\Windows\SysWow64\phatk121016Pitcairnv1w256l4.bin
2013-01-03 00:07:04 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-01-03 00:07:04 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-01-03 00:07:04 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-01-03 00:07:04 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-01-03 00:07:04 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-01-03 00:07:04 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-01-03 00:07:04 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-01-03 00:07:04 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-01-03 00:07:04 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2013-01-03 00:05:27 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-01-03 00:05:27 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-01-02 23:08:20 -------- d-----w- C:\Temp
2013-01-02 11:36:42 -------- d-----w- C:\Program Files (x86)\uTorrent
2013-01-02 11:36:11 -------- d-----w- C:\Users\Brandon\AppData\Roaming\uTorrent
2013-01-01 21:32:56 -------- d-----w- C:\Program Files (x86)\AMD AVT
2013-01-01 21:32:52 -------- d-----w- C:\Program Files (x86)\AMD APP
2013-01-01 21:17:40 -------- d-----w- C:\AMD
2013-01-01 15:57:01 -------- d-----w- C:\ProgramData\NexonUS
2013-01-01 15:43:11 -------- d-----w- C:\Program Files (x86)\SplitMediaLabs
2012-12-31 21:34:42 25472 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2012-12-31 21:06:22 -------- d-----w- C:\Windows\System32\SPReview
2012-12-31 21:05:53 -------- d-----w- C:\Windows\System32\EventProviders
2012-12-31 21:03:14 96768 ----a-w- C:\Windows\System32\fsutil.exe
2012-12-31 21:03:14 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2012-12-31 21:03:14 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2012-12-31 21:03:14 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2012-12-31 21:03:14 2565632 ----a-w- C:\Windows\System32\esent.dll
2012-12-31 21:03:14 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2012-12-31 21:03:14 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2012-12-31 21:03:14 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2012-12-31 21:03:14 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2012-12-31 21:03:14 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2012-12-31 16:17:00 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-12-31 16:16:53 -------- d-----w- C:\Users\Brandon\AppData\Local\PunkBuster
2012-12-31 15:57:57 -------- d-----w- C:\Users\Brandon\AppData\Roaming\fltk.org
2012-12-31 15:46:19 40960 ----a-r- C:\Users\Brandon\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-12-31 15:46:19 40960 ----a-r- C:\Users\Brandon\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-12-31 07:22:10 -------- d-----w- C:\Users\Brandon\AppData\Local\Ubisoft Game Launcher
2012-12-31 07:16:00 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-12-31 07:16:00 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-12-31 07:16:00 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-12-31 06:03:03 -------- d-----w- C:\Users\Brandon\AppData\Roaming\GetRightToGo
2012-12-31 01:10:45 2560 ----a-w- C:\Windows\System32\drivers\fi-FI\wdf01000.sys.mui
2012-12-31 00:50:13 741480 ------w- C:\Windows\System32\HPDiscoPM5912.dll
2012-12-31 00:50:07 -------- d-----w- C:\Program Files\HP
2012-12-31 00:50:07 -------- d-----w- C:\Program Files (x86)\HP
2012-12-31 00:48:37 -------- d-----w- C:\Users\Brandon\AppData\Local\HP
2012-12-30 20:34:59 86528 ----a-w- C:\Windows\SysWow64\isoburn.exe
2012-12-30 20:17:07 -------- d-----w- C:\Windows\fi-FI
2012-12-30 20:17:03 -------- d-----w- C:\Windows\SysWow64\XPSViewer
2012-12-30 20:17:03 -------- d-----w- C:\Windows\SysWow64\wbem\fi-FI
2012-12-30 20:17:03 -------- d-----w- C:\Windows\SysWow64\fi
2012-12-30 20:17:03 -------- d-----w- C:\Windows\SysWow64\drivers\fi-FI
2012-12-30 20:16:52 -------- d-----w- C:\Windows\System32\drivers\UMDF\fi-FI
2012-12-30 20:16:52 -------- d-----w- C:\Windows\System32\drivers\fi-FI
2012-12-30 20:16:51 -------- d-----w- C:\Windows\System32\fi
2012-12-30 20:16:48 -------- d-----w- C:\Windows\System32\wbem\fi-FI
2012-12-30 20:03:47 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-12-30 20:03:47 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-12-30 20:03:47 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-12-30 19:09:08 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2012-12-30 19:09:08 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2012-12-30 19:09:08 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2012-12-30 19:09:08 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2012-12-30 19:09:08 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2012-12-30 19:09:08 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2012-12-30 19:09:08 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2012-12-28 17:22:08 -------- d-----w- C:\Windows\Panther
2012-12-28 16:59:33 -------- d-----w- C:\Users\Brandon\AppData\Local\FFsplit
2012-12-28 16:57:04 -------- d-----w- C:\ProgramData\Package Cache
2012-12-28 16:56:56 -------- d-----w- C:\Program Files (x86)\FFsplit
2012-12-28 15:32:38 -------- d-----w- C:\Users\Brandon\AppData\Local\Apple Computer
2012-12-28 15:11:31 -------- d-----w- C:\Users\Brandon\AppData\Local\Dxtory Software
2012-12-28 15:11:30 -------- d-----w- C:\Program Files (x86)\Dxtory Software
2012-12-28 15:02:56 -------- d-----w- C:\Users\Brandon\AppData\Roaming\Splashtop
2012-12-28 15:02:52 31232 ----a-w- C:\Windows\System32\prevhost.exe
2012-12-28 15:02:51 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2012-12-28 15:02:49 974336 ----a-w- C:\Windows\System32\WFS.exe
