Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with rootkit, windows 8. discovered after mcafee 30 day license expired


  • This topic is locked This topic is locked
17 replies to this topic

#1 fingersmurphy

fingersmurphy

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 11 April 2013 - 07:40 PM

this is branched from http://www.bleepingcomputer.com/forums/t/491444/windows-8-firewall-error-code-0x80070424/

 

 

so far i have removed mcafee (using windows, then their own removal tool to tidy up loose ends), tried various microsoft fixits, searched for advice online and now have brought the matter to your attention. i wasn't aware of the rootkit until your colleague asked me to run the MWB anti rootkit tool, and i haven't use that utility's cleanup function. as far as i'm aware the only 0access warning i had was quarantined instantly by mcafee. my dds logs follow:

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.17.2
Run by ad at 1:23:33 on 2013-04-12
Microsoft Windows 8  6.2.9200.0.1252.44.2057.18.8077.6042 [GMT 1:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\3d-io plugins\licensing_v2\ActiveLockServerV2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\WacomHost.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Users\glass\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Users\glass\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://asus13.msn.com
uDefault_Page_URL = hxxp://asus13.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
EB: Web Test Recorder 10.0: {3142c289-f319-47f5-a594-a827028714c9} - 
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Spotify Web Helper] "C:\Users\glass\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [AdobeBridge] <no file>
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ASUS InstantKey] C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
StartupFolder: C:\Users\glass\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\glass\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\glass\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\glass\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{123845F0-C35B-44D0-AB28-5C36317545B4} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{123845F0-C35B-44D0-AB28-5C36317545B4}\1454347455543545 : DHCPNameServer = 10.132.255.221 10.132.255.222
TCP: Interfaces\{123845F0-C35B-44D0-AB28-5C36317545B4}\6796277696E6D65646961653038343539393 : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{5004DEDC-4F51-47AC-9C7F-47B0396A21AB} : DHCPNameServer = 127.0.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll,C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
x64-Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-5 645952]
R0 nvpciflt;nvpciflt;C:\Windows\System32\Drivers\nvpciflt.sys [2013-3-26 30496]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [2013-2-19 56208]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 nvkflt;nvkflt;C:\Windows\System32\Drivers\nvkflt.sys [2013-3-26 284448]
R2 3d-io License Server v2.0;3d-io License Server v2.0;C:\Program Files (x86)\3d-io plugins\licensing_v2\ActiveLockServerV2.exe [2013-2-25 34816]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-9-13 731688]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-4-13 277120]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-8-27 1112000]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-9-6 1124288]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-8-15 135984]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-11-24 129856]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-11-24 166720]
R2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-3-10 86016]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-24 365376]
R2 WTabletServiceCon;Wacom Consumer Service;C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [2013-3-12 619904]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-9-24 1153840]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-7-24 17152]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\Drivers\AmpPal.sys [2012-9-13 162344]
R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2012-10-31 61824]
R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2012-10-24 21152]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\Drivers\iwdbus.sys [2012-10-9 25568]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-10-24 110744]
R3 NETwNe64;@oem11.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\Windows\System32\Drivers\NETwew00.sys [2012-9-27 4306472]
R3 usb3Hub;USB-IF USB 3.0 Hub;C:\Windows\System32\Drivers\usb3Hub.sys [2012-10-9 47072]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
R3 XHCIPort;USB-IF xHCI USB Host Controller;C:\Windows\System32\Drivers\xHCIPort.sys [2012-10-9 188896]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/11/24 03:49:37;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-5-23 243728]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\Drivers\AmpPal.sys [2012-9-13 162344]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\Drivers\AmUStor.sys [2012-10-3 95232]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\Drivers\btmaux.sys [2012-8-27 121728]