2012-12-28 15:02:49 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2012-12-28 15:02:48 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-12-28 15:02:48 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-12-28 15:00:15 90112 ------w- C:\Windows\Updreg.EXE
2012-12-28 15:00:11 26624 ------w- C:\Windows\System32\THXCfg64.dll
2012-12-28 15:00:11 141312 ------w- C:\Windows\System32\THXCfg64.exe
2012-12-28 15:00:11 11264 ------w- C:\Windows\SysWow64\ResDefA.exe
2012-12-28 15:00:09 89088 ----a-w- C:\Windows\System32\CmdRtr64.DLL
2012-12-28 15:00:09 73728 ----a-w- C:\Windows\SysWow64\CmdRtr.DLL
2012-12-28 15:00:09 246784 ----a-w- C:\Windows\System32\APOMgr64.DLL
2012-12-28 15:00:09 190464 ----a-w- C:\Windows\SysWow64\APOMngr.DLL
2012-12-28 14:59:59 -------- d-----w- C:\Program Files (x86)\Creative
2012-12-28 14:59:27 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2012-12-28 14:59:27 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2012-12-28 14:59:27 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2012-12-28 14:59:27 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2012-12-28 14:59:27 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2012-12-28 14:59:27 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2012-12-28 14:59:27 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2012-12-28 14:58:00 1632128 ----a-w- C:\Windows\System32\drivers\cfosspeed6.sys
2012-12-28 14:58:00 -------- d-----w- C:\Users\Brandon\AppData\Local\cFos
2012-12-28 14:58:00 -------- d-----w- C:\Program Files\ASRock
2012-12-28 14:57:55 -------- d-----w- C:\ProgramData\cFos
2012-12-28 14:57:54 15936 ----a-w- C:\Windows\System32\drivers\FNETURPX.SYS
2012-12-28 14:57:54 -------- d-----w- C:\ProgramData\FNET
2012-12-28 14:57:52 -------- d-----w- C:\Program Files (x86)\XFastUSB
2012-12-28 14:57:44 31016 ----a-w- C:\Windows\System32\drivers\AsrRamDisk.sys
2012-12-28 14:57:39 -------- d-----w- C:\Program Files (x86)\ASRock Utility
2012-12-28 14:57:32 17192 ----a-w- C:\Windows\System32\drivers\AsrAppCharger.sys
2012-12-28 14:57:32 -------- d-----w- C:\Program Files\ASRock Utility
2012-12-28 14:56:34 -------- d-----w- C:\Users\Brandon\Lucidlogix
2012-12-28 14:56:09 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys
2012-12-28 14:54:39 -------- d-----w- C:\Program Files (x86)\ASM106xSATA
2012-12-28 14:53:09 9125352 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2012-12-28 14:53:08 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-12-28 14:52:44 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-12-28 14:52:44 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-12-28 14:52:44 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-12-28 14:52:29 -------- d-----w- C:\Program Files (x86)\ASM104xUSB3
2012-12-28 14:51:43 16152 ----a-w- C:\Windows\System32\drivers\iusb3hcs.sys
2012-12-28 14:51:33 788760 ----a-w- C:\Windows\System32\drivers\iusb3xhc.sys
2012-12-28 14:51:32 356120 ----a-w- C:\Windows\System32\drivers\iusb3hub.sys
2012-12-28 14:50:16 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2012-12-28 14:49:54 15128 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2012-12-28 14:49:34 -------- d-----w- C:\Users\Brandon\AppData\Roaming\Intel Corporation
2012-12-28 14:48:50 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2012-12-28 14:46:50 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-12-28 14:46:45 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-12-28 14:46:33 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-12-28 14:46:33 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-12-28 14:44:13 -------- d-----w- C:\Program Files\Common Files\Intel
2012-12-28 14:44:10 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2012-12-28 14:44:05 331264 ----a-w- C:\Windows\System32\drivers\IntcDAud.sys
2012-12-28 14:44:05 14848 ----a-w- C:\Windows\System32\IntcDAuC.dll
2012-12-28 14:43:48 94208 ----a-w- C:\Windows\System32\IccLibDll_x64.dll
2012-12-28 14:43:48 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2761.dll
2012-12-28 14:43:48 755572 ----a-w- C:\Windows\SysWow64\igkrng700.bin
2012-12-28 14:43:48 755572 ----a-w- C:\Windows\System32\igkrng700.bin
2012-12-28 14:43:48 63488 ----a-w- C:\Windows\System32\igfxsrvc.dll
2012-12-28 14:43:48 56832 ----a-w- C:\Windows\System32\OpenCL.dll
2012-12-28 14:43:48 56320 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-12-28 14:43:48 559972 ----a-w- C:\Windows\SysWow64\igfcg700m.bin
2012-12-28 14:43:48 559972 ----a-w- C:\Windows\System32\igfcg700m.bin
2012-12-28 14:43:48 524800 ----a-w- C:\Windows\System32\iglhsip64.dll
2012-12-28 14:43:48 519680 ----a-w- C:\Windows\SysWow64\iglhsip32.dll
2012-12-28 14:43:48 110592 ----a-w- C:\Windows\System32\hccutils.dll
2012-12-28 14:41:33 53248 ----a-r- C:\Windows\SysWow64\CSVer.dll
2012-12-28 14:41:26 -------- d-----w- C:\Intel
2012-12-28 14:39:58 -------- d-----w- C:\Users\Brandon\AppData\Local\ATI
2012-12-28 14:39:43 0 ----a-w- C:\Windows\ativpsrm.bin
2012-12-28 14:38:46 -------- d-----w- C:\ProgramData\AMD
2012-12-28 14:38:30 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2012-12-28 14:38:30 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2012-12-28 14:37:38 96896 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2012-12-28 14:36:37 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-12-28 14:36:01 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2012-12-28 14:35:52 -------- d-sh--w- C:\Windows\Installer
2012-12-28 14:35:52 -------- d-----w- C:\Program Files\ATI
2012-12-28 14:34:54 -------- d-----w- C:\Program Files\ATI Technologies
2012-12-28 14:30:22 -------- d-----w- C:\Windows\SysWow64\Wat
2012-12-28 14:30:22 -------- d-----w- C:\Windows\System32\Wat
2012-12-28 14:27:21 -------- d-----w- C:\Users\Brandon\AppData\Local\VirtualStore
2012-12-28 08:13:55 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-12-28 08:13:55 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-12-28 08:13:55 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-12-28 08:13:55 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-12-28 08:04:04 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2012-12-28 08:04:04 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-28 08:04:04 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-28 08:04:04 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-28 08:04:04 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-28 08:04:04 100864 ----a-w- C:\Windows\System32\fontsub.dll
2012-12-28 08:03:41 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-12-28 08:03:41 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-12-28 08:03:41 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-12-28 08:03:41 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-12-28 08:03:41 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-12-28 08:03:40 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-12-28 08:03:40 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-12-28 08:02:10 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-12-28 08:02:10 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-12-28 08:02:10 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-12-28 08:02:10 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-12-28 08:02:10 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-12-28 06:52:27 -------- d-----w- C:\Users\Brandon\AppData\Roaming\LolClient
2012-12-28 06:17:10 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-12-28 06:14:36 -------- d-----w- C:\ProgramData\Splashtop
2012-12-28 06:14:31 -------- d-----w- C:\Program Files (x86)\Splashtop
2012-12-28 06:14:07 -------- d-----w- C:\Users\Brandon\AppData\Local\Adobe
2012-12-28 06:12:37 -------- d-----w- C:\ProgramData\DeviceVM
2012-12-28 06:10:51 -------- d-----w- C:\ProgramData\Norton
2012-12-28 06:10:28 -------- d-----w- C:\ProgramData\NortonInstaller
2012-12-28 06:10:24 -------- d--h--w- C:\ProgramData\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3}
2012-12-28 06:10:24 -------- d-----w- C:\Users\Brandon\AppData\Roaming\DeviceVm
2012-12-28 06:09:42 -------- d-----w- C:\Users\Brandon\AppData\Local\Cyberlink
2012-12-28 04:24:10 -------- d-----w- C:\Users\Brandon\AppData\Local\CrashDumps
2012-12-28 04:09:30 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll
2012-12-28 04:09:30 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll
2012-12-28 04:09:30 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2012-12-28 04:09:30 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2012-12-28 04:09:30 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2012-12-28 04:06:10 -------- d-----w- C:\Windows\System32\appmgmt
2012-12-28 03:31:43 -------- d-----w- C:\Windows\SysWow64\directx
2012-12-28 03:31:38 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
2012-12-28 03:31:38 517448 ----a-w- C:\Windows\SysWow64\XAudio2_4.dll
2012-12-28 03:31:38 3495784 ----a-w- C:\Windows\SysWow64\d3dx9_33.dll
2012-12-28 03:31:38 235352 ----a-w- C:\Windows\SysWow64\xactengine3_4.dll
2012-12-28 03:31:38 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_6.dll
2012-12-28 03:31:37 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll
2012-12-28 03:31:20 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2012-12-28 03:20:22 -------- d-----w- C:\Users\Brandon\AppData\Local\PMB Files
2012-12-28 03:20:22 -------- d-----w- C:\ProgramData\PMB Files
2012-12-28 03:20:12 -------- d-----w- C:\Program Files (x86)\Pando Networks
2012-12-28 03:20:05 -------- d-----w- C:\Users\Brandon\.swt
2012-12-28 03:09:33 -------- d-----w- C:\ProgramData\IObit
2012-12-28 03:09:32 -------- d-----w- C:\Users\Brandon\AppData\Roaming\IObit
2012-12-28 03:09:30 -------- d-----w- C:\Program Files (x86)\IObit
2012-12-28 02:44:37 -------- d-----w- C:\Users\Brandon\AppData\Local\SplitMediaLabs
2012-12-28 02:44:20 -------- d-----w- C:\ProgramData\SplitMediaLabs
2012-12-28 02:44:11 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-28 02:44:11 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-28 02:43:34 -------- d-----w- C:\Users\Brandon\AppData\Roaming\SplitMediaLabs
2012-12-28 02:33:38 959976 ----a-w- C:\Windows\System32\deployJava1.dll
2012-12-28 02:33:38 1081320 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-12-28 02:33:36 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-12-28 02:20:19 -------- d-----w- C:\Program Files (x86)\Steam
2012-12-28 02:20:19 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2012-12-28 02:16:12 -------- d-----w- C:\Users\Brandon\AppData\Roaming\.minecraft
2012-12-28 02:15:35 859072 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-12-28 02:15:35 779704 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-12-28 02:13:13 -------- d-----r- C:\Program Files (x86)\Skype
2012-12-28 02:10:32 -------- d-----w- C:\Users\Brandon\Important Downloads
2012-12-28 02:06:49 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-12-28 02:05:59 778752 ----a-w- C:\Windows\System32\mssvp.dll
2012-12-28 02:03:48 -------- d-----w- C:\Users\Brandon\AppData\Local\Google
2012-12-28 02:03:40 -------- d-----w- C:\Users\Brandon\AppData\Local\Deployment
2012-12-28 02:03:40 -------- d-----w- C:\Users\Brandon\AppData\Local\Apps
.
==================== Find3M ====================
.
2012-12-31 21:17:24 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-12-31 21:17:24 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-10-25 08:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
.
============= FINISH: 14:47:26.38 ===============