S3 btmhsf;btmhsf;C:\Windows\System32\Drivers\btmhsf.sys [2012-8-29 857472]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-2-18 1436424]
S3 hidkmdf;KMDF Driver;C:\Windows\System32\Drivers\hidkmdf.sys [2013-3-12 13728]
S3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\Drivers\iBtFltCoex.sys [2012-8-6 68136]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\Drivers\intelaud.sys [2012-10-9 35296]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-9-24 272176]
S3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
S3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\Drivers\wachidrouter.sys [2013-3-12 81824]
S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\Drivers\wacomrouterfilter.sys [2013-2-18 15776]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-04-11 23:27:02 -------- d-----w- C:\Users\glass\AppData\Roaming\Malwarebytes
2013-04-11 23:26:52 -------- d-----w- C:\ProgramData\Malwarebytes
2013-04-11 23:26:51 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-04-11 23:26:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-11 19:57:02 -------- d-----w- C:\Windows\softwaredistribution.bak9
2013-04-11 19:56:21 -------- d-----w- C:\Windows\softwaredistribution.bak8
2013-04-11 13:59:31 -------- d-----w- C:\Windows\softwaredistribution.bak7
2013-04-11 13:54:04 -------- d-----w- C:\Windows\softwaredistribution.bak6
2013-04-11 12:54:24 -------- d-----w- C:\Windows\softwaredistribution.bak5
2013-04-11 07:45:43 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AD26F2B3-875E-4D96-93AD-BD83BB2C2859}\mpengine.dll
2013-04-11 02:58:19 9311288 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-04-10 07:14:59 98304 ----a-w- C:\Windows\System32\wudriver.dll
2013-04-09 22:57:56 206000 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10198.bin
2013-04-09 03:36:43 -------- d-----w- C:\Program Files (x86)\3d-io plugins
2013-04-09 02:38:21 -------- d-----w- C:\ProgramData\3d-io
2013-04-09 00:16:53 -------- d-----w- C:\Windows\softwaredistribution.bak4
2013-04-09 00:16:16 -------- d-----w- C:\Windows\softwaredistribution.bak3
2013-04-09 00:02:57 -------- d-----w- C:\Windows\softwaredistribution.bak2
2013-04-08 08:57:05 -------- d-----w- C:\Users\glass\AppData\Local\headus
2013-04-08 08:56:22 -------- d-----w- C:\Program Files (x86)\headus UVLayout v2 Professional
2013-03-28 05:00:16 -------- d-----w- C:\Program Files (x86)\SingleCellSoftware
2013-03-26 17:17:00 2539128 ----a-w- C:\Windows\SysWow64\nvapi.dll
2013-03-26 17:17:00 1807136 ----a-w- C:\Windows\System32\nvdispco6431422.dll
2013-03-26 17:17:00 1510176 ----a-w- C:\Windows\System32\nvdispgenco6431422.dll
2013-03-25 23:36:36 55272 ----a-w- C:\Program Files\Windows Defender\MpUXSrv.exe
2013-03-22 14:39:18 21 ----a-w- C:\Users\glass\AppData\Roaming\my_intel.sys
2013-03-21 14:53:02 -------- d-----w- C:\Users\glass\AppData\Roaming\Train2Game
2013-03-20 21:44:23 20992 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-17 01:01:30 -------- d-----w- C:\Users\glass\AppData\Local\Chromium
2013-03-16 14:46:02 -------- d-----w- C:\ProgramData\Soulseek
2013-03-16 07:00:04 -------- d-----w- C:\Program Files (x86)\SoulseekNS
2013-03-14 22:07:52 559904 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-03-14 22:06:43 -------- d-----w- C:\Users\glass\AppData\Local\Evernote
2013-03-14 22:06:28 -------- d-----w- C:\Program Files (x86)\Evernote
2013-03-13 09:42:58 1690624 ----a-w- C:\Windows\System32\GdiPlus.dll
2013-03-13 09:42:58 1437184 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
.
==================== Find3M  ====================
.
2013-04-11 23:58:16 423 ----a-w- C:\Users\glass\AppData\Roaming\sp_data.sys
2013-04-02 22:08:01 78176 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-02 22:08:01 692576 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-02 10:34:28 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-03-19 22:19:24 4041728 ----a-w- C:\Windows\System32\win32k.sys
2013-03-15 04:16:18 3477280 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-03-15 04:16:17 6398240 ----a-w- C:\Windows\System32\nvcpl.dll
2013-03-15 04:16:10 877856 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-03-15 04:16:10 76064 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2013-03-15 04:16:10 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-03-15 04:16:10 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-03-15 04:16:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-03-15 04:16:10 1016096 ----a-w- C:\Windows\System32\nv3dappshext.dll
2013-03-13 16:24:01 3065455 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-03-07 17:48:58 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-07 17:48:58 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-07 17:48:58 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-07 06:50:56 6991592 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-02 10:57:48 337128 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS
2013-03-02 10:57:46 77544 ----a-w- C:\Windows\System32\drivers\storahci.sys
2013-03-02 10:57:46 332520 ----a-w- C:\Windows\System32\drivers\storport.sys
2013-03-02 10:57:46 283880 ----a-w- C:\Windows\System32\drivers\spaceport.sys
2013-03-02 10:45:20 148712 ----a-w- C:\Windows\System32\drivers\tpm.sys