I have the odd svchost.exe that was running in the avast! chest atm because it regenerated itself after deleting, I thought that would be the safest place. I'm not sure if without the exe and without it running the virus can still affect my computer, if it doesn't please say so so that I at least I know i'm safe at the moment. Also sorry if I put a wrong document, I wasn't sure if you wanted both or not so I put both anyways. I have already ran multiple security scans with many different programs (to many, I don't want to list them because I can't remember them all) I also know that the svchost.exe was located in my temp files, not my system32 so it's safe to assume it is a virus. Also under the task manager when I was looking at it there was a website, I think it was something along the lines of codechicken.com or something. I ran the avast! boot scan and that came up with 2 Win:32 PuP files and so I chose to delete them, I haven't ran another so I don't know where they were located or if they regenerated with the exe on start up. I also found this in my registry, MSC "c program files microsoft security client msseces" -hide -runkey, I am not sure if that is the piece regenerating all the files, but in case it is an actual program I want I will keep it there for now until told to do otherwise.

BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:20 PM

Posted 09 January 2013 - 03:16 PM

Good evening. :)

You need to start by uninstalling one of the two anti-virus programs you have installed: avast! Free Antivirus and Microsoft Security Essentials. There is a potential for conflictions with two, or more, AVs running as resident scanners. Choose your favourite and lose the other one.

After that, work through the following and post accordingly:

Pay a visit to the ESET Online Scanner.

  • Click the ESET Online Scanner button and a new window will open - you may need to maximise it.
  • Click the Run ESET Online Scanner button in the new window.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:

    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

So long, and thanks for all the fish.

 

 


#3 Scyron

Scyron
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 11 January 2013 - 04:10 PM

Got the results of the test, sorry it took a few days I expected an email for a reply but didn't get one so I just came to the thread to check today

C:\Users\Brandon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G3AX2K00\svchost[1].exe a variant of Win32/BitCoinMiner.L application

That is the only thing that showed up, that is the same exe file that I keep finding as it regenerates

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:20 PM

Posted 11 January 2013 - 08:05 PM

Good evening. :)

Download TFC (Temporary File Cleaner) by OldTimer from here and save it to your Desktop.

  • You will need to close all open programs and save any work as TFC will require a reboot.
  • Double-click TFC.exe to run it. (Note: If you are using Vista, right-click the file and select Run As Administrator from the menu that appears).
  • Click the Start button to begin. Depending on how often you clean temp files, execution time could be anywhere from a few seconds to a minute or two - just sit back and enjoy the view.
  • Once it has finished it should reboot your PC all by itself. If it does not, please manually reboot.
  • Once rebooted your PC will run like a Cray supercomputer, or at least have less junk on the hard drive - OT's not a miracle worker you know!
  • Please note that this tool will empty the Recycle Bin as part of it's actions. If you have anything in there that you haven't finished with, move it first.

Then run your scanner and tell me what it finds and where it is located.

So long, and thanks for all the fish.

 

 


#5 Scyron

Scyron
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 12 January 2013 - 02:46 PM

It found the same svchost.exe in the same temp folder (avast automatically removed it once I had it check for PuPs) i'm not sure if it will come back when I restart again but for the time being it is not on my computer.

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:20 PM

Posted 13 January 2013 - 02:55 PM

Good evening. :)

Would you mind installing and using a different browser for a day or two to see what happens. The folder in question is Internet Explorer's Temporary Internet Files folder and it could be that the file reappears because you revisit a site that is causing it to be put there. Using a different browser should rule that out and if the file no longer appears there we can rule out an onboard infection.
I like Firefox, but you could give Chrome a go or Opera perhaps.

So long, and thanks for all the fish.

 

 


#7 Scyron

Scyron
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 13 January 2013 - 05:01 PM

I'm already using Google chrome, if it were an onboard infection what would i have to do to get rid of it? Please don't tell me I need new hardware beacuse this computer is brand new. I'm going to restart my computer and see what happens as I haven't turned it off since avast deleted it, also do you think it could be due to just having IE installed still, i'm not sure if I have taken it off of my computer. Either way I am going to uninstall IE before restarting then i'm going to restart and see what happens. I will repost as soon as I have done so

#8 Scyron

Scyron
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 13 January 2013 - 05:13 PM

I just finished uninstalling internet explorer and restarting and it still came back, i moved the virus to the chest again and am about to delete it.

#9 Scyron

Scyron
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 13 January 2013 - 10:50 PM

I'm not sure if it is any help at all but whenever I start my computer adobe fails to start as well (flash I think I'm not certain) which could make sense as it could be hiding in flash (or something of the sort i'm not sure how it would work) and because I use chrome it has flash built in so I wouldn't have seen any problems caused by it in chrome. I'm not sure if it is or isn't a possibility but I can easily uninstall all of the adobes I have installed if necesarry.

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:20 PM

Posted 14 January 2013 - 02:59 PM

Good evening. :)

How long have you been aware of the file's existence and did you install any new software just prior to first finding the file in question?

So long, and thanks for all the fish.

 

 


#11 Scyron

Scyron
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 14 January 2013 - 06:50 PM

The file has been here for maybe 2 weeks now, I did download a torrent just before it showed up so it was obviously that file but I have already deleted that file and all of its contents but I'm not sure if there are any other things (such as the torrent) still connected to it. I know it's stupid to download torrents, and i'm not going to anymore but it had a trusted and vip symbol with many comments saying it was great no viruses and worked perfectly so I took the risk. I'm going to take some time and search for any other files that may have been connected to it (maybe some rars or zips) or maybe just some torrents, who knows, anything could be the cause of it coming back. Is there any way to get an onboard infection after purchasing the parts? If not then there is no doubt it isn't an onboard infection, the file wasn't here when I put the computer together, and all pieces were chosen by my brother so it is a custom build, which I would assume leaves me with less of a chance of having an onboard infection. I'll get back to you after I go searching a bit xD

#12 Scyron

Scyron
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 15 January 2013 - 02:42 PM

I have gone through and deleted all files related the the torrent, any searches with the name come up with no results. However after I restarted the file still came back, avast automatically moved it to the chest, this time it didn't delete it. I also got this error for adobe on start up as usual since I got the virus

---------------------------
Windows Script Host
---------------------------
Script: C:\ProgramData\Adobe\EF99A.vbe
Line: 147
Char: 5
Error: Permission denied
Code: 800A0046
Source: Microsoft VBScript runtime error

---------------------------
OK
---------------------------

Pretty simple I guess, I just don't know what is wrong because I don't know what it means. Now that we know it isn't a file related to the torrent I downloaded is there any possibility that there is still another file hiding somewhere undetected, if so where do you think I could find it?

#13 Scyron

Scyron
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 15 January 2013 - 02:47 PM

This is also a picture of my temp folder (without the virus due to it being moved to the avast chest)

The second one is a picture of the file in the avast chest

Attached File  Temp folder picture.png   243.84KB   3 downloads

Attached File  Avast chest picture.png   185.26KB   3 downloads

#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:20 PM

Posted 15 January 2013 - 03:19 PM

Good evening. :)

Take a trip to this webpage for download links and instructions for running Combofix by sUBs: http://www.bleepingcomputer.com/combofix/how-to-use-combofix *

  • When prompted to save Combofix, change the filename BEFORE saving it - any name will do, as long as it has .exe at the end.
  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste
  • Let me know how the PC is behaving.
* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console, so you are free to choose whether you want to complete this step, but it is in your interests to do so.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for!

So long, and thanks for all the fish.

 

 


#15 Scyron

Scyron
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 15 January 2013 - 09:35 PM