2013-03-02 10:45:19 194792 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2013-03-02 10:45:10 125160 ----a-w- C:\Windows\System32\drivers\dumpsd.sys
2013-03-02 10:39:39 495336 ----a-w- C:\Windows\System32\drivers\vhdmp.sys
2013-03-02 10:39:38 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys
2013-03-02 10:39:32 327912 ----a-w- C:\Windows\System32\drivers\Classpnp.sys
2013-03-02 09:59:37 2231528 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-03-02 09:59:36 411880 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-03-02 08:24:08 34304 ----a-w- C:\Windows\SysWow64\wuapp.exe
2013-03-02 08:23:43 83968 ----a-w- C:\Windows\SysWow64\wudriver.dll
2013-03-02 08:23:43 125952 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2013-03-02 08:23:30 893952 ----a-w- C:\Windows\SysWow64\winmde.dll
2013-03-02 08:23:30 1338880 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-03-02 08:23:28 601088 ----a-w- C:\Windows\SysWow64\Windows.Globalization.dll
2013-03-02 08:23:28 504320 ----a-w- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
2013-03-02 08:23:19 8857088 ----a-w- C:\Windows\SysWow64\twinui.dll
2013-03-02 08:23:19 246784 ----a-w- C:\Windows\SysWow64\ubpm.dll
2013-03-02 08:23:04 356352 ----a-w- C:\Windows\SysWow64\SettingSync.dll
2013-03-02 08:23:04 100864 ----a-w- C:\Windows\SysWow64\SettingSyncInfo.dll
2013-03-02 08:23:00 375808 ----a-w- C:\Windows\SysWow64\ReAgent.dll
2013-03-02 08:22:36 357888 ----a-w- C:\Windows\SysWow64\netcfgx.dll
2013-03-02 08:22:32 5091840 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-03-02 08:22:18 361984 ----a-w- C:\Windows\SysWow64\MFMediaEngine.dll
2013-03-02 08:22:17 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll
2013-03-02 08:21:56 550912 ----a-w- C:\Windows\SysWow64\drvstore.dll
2013-03-02 08:21:52 36352 ----a-w- C:\Windows\SysWow64\DevDispItemProvider.dll
2013-03-02 08:21:40 309760 ----a-w- C:\Windows\SysWow64\BCP47Langs.dll
2013-03-02 08:21:39 2033664 ----a-w- C:\Windows\SysWow64\authui.dll
2013-03-02 08:21:32 145408 ----a-w- C:\Windows\SysWow64\powercfg.cpl
2013-03-02 02:44:59 448512 ----a-w- C:\Windows\System32\SettingSync.dll
2013-03-02 02:44:59 128512 ----a-w- C:\Windows\System32\SettingSyncInfo.dll
2013-03-02 02:44:56 1011200 ----a-w- C:\Windows\System32\reseteng.dll
2013-03-02 02:44:41 455168 ----a-w- C:\Windows\System32\netcfgx.dll
2013-03-02 02:44:41 117248 ----a-w- C:\Windows\System32\NdisImPlatform.dll
2013-03-02 02:44:38 5978624 ----a-w- C:\Windows\System32\mstscax.dll
2013-03-02 02:44:30 468992 ----a-w- C:\Windows\System32\MFMediaEngine.dll
2013-03-02 02:44:29 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll
2013-03-02 02:44:08 703488 ----a-w- C:\Windows\System32\drvstore.dll
2013-03-02 02:44:07 150016 ----a-w- C:\Windows\System32\discan.dll
2013-03-02 02:44:05 49152 ----a-w- C:\Windows\System32\DevDispItemProvider.dll
2013-03-02 02:43:59 1933312 ----a-w- C:\Windows\System32\wbem\cimwin32.dll
2013-03-02 02:43:56 389120 ----a-w- C:\Windows\System32\BCP47Langs.dll
2013-03-02 02:43:55 2302464 ----a-w- C:\Windows\System32\authui.dll
2013-03-02 02:43:51 2146304 ----a-w- C:\Windows\System32\actxprxy.dll
2013-03-02 02:43:50 156160 ----a-w- C:\Windows\System32\powercfg.cpl
2013-03-02 02:15:53 26112 ----a-w- C:\Windows\System32\drivers\mouhid.sys
2013-03-01 04:56:33 156672 ----a-w- C:\Windows\System32\drivers\rfcomm.sys
2013-03-01 04:56:18 30720 ----a-w- C:\Windows\System32\drivers\monitor.sys
2013-03-01 04:55:37 1175040 ----a-w- C:\Windows\System32\drivers\bthport.sys
2013-02-21 14:33:46 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll
2013-02-21 10:15:00 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-02-19 09:53:00 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2013-02-15 07:58:59 39936 ----a-w- C:\Windows\apppatch\apppatch64\acspecfc.dll
2013-02-15 06:35:40 444416 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 01:30:04 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2013-02-12 00:56:19 53760 ----a-w- C:\Windows\System32\UXInit.dll
2013-02-10 03:25:27 1807136 ----a-w- C:\Windows\System32\nvdispco6420294.dll
2013-02-10 03:25:27 1510176 ----a-w- C:\Windows\System32\nvdispgenco6420162.dll
2013-02-07 01:33:01 754176 ----a-w- C:\Windows\SysWow64\actxprxy.dll
2013-02-05 22:31:11 622080 ----a-w- C:\Windows\System32\drivers\srv2.sys
2013-02-05 22:29:09 370688 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2013-02-05 22:28:48 247808 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2013-02-05 22:28:36 215552 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2013-02-02 11:19:44 496872 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-02-02 11:19:44 446184 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS
2013-02-02 11:19:33 61672 ----a-w- C:\Windows\System32\drivers\crashdmp.sys
2013-02-02 10:54:54 1933544 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-02-02 10:28:54 993512 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-02-02 09:42:07 2207232 ----a-w- C:\Windows\SysWow64\PrintConfig.dll
2013-02-02 08:40:58 375808 ----a-w- C:\Windows\SysWow64\wbem\WmiPrvSE.exe
2013-02-02 08:40:55 80896 ----a-w- C:\Windows\SysWow64\tasklist.exe
.
============= FINISH:  1:24:21.61 ===============