Here are the results of the scan

ComboFix 13-01-15.02 - Brandon 01/15/2013 21:08:52.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8076.5638 [GMT -5:00]
Running from: c:\users\Brandon\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\users\Brandon\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-12-16 to 2013-01-16 )))))))))))))))))))))))))))))))
.
.
2013-01-16 02:15 . 2012-11-19 06:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{131F09A2-646C-40EF-9220-BE4AAB5FF387}\mpengine.dll
2013-01-16 02:15 . 2013-01-16 02:15 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp
2013-01-16 02:14 . 2013-01-16 02:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-15 19:41 . 2012-11-30 01:17 97072 ----a-w- c:\windows\system32\drivers\VirtuWDDM.sys
2013-01-15 19:41 . 2013-01-15 19:41 -------- d-----w- c:\program files\Lucidlogix Technologies
2013-01-15 19:41 . 2012-11-30 01:17 434480 ----a-w- c:\windows\SysWow64\appinit_dll.dll
2013-01-15 19:41 . 2012-11-30 01:17 473392 ----a-w- c:\windows\system32\appinit_dll.dll
2013-01-15 11:52 . 2013-01-04 15:53 9060864 ----a-w- c:\windows\system32\mshtml.dll
2013-01-15 08:33 . 2012-11-19 06:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1CA7833B-FDFC-45B8-9F12-561EF1594F0C}\mpengine.dll
2013-01-13 19:21 . 2013-01-13 19:21 -------- d-----w- c:\program files (x86)\NCsoft
2013-01-12 17:00 . 2013-01-12 17:00 -------- d-----w- c:\programdata\ATI
2013-01-12 17:00 . 2013-01-12 17:00 -------- d-----w- c:\program files (x86)\AMD AVT
2013-01-09 11:39 . 2012-11-30 05:45 243200 ----a-w- c:\windows\system32\wow64.dll
2013-01-06 17:24 . 2013-01-15 19:31 -------- d-----w- c:\programdata\Logitech
2013-01-06 17:24 . 2013-01-15 19:31 -------- d-----w- c:\programdata\Logishrd
2013-01-05 18:41 . 2012-10-30 23:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-01-05 18:41 . 2012-10-30 23:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-01-05 18:41 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-01-05 18:41 . 2012-10-30 23:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-01-05 18:41 . 2012-10-30 23:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-01-05 18:41 . 2012-10-30 23:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-01-05 18:41 . 2012-10-30 23:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2013-01-05 18:40 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr
2013-01-05 18:40 . 2012-10-30 23:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2013-01-05 18:40 . 2013-01-05 18:40 -------- d-----w- c:\programdata\AVAST Software
2013-01-05 18:40 . 2013-01-05 18:40 -------- d-----w- c:\program files\AVAST Software
2013-01-05 18:35 . 2013-01-05 19:25 -------- d-----w- c:\programdata\HitmanPro
2013-01-05 16:55 . 2013-01-05 16:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-05 16:55 . 2013-01-05 16:55 -------- d-----w- c:\programdata\Malwarebytes
2013-01-05 16:55 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-05 16:05 . 2013-01-05 16:05 -------- d-sha-r- c:\programdata\Key-Base
2013-01-05 16:03 . 2013-01-05 16:03 -------- d-----w- c:\programdata\Aeria Games
2013-01-05 06:47 . 2013-01-14 23:52 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2013-01-05 06:47 . 2013-01-05 06:47 -------- d-----w- c:\program files (x86)\Aeria Games
2013-01-05 06:39 . 2013-01-05 06:39 -------- d-----w- C:\AeriaGames
2013-01-05 02:32 . 2013-01-05 02:32 -------- d-----w- c:\programdata\Nexon
2013-01-05 01:27 . 2013-01-05 01:27 -------- d-----w- c:\programdata\fltk.org
2013-01-03 00:37 . 2013-01-03 00:37 680036 ----a-w- c:\windows\SysWow64\phatk121016Pitcairnv1w256l4.bin
2013-01-03 00:07 . 2013-01-03 00:07 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-01-03 00:07 . 2013-01-03 00:07 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-01-03 00:07 . 2013-01-03 00:07 340992 ----a-w- c:\windows\system32\schannel.dll
2013-01-03 00:07 . 2013-01-03 00:07 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-01-03 00:07 . 2013-01-03 00:07 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-01-03 00:07 . 2013-01-03 00:07 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-01-03 00:07 . 2013-01-03 00:07 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-01-03 00:05 . 2013-01-03 00:05 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-01-03 00:05 . 2013-01-03 00:05 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-01-02 23:08 . 2013-01-03 00:51 -------- d-----w- C:\Temp
2013-01-02 11:36 . 2013-01-02 11:36 -------- d-----w- c:\program files (x86)\uTorrent
2013-01-01 21:32 . 2013-01-01 21:32 -------- d-----w- c:\program files (x86)\AMD APP
2013-01-01 21:17 . 2013-01-01 21:29 -------- d-----w- C:\AMD
2013-01-01 15:43 . 2013-01-01 15:43 -------- d-----w- c:\program files (x86)\SplitMediaLabs
2012-12-31 21:34 . 2012-10-13 00:09 25472 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-12-31 21:06 . 2012-12-31 21:06 -------- d-----w- c:\windows\system32\SPReview
2012-12-31 21:05 . 2012-12-31 21:05 -------- d-----w- c:\windows\system32\EventProviders
2012-12-31 21:03 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2012-12-31 21:03 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-12-31 21:03 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-12-31 21:03 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-12-31 21:03 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-12-31 21:03 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-12-31 21:03 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2012-12-31 21:03 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2012-12-31 21:03 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2012-12-31 21:03 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2012-12-31 21:03 . 2011-03-11 04:37 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2012-12-31 16:17 . 2013-01-01 16:51 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-12-31 07:16 . 2013-01-01 16:51 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-12-31 07:16 . 2012-12-31 16:17 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-12-31 07:16 . 2012-12-31 07:16 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-12-31 07:15 . 2012-12-31 07:15 -------- d-----w- c:\program files (x86)\Ubisoft