Attached Files


Edited by fingersmurphy, 11 April 2013 - 07:44 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 AM

Posted 16 April 2013 - 07:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/491463 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 fingersmurphy

fingersmurphy
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 17 April 2013 - 06:54 AM

ok, here's my new log: 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.17.2
Run by ad at 12:50:30 on 2013-04-17
Microsoft Windows 8  6.2.9200.0.1252.44.2057.18.8077.2838 [GMT 1:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\3d-io plugins\licensing_v2\ActiveLockServerV2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\WacomHost.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Users\glass\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Users\glass\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Adobe\Adobe InDesign CS6\Utilities\adb.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
C:\Program Files\Autodesk\3ds Max 2011\3dsmax.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
C:\Program Files (x86)\Common Files\Adobe\dynamiclink\CS6\dynamiclinkmanager.exe
C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPConfigure64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://asus13.msn.com
uDefault_Page_URL = hxxp://asus13.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
EB: Web Test Recorder 10.0: {3142c289-f319-47f5-a594-a827028714c9} - 
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Spotify Web Helper] "C:\Users\glass\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [AdobeBridge] <no file>
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ASUS InstantKey] C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
mRunOnce: [Z1] cmd /c "C:\Users\glass\Desktop\mbar\mbar.exe" /cleanup /s
StartupFolder: C:\Users\glass\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\glass\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\glass\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\glass\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{123845F0-C35B-44D0-AB28-5C36317545B4} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{123845F0-C35B-44D0-AB28-5C36317545B4}\1454347455543545 : DHCPNameServer = 10.132.255.221 10.132.255.222
TCP: Interfaces\{123845F0-C35B-44D0-AB28-5C36317545B4}\4514C4B44514C4B4D2633364544483 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{5004DEDC-4F51-47AC-9C7F-47B0396A21AB} : DHCPNameServer = 127.0.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll,C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
x64-Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-5 645952]
R0 nvpciflt;nvpciflt;C:\Windows\System32\Drivers\nvpciflt.sys [2013-3-26 30496]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [2013-2-19 56208]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 nvkflt;nvkflt;C:\Windows\System32\Drivers\nvkflt.sys [2013-3-26 284448]
R2 3d-io License Server v2.0;3d-io License Server v2.0;C:\Program Files (x86)\3d-io plugins\licensing_v2\ActiveLockServerV2.exe [2013-2-25 34816]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-9-13 731688]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-4-13 277120]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-8-27 1112000]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-9-6 1124288]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-8-15 135984]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-11-24 129856]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-11-24 166720]
R2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-3-10 86016]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-24 365376]
R2 WTabletServiceCon;Wacom Consumer Service;C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [2013-3-12 619904]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-9-24 1153840]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-7-24 17152]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\Drivers\AmpPal.sys [2012-9-13 162344]
R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2012-10-31 61824]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-2-18 1436424]
R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2012-10-24 21152]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\Drivers\iwdbus.sys [2012-10-9 25568]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-10-24 110744]
R3 NETwNe64;@oem11.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\Windows\System32\Drivers\NETwew00.sys [2012-9-27 4306472]
R3 usb3Hub;USB-IF USB 3.0 Hub;C:\Windows\System32\Drivers\usb3Hub.sys [2012-10-9 47072]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
R3 XHCIPort;USB-IF xHCI USB Host Controller;C:\Windows\System32\Drivers\xHCIPort.sys [2012-10-9 188896]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/11/24 03:49:37;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-5-23 243728]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\Drivers\AmpPal.sys [2012-9-13 162344]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\Drivers\AmUStor.sys [2012-10-3 95232]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\Drivers\btmaux.sys [2012-8-27 121728]