2012-12-31 01:10 . 2013-01-09 19:42 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-31 00:50 . 2012-10-17 09:31 741480 ------w- c:\windows\system32\HPDiscoPM5912.dll
2012-12-31 00:50 . 2012-12-31 00:50 -------- d-----w- c:\programdata\HP
2012-12-31 00:50 . 2012-12-31 00:50 -------- d-----w- c:\program files\HP
2012-12-31 00:50 . 2012-12-31 00:50 -------- d-----w- c:\program files (x86)\HP
2012-12-30 20:34 . 2010-11-20 12:21 11264 ----a-w- c:\windows\SysWow64\wshirda.dll
2012-12-30 20:17 . 2012-12-30 20:17 -------- d-----w- c:\windows\fi-FI
2012-12-30 20:17 . 2013-01-13 22:08 -------- d-----w- c:\windows\SysWow64\wbem\fi-FI
2012-12-30 20:17 . 2012-12-31 21:19 -------- d-----w- c:\windows\SysWow64\fi
2012-12-30 20:17 . 2012-12-30 20:17 -------- d-----w- c:\windows\SysWow64\XPSViewer
2012-12-30 20:17 . 2012-12-30 20:17 -------- d-----w- c:\windows\SysWow64\drivers\fi-FI
2012-12-30 20:16 . 2012-12-31 21:19 -------- d-----w- c:\windows\system32\drivers\fi-FI
2012-12-30 20:16 . 2012-12-30 20:16 -------- d-----w- c:\windows\system32\drivers\UMDF\fi-FI
2012-12-30 20:16 . 2012-12-31 21:19 -------- d-----w- c:\windows\system32\fi
2012-12-30 20:16 . 2013-01-13 22:08 -------- d-----w- c:\windows\system32\wbem\fi-FI
2012-12-30 20:13 . 2009-07-14 00:01 3584 ----a-w- c:\windows\system32\Spool\prtprocs\x64\fi-FI\LXKPTPRC.DLL.mui
2012-12-30 20:03 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-12-30 20:03 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-12-30 20:03 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-12-30 19:09 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-12-30 19:09 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-12-30 19:09 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-12-30 19:09 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-12-30 19:09 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-12-30 19:09 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-12-30 19:09 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-12-28 17:22 . 2012-12-28 14:26 -------- d-----w- c:\windows\Panther
2012-12-28 16:57 . 2012-12-28 16:57 -------- d-----w- c:\programdata\Package Cache
2012-12-28 16:56 . 2013-01-01 02:16 -------- d-----w- c:\program files (x86)\FFsplit
2012-12-28 16:13 . 2012-12-28 16:13 -------- d-----w- c:\program files\WinRAR
2012-12-28 15:11 . 2012-12-31 23:54 -------- d-----w- c:\program files (x86)\Dxtory Software
2012-12-28 15:09 . 2012-12-28 15:09 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-12-28 15:02 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-12-28 15:02 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-12-28 15:02 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-12-28 15:02 . 2010-11-20 13:25 974336 ----a-w- c:\windows\system32\WFS.exe
2012-12-28 15:02 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-12-28 15:02 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-12-28 15:01 . 2012-12-28 15:01 -------- d-----w- c:\program files (x86)\CyberLink
2012-12-28 15:00 . 2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE
2012-12-28 15:00 . 2011-05-13 17:30 26624 ------w- c:\windows\system32\THXCfg64.dll
2012-12-28 15:00 . 2010-07-21 21:51 11264 ------w- c:\windows\SysWow64\ResDefA.exe
2012-12-28 15:00 . 2009-10-01 21:42 141312 ------w- c:\windows\system32\THXCfg64.exe
2012-12-28 15:00 . 2011-05-19 14:58 246784 ----a-w- c:\windows\system32\APOMgr64.DLL
2012-12-28 15:00 . 2011-05-19 14:56 190464 ----a-w- c:\windows\SysWow64\APOMngr.DLL
2012-12-28 15:00 . 2009-12-29 21:53 89088 ----a-w- c:\windows\system32\CmdRtr64.DLL
2012-12-28 15:00 . 2009-12-29 21:52 73728 ----a-w- c:\windows\SysWow64\CmdRtr.DLL
2012-12-28 14:59 . 2012-12-28 14:59 -------- d-----w- c:\program files (x86)\Creative
2012-12-28 14:59 . 2012-12-28 14:59 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-12-28 14:58 . 2012-12-31 01:23 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-12-28 14:58 . 2012-12-28 14:58 -------- d-----w- c:\program files\ASRock
2012-12-28 14:58 . 2011-07-04 20:19 1632128 ----a-w- c:\windows\system32\drivers\cfosspeed6.sys
2012-12-28 14:57 . 2012-12-28 14:57 -------- d-----w- c:\programdata\cFos
2012-12-28 14:57 . 2012-12-28 14:57 15936 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-31 21:17 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-12-31 21:17 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-11-30 04:45 . 2013-01-09 11:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-06 06:20 . 2012-11-06 06:20 92624 ----a-w- c:\windows\SysWow64\mfcm110u.dll
2012-11-06 06:20 . 2012-11-06 06:20 92616 ----a-w- c:\windows\SysWow64\mfcm110.dll
2012-11-06 06:20 . 2012-11-06 06:20 875472 ----a-w- c:\windows\SysWow64\msvcr110.dll
2012-11-06 06:20 . 2012-11-06 06:20 74704 ----a-w- c:\windows\SysWow64\mfc110fra.dll
2012-11-06 06:20 . 2012-11-06 06:20 74704 ----a-w- c:\windows\SysWow64\mfc110deu.dll
2012-11-06 06:20 . 2012-11-06 06:20 73680 ----a-w- c:\windows\SysWow64\mfc110esn.dll
2012-11-06 06:20 . 2012-11-06 06:20 72656 ----a-w- c:\windows\SysWow64\mfc110ita.dll
2012-11-06 06:20 . 2012-11-06 06:20 70624 ----a-w- c:\windows\SysWow64\mfc110rus.dll
2012-11-06 06:20 . 2012-11-06 06:20 64976 ----a-w- c:\windows\SysWow64\mfc110enu.dll
2012-11-06 06:20 . 2012-11-06 06:20 53712 ----a-w- c:\windows\SysWow64\mfc110jpn.dll
2012-11-06 06:20 . 2012-11-06 06:20 535008 ----a-w- c:\windows\SysWow64\msvcp110.dll
2012-11-06 06:20 . 2012-11-06 06:20 53200 ----a-w- c:\windows\SysWow64\mfc110kor.dll
2012-11-06 06:20 . 2012-11-06 06:20 46032 ----a-w- c:\windows\SysWow64\mfc110cht.dll
2012-11-06 06:20 . 2012-11-06 06:20 46032 ----a-w- c:\windows\SysWow64\mfc110chs.dll
2012-11-06 06:20 . 2012-11-06 06:20 4456904 ----a-w- c:\windows\SysWow64\mfc110u.dll