S3 btmhsf;btmhsf;C:\Windows\System32\Drivers\btmhsf.sys [2012-8-29 857472]
S3 hidkmdf;KMDF Driver;C:\Windows\System32\Drivers\hidkmdf.sys [2013-3-12 13728]
S3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\Drivers\iBtFltCoex.sys [2012-8-6 68136]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\Drivers\intelaud.sys [2012-10-9 35296]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-9-24 272176]
S3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
S3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\Drivers\wachidrouter.sys [2013-3-12 81824]
S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\Drivers\wacomrouterfilter.sys [2013-2-18 15776]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-04-16 17:01:15 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A9BFE76A-A592-4D11-8E35-D6B07954EA71}\mpengine.dll
2013-04-15 12:20:35 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9D25BE99-8E5F-456F-9688-CEC772507CFD}\mpengine.dll
2013-04-15 12:20:35 9311288 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-04-11 23:27:02 -------- d-----w- C:\Users\glass\AppData\Roaming\Malwarebytes
2013-04-11 23:26:52 -------- d-----w- C:\ProgramData\Malwarebytes
2013-04-11 23:26:51 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-04-11 23:26:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-11 19:57:02 -------- d-----w- C:\Windows\softwaredistribution.bak9
2013-04-11 19:56:21 -------- d-----w- C:\Windows\softwaredistribution.bak8
2013-04-11 13:59:31 -------- d-----w- C:\Windows\softwaredistribution.bak7
2013-04-11 13:54:04 -------- d-----w- C:\Windows\softwaredistribution.bak6
2013-04-11 12:54:24 -------- d-----w- C:\Windows\softwaredistribution.bak5
2013-04-10 07:14:59 98304 ----a-w- C:\Windows\System32\wudriver.dll
2013-04-09 22:57:56 206000 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10198.bin
2013-04-09 03:36:43 -------- d-----w- C:\Program Files (x86)\3d-io plugins
2013-04-09 02:38:21 -------- d-----w- C:\ProgramData\3d-io
2013-04-09 00:16:53 -------- d-----w- C:\Windows\softwaredistribution.bak4
2013-04-09 00:16:16 -------- d-----w- C:\Windows\softwaredistribution.bak3
2013-04-09 00:02:57 -------- d-----w- C:\Windows\softwaredistribution.bak2
2013-04-08 08:57:05 -------- d-----w- C:\Users\glass\AppData\Local\headus
2013-04-08 08:56:22 -------- d-----w- C:\Program Files (x86)\headus UVLayout v2 Professional
2013-03-28 05:00:16 -------- d-----w- C:\Program Files (x86)\SingleCellSoftware
2013-03-26 17:17:00 2539128 ----a-w- C:\Windows\SysWow64\nvapi.dll
2013-03-26 17:17:00 1807136 ----a-w- C:\Windows\System32\nvdispco6431422.dll
2013-03-26 17:17:00 1510176 ----a-w- C:\Windows\System32\nvdispgenco6431422.dll
2013-03-25 23:36:36 55272 ----a-w- C:\Program Files\Windows Defender\MpUXSrv.exe
2013-03-22 14:39:18 21 ----a-w- C:\Users\glass\AppData\Roaming\my_intel.sys
2013-03-21 14:53:02 -------- d-----w- C:\Users\glass\AppData\Roaming\Train2Game
2013-03-20 21:44:23 20992 ----a-w- C:\Windows\System32\drivers\usb8023.sys
.
==================== Find3M  ====================
.
2013-04-11 23:58:16 423 ----a-w- C:\Users\glass\AppData\Roaming\sp_data.sys
2013-04-02 22:08:01 78176 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-02 22:08:01 692576 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-02 10:34:28 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-03-19 22:19:24 4041728 ----a-w- C:\Windows\System32\win32k.sys
2013-03-15 04:16:18 3477280 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-03-15 04:16:17 6398240 ----a-w- C:\Windows\System32\nvcpl.dll
2013-03-15 04:16:10 877856 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-03-15 04:16:10 76064 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2013-03-15 04:16:10 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-03-15 04:16:10 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-03-15 04:16:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-03-15 04:16:10 1016096 ----a-w- C:\Windows\System32\nv3dappshext.dll
2013-03-14 22:07:52 559904 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-03-13 16:24:01 3065455 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-03-07 17:48:58 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-07 17:48:58 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-07 17:48:58 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-07 06:50:56 6991592 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-02 10:57:48 337128 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS
2013-03-02 10:57:46 77544 ----a-w- C:\Windows\System32\drivers\storahci.sys
2013-03-02 10:57:46 332520 ----a-w- C:\Windows\System32\drivers\storport.sys
2013-03-02 10:57:46 283880 ----a-w- C:\Windows\System32\drivers\spaceport.sys
2013-03-02 10:45:20 148712 ----a-w- C:\Windows\System32\drivers\tpm.sys
2013-03-02 10:45:19 194792 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2013-03-02 10:45:10 125160 ----a-w- C:\Windows\System32\drivers\dumpsd.sys
2013-03-02 10:39:39 495336 ----a-w- C:\Windows\System32\drivers\vhdmp.sys
2013-03-02 10:39:38 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys
2013-03-02 10:39:32 327912 ----a-w- C:\Windows\System32\drivers\Classpnp.sys
2013-03-02 09:59:37 2231528 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-03-02 09:59:36 411880 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-03-02 08:24:08 34304 ----a-w- C:\Windows\SysWow64\wuapp.exe
2013-03-02 08:23:43 83968 ----a-w- C:\Windows\SysWow64\wudriver.dll
2013-03-02 08:23:43 125952 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2013-03-02 08:23:30 893952 ----a-w- C:\Windows\SysWow64\winmde.dll
2013-03-02 08:23:30 1338880 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-03-02 08:23:28 601088 ----a-w- C:\Windows\SysWow64\Windows.Globalization.dll
2013-03-02 08:23:28 504320 ----a-w- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
2013-03-02 08:23:19 8857088 ----a-w- C:\Windows\SysWow64\twinui.dll
2013-03-02 08:23:19 246784 ----a-w- C:\Windows\SysWow64\ubpm.dll
2013-03-02 08:23:04 356352 ----a-w- C:\Windows\SysWow64\SettingSync.dll
2013-03-02 08:23:04 100864 ----a-w- C:\Windows\SysWow64\SettingSyncInfo.dll
2013-03-02 08:23:00 375808 ----a-w- C:\Windows\SysWow64\ReAgent.dll
2013-03-02 08:22:36 357888 ----a-w- C:\Windows\SysWow64\netcfgx.dll
2013-03-02 08:22:32 5091840 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-03-02 08:22:18 361984 ----a-w- C:\Windows\SysWow64\MFMediaEngine.dll
2013-03-02 08:22:17 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll
2013-03-02 08:21:56 550912 ----a-w- C:\Windows\SysWow64\drvstore.dll
2013-03-02 08:21:52 36352 ----a-w- C:\Windows\SysWow64\DevDispItemProvider.dll
2013-03-02 08:21:40 309760 ----a-w- C:\Windows\SysWow64\BCP47Langs.dll
2013-03-02 08:21:39 2033664 ----a-w- C:\Windows\SysWow64\authui.dll
2013-03-02 08:21:32 145408 ----a-w- C:\Windows\SysWow64\powercfg.cpl
2013-03-02 02:44:59 448512 ----a-w- C:\Windows\System32\SettingSync.dll
2013-03-02 02:44:59 128512 ----a-w- C:\Windows\System32\SettingSyncInfo.dll
2013-03-02 02:44:56 1011200 ----a-w- C:\Windows\System32\reseteng.dll
2013-03-02 02:44:41 455168 ----a-w- C:\Windows\System32\netcfgx.dll
2013-03-02 02:44:41 117248 ----a-w- C:\Windows\System32\NdisImPlatform.dll
2013-03-02 02:44:38 5978624 ----a-w- C:\Windows\System32\mstscax.dll
2013-03-02 02:44:30 468992 ----a-w- C:\Windows\System32\MFMediaEngine.dll
2013-03-02 02:44:29 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll
2013-03-02 02:44:08 703488 ----a-w- C:\Windows\System32\drvstore.dll
2013-03-02 02:44:07 150016 ----a-w- C:\Windows\System32\discan.dll
2013-03-02 02:44:05 49152 ----a-w- C:\Windows\System32\DevDispItemProvider.dll
2013-03-02 02:43:59 1933312 ----a-w- C:\Windows\System32\wbem\cimwin32.dll
2013-03-02 02:43:56 389120 ----a-w- C:\Windows\System32\BCP47Langs.dll
2013-03-02 02:43:55 2302464 ----a-w- C:\Windows\System32\authui.dll
2013-03-02 02:43:51 2146304 ----a-w- C:\Windows\System32\actxprxy.dll
2013-03-02 02:43:50 156160 ----a-w- C:\Windows\System32\powercfg.cpl
2013-03-02 02:15:53 26112 ----a-w- C:\Windows\System32\drivers\mouhid.sys
2013-03-01 04:56:33 156672 ----a-w- C:\Windows\System32\drivers\rfcomm.sys
2013-03-01 04:56:18 30720 ----a-w- C:\Windows\System32\drivers\monitor.sys
2013-03-01 04:55:37 1175040 ----a-w- C:\Windows\System32\drivers\bthport.sys
2013-02-21 14:33:46 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll
2013-02-21 10:15:00 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-02-19 09:53:00 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2013-02-15 07:58:59 39936 ----a-w- C:\Windows\apppatch\apppatch64\acspecfc.dll
2013-02-15 06:35:40 444416 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 01:30:04 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2013-02-12 00:56:19 53760 ----a-w- C:\Windows\System32\UXInit.dll
2013-02-10 03:25:27 1807136 ----a-w- C:\Windows\System32\nvdispco6420294.dll
2013-02-10 03:25:27 1510176 ----a-w- C:\Windows\System32\nvdispgenco6420162.dll
2013-02-07 01:33:01 754176 ----a-w- C:\Windows\SysWow64\actxprxy.dll
2013-02-05 22:31:11 622080 ----a-w- C:\Windows\System32\drivers\srv2.sys
2013-02-05 22:29:09 370688 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2013-02-05 22:28:48 247808 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2013-02-05 22:28:36 215552 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2013-02-02 11:19:44 496872 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-02-02 11:19:44 446184 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS
2013-02-02 11:19:33 61672 ----a-w- C:\Windows\System32\drivers\crashdmp.sys
2013-02-02 10:54:54 1933544 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-02-02 10:28:54 993512 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-02-02 09:42:07 2207232 ----a-w- C:\Windows\SysWow64\PrintConfig.dll
2013-02-02 08:40:58 375808 ----a-w- C:\Windows\SysWow64\wbem\WmiPrvSE.exe
.
============= FINISH: 12:51:38.66 ===============