2012-11-06 06:20 . 2012-11-06 06:20 4421080 ----a-w- c:\windows\SysWow64\mfc110.dll
2012-11-06 06:20 . 2012-11-06 06:20 320976 ----a-w- c:\windows\SysWow64\vcamp110.dll
2012-11-06 06:20 . 2012-11-06 06:20 252400 ----a-w- c:\windows\SysWow64\vccorlib110.dll
2012-11-06 06:20 . 2012-11-06 06:20 125904 ----a-w- c:\windows\SysWow64\vcomp110.dll
2012-11-06 06:20 . 2012-11-06 06:20 168920 ----a-w- c:\windows\SysWow64\atl110.dll
2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll" [2011-01-21 165776]
.
[HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-28 1354736]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-25 490880]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-12-28 3093624]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"Akamai NetSession Interface"="c:\users\Brandon\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-06-07 56128]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-26 291608]
"XFastUSB"="c:\program files (x86)\XFastUSB\XFastUsb.exe" [2012-12-28 5019360]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-05-19 909824]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"STCAgent"="c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-01-21 776064]
"ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Adobe"="c:\programdata\Adobe\EF99A.vbe" [2012-12-13 7642]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"Aeria Ignite"="c:\program files (x86)\Aeria Games\Ignite\aeriaignite.exe" [2012-09-10 1411224]
.
c:\users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\logishrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\appinit_dll.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R2 SmartViewService;SmartView service;c:\program files (x86)\DeviceVM\SmartView\SmartViewService.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-01-03 19456]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-01-03 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-28 1255736]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2011-09-21 49760]
S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys [2012-01-13 31016]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-26 16152]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2011-05-10 17192]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2012-12-28 15936]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-31 464256]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-05-30 13632]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-02-21 128280]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2012-02-09 133632]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-02-21 161560]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-02-28 363800]
S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-03-04 126952]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-03-04 390632]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys [2012-02-09 25536]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys [2012-02-09 25536]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-05 331264]
S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys [2012-02-09 44992]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-26 356120]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-26 788760]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 SaiK0728;SaiK0728;c:\windows\system32\DRIVERS\SaiK0728.sys [2008-01-21 129024]
S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys [2012-11-30 97072]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys [2013-01-16 34752]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-12 01:10 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-28 11:45]
.
2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-28 02:03]
.
2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-28 02:03]
.
2013-01-16 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 18:41]
.
2013-01-16 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 18:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824]
"XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2011-10-19 1441152]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
"VIRTU MVP"="c:\program files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe" [2012-11-30 3049776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\appinit_dll.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-ASRockXTU - (no file)
Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Wow6432Node-HKLM-Run-SmartViewAgent - c:\program files (x86)\DeviceVM\SmartView\SmartViewAgent.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files\Lucidlogix Technologies\VIRTU MVP\EKAG20NT.EXE
c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-01-15 21:21:15 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-16 02:21
.
Pre-Run: 760,176,148,480 bytes free
Post-Run: 759,848,951,808 bytes free
.
- - End Of File - - F0C37CA8A2D0F62834C55E5479441C74

There is also a strange log file in my C:Drive that I don't recall ever hearing anything about, it is called IFRToollog, every line in it is exactly the same and just says this over and over again

Connect to Server CreateFile() successful.
svc_write_buffer->InBufferSize ==> 12
svc_write_buffer->SvcCommand ==> 0
Sent message to server successful.
Read was successfull

As it supposedly has something to do with svc i'm not sure if it is a legit log being made by a program that should be on the computer or if it is a log created due and related to the virus. Also about how my computer is running after that scan, the virus still came back (Avast put it back into the chest again) however my cpu usage seems to be much lower, it may be because i'm not on a game but even when I wasn't my cpu usage would spike every now and then to about 25 or 30% it was starting to worry me, now it is at a stable 0-15% (give or take a little bit as it isn't always going to max out at 15 there are times when it might go a little above)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users