#4 fingersmurphy

fingersmurphy
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 17 April 2013 - 06:57 AM

p.s: i do not have the windows 8 dvd as it came pre-installed on my laptop.

Attached File  attach.txt   12.41KB   0 downloads

 



#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:15 PM

Posted 19 April 2013 - 08:08 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

  •  
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.
     
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
     
  • Please reply to this post so I know you are there.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

 

 

Please download ComboFix from one of these locations:

* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe


  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
 

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

If you receive the message "Illegal operation attempted on a registry key that has been marked for deletion." then please reboot the system.

 


Posted Image
m0le is a proud member of UNITE

#6 fingersmurphy

fingersmurphy
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 19 April 2013 - 09:50 PM

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

 

- i am at your mercy.



#7 fingersmurphy

fingersmurphy
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 19 April 2013 - 10:02 PM

comfix won't run as it's not compatible with win 8. aditionally posted in my original thread.



#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:15 PM

Posted 20 April 2013 - 04:53 AM

The change to Windows 8 means that we have to test compatibility on all tools and that has yet to happen. Please try FRST as this has been updated to work with Win 8
 
For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

  • To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

  • On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Scan your computer's memory for errors.
    Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it in your next reply.
  • [/list]

Posted Image
m0le is a proud member of UNITE

#9 fingersmurphy

fingersmurphy
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 21 April 2013 - 04:45 AM

FRST log: 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-04-2013 01
Ran by SYSTEM on 21-04-2013 10:39:10
Running from E:\
Windows 8 (X64) OS Language: English(UK)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3  [1215632 2012-08-17] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp [11577216 2012-08-27] (Motorola Solutions, Inc.)
HKLM\...\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [2419512 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [477600 2013-01-24] (Adobe Systems Incorporated)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [38112 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUS InstantKey] C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe [20456 2012-02-20] (ASUS)
HKLM-x32\...\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [222504 2012-07-03] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-05-23] (cyberlink)
HKLM-x32\...\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073352 2012-06-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-18] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-13] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe [479232 2005-07-15] (Google Inc.)
HKU\glass\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1631144 2013-03-29] (Valve Corporation)
HKU\glass\...\Run: [Spotify Web Helper] "C:\Users\glass\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1103768 2013-03-12] (Spotify Ltd)
HKU\glass\...\Run: [AdobeBridge]  [x]
HKU\glass\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18672232 2013-02-28] (Skype Technologies S.A.)
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL,C:\Windows\system32\nvinitx.dll [250504 2013-03-15] (NVIDIA Corporation)
Startup: C:\Users\glass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\glass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\glass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
 
==================== Services (Whitelisted) =================
 
S2 3d-io License Server v2.0; C:\Program Files (x86)\3d-io plugins\licensing_v2\ActiveLockServerV2.exe [34816 2013-02-25] (3d-io GmbH)
S2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
S2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-05-23] (CyberLink)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 mi-raysat_3dsmax2011_64; C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [86016 2010-03-10] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] ()
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
S2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S3 AiCharger; C:\Windows\system32\DRIVERS\AiCharger.sys [17152 2012-07-24] (ASUSTek Computer Inc.)
S2 ASMMAP64; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-02] (ASUS)
S3 athr; C:\Windows\system32\DRIVERS\athrx.sys [2935808 2012-06-02] (Qualcomm Atheros Communications, Inc.)
S1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
S3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [121728 2012-08-27] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
S3 HIDSwitch; C:\Windows\System32\drivers\AsHIDSwitch64.sys [21152 2012-05-31] (ASUS)
S0 iaStorA; C:\Windows\System32\drivers\iaStorA.sys [645952 2012-07-24] (Intel Corporation)
S3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 L1C; C:\Windows\system32\DRIVERS\L1C63x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4306472 2012-09-27] (Intel Corporation)
S1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [284448 2013-03-15] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)
S0 msahci; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
Error(0) reading file: "C:\Windows\System32\ "
2013-04-21 10:38 - 2013-04-21 10:38 - 00000000 ____D C:\FRST
2013-04-21 09:16 - 2013-04-21 09:16 - 01707098 ____A (Farbar) C:\Users\glass\Downloads\FRST64.exe
2013-04-20 18:34 - 2013-04-20 18:34 - 00027326 ____A C:\Users\glass\Downloads\ad-Merriden.NetHack-saved-game
2013-04-20 02:48 - 2013-04-20 02:49 - 05056689 ____A (Swearware) C:\Users\glass\Desktop\comfix.exe
2013-04-19 22:57 - 2013-04-19 22:57 - 00000000 ____A C:\Users\glass\Downloads\record
2013-04-19 22:56 - 2013-04-19 22:56 - 02046488 ____A C:\Users\glass\Downloads\nethack-343-win.zip
2013-04-19 22:56 - 2003-12-07 17:29 - 01974345 ____A C:\Users\glass\Downloads\NetHackW.exe
2013-04-19 22:56 - 2003-12-07 17:29 - 00605893 ____A C:\Users\glass\Downloads\nhdat
2013-04-19 22:56 - 2003-12-07 17:27 - 01871934 ____A C:\Users\glass\Downloads\NetHack.exe
2013-04-19 22:56 - 2003-12-07 17:27 - 00077887 ____A C:\Users\glass\Downloads\nhraykey.dll
2013-04-19 22:56 - 2003-12-07 17:27 - 00077887 ____A C:\Users\glass\Downloads\nhdefkey.dll
2013-04-19 22:56 - 2003-12-07 17:27 - 00077887 ____A C:\Users\glass\Downloads\nh340key.dll
2013-04-19 22:56 - 2003-12-06 11:34 - 00155977 ____A C:\Users\glass\Downloads\Guidebook.txt
2013-04-19 22:56 - 2003-11-18 06:29 - 00006877 ____A C:\Users\glass\Downloads\defaults.nh
2013-04-19 22:56 - 2003-10-15 05:00 - 00015758 ____A C:\Users\glass\Downloads\README
2013-04-19 22:56 - 2003-10-15 04:53 - 00001915 ____A C:\Users\glass\Downloads\news
2013-04-19 22:56 - 2003-05-19 21:39 - 00013873 ____A C:\Users\glass\Downloads\opthelp
2013-04-19 22:56 - 2002-08-09 17:51 - 00009728 ____A C:\Users\glass\Downloads\NetHack.txt
2013-04-19 22:56 - 2002-01-05 15:05 - 00004970 ____A C:\Users\glass\Downloads\license
2013-04-19 20:58 - 2013-04-19 20:58 - 00000000 ____D C:\Users\glass\Documents\The Courtyard
2013-04-19 20:54 - 2013-04-19 20:55 - 00000000 ____D C:\Users\glass\Documents\Akira
2013-04-17 16:04 - 2013-04-17 16:05 - 00011236 ____A C:\AdwCleaner[S1].txt
2013-04-17 16:01 - 2013-04-17 16:01 - 00613083 ____A C:\Users\glass\Downloads\adwcleaner.exe
2013-04-17 11:49 - 2013-04-17 11:50 - 00688992 ____R (Swearware) C:\Users\glass\Downloads\dds.com
2013-04-11 23:36 - 2013-04-11 23:36 - 12894739 ____A C:\Users\glass\Downloads\mbar-1.01.0.1022.zip
2013-04-11 23:27 - 2013-04-11 23:27 - 00000000 ____D C:\Users\glass\AppData\Roaming\Malwarebytes
2013-04-11 23:26 - 2013-04-11 23:26 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\glass\Downloads\mbam-setup-1.75.0.1300.exe
2013-04-11 23:26 - 2013-04-11 23:26 - 00000000 ____D C:ProgramData\Malwarebytes
2013-04-11 23:26 - 2013-04-11 23:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-11 23:26 - 2013-04-04 13:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-04-11 23:24 - 2013-04-11 23:25 - 00035348 ____A C:\Users\glass\Downloads\Result.txt
2013-04-11 23:24 - 2013-04-11 23:24 - 00760335 ____A (Farbar) C:\Users\glass\Downloads\MiniToolBox.exe
2013-04-11 20:23 - 2013-04-11 23:16 - 00004450 ____A C:\Users\glass\Downloads\FSS.txt
2013-04-11 20:19 - 2013-04-11 20:19 - 00354265 ____A (Farbar) C:\Users\glass\Downloads\FSS.exe
2013-04-11 20:10 - 2013-04-11 20:10 - 00079686 ____A C:\Users\glass\Downloads\windowsupdate (2).diagcab
2013-04-11 20:09 - 2013-04-11 20:09 - 00691200 ____A C:\Users\glass\Downloads\MicrosoftFixit50686.msi
2013-04-11 20:01 - 2013-04-11 20:01 - 04933936 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-11 19:57 - 2013-04-11 20:05 - 00000000 ____D C:\Windows\softwaredistribution.bak9
2013-04-11 19:56 - 2013-04-11 19:56 - 00000000 ____D C:\Windows\softwaredistribution.bak8
2013-04-11 13:59 - 2013-04-11 13:59 - 00000000 ____D C:\Windows\softwaredistribution.bak7
2013-04-11 13:54 - 2013-04-11 13:54 - 00000000 ____D C:\Windows\softwaredistribution.bak6
2013-04-11 13:53 - 2013-04-11 13:53 - 00079686 ____A C:\Users\glass\Downloads\windowsupdate (1).diagcab
2013-04-11 12:58 - 2013-04-11 12:58 - 00213606 ____A C:\Users\glass\Downloads\AppsDiagnostic.diagcab
2013-04-11 12:56 - 2013-04-11 12:56 - 00689664 ____A C:\Users\glass\Downloads\MicrosoftFixit50202.msi
2013-04-11 12:54 - 2013-04-11 12:54 - 00000000 ____D C:\Windows\softwaredistribution.bak5
2013-04-11 12:53 - 2013-04-11 12:53 - 00079686 ____A C:\Users\glass\Downloads\windowsupdate.diagcab
2013-04-11 12:52 - 2013-04-11 12:52 - 00677376 ____A C:\Users\glass\Downloads\MicrosoftFixit50687.msi
2013-04-11 12:51 - 2013-04-11 12:51 - 00347424 ____A (Microsoft Corporation) C:\Users\glass\Downloads\MicrosoftFixit.wu.Run.exe
2013-04-11 10:37 - 2013-04-11 10:37 - 00299288 ____A C:\Users\glass\Downloads\GmailInstaller.exe
2013-04-10 07:15 - 2013-03-02 11:02 - 00058288 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2013-04-10 07:15 - 2013-03-02 10:57 - 00337128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBXHCI.SYS
2013-04-10 07:15 - 2013-03-02 10:57 - 00332520 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2013-04-10 07:15 - 2013-03-02 10:57 - 00283880 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
2013-04-10 07:15 - 2013-03-02 10:57 - 00077544 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\storahci.sys
2013-04-10 07:15 - 2013-03-02 10:45 - 00194792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sdbus.sys
2013-04-10 07:15 - 2013-03-02 10:45 - 00148712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tpm.sys
2013-04-10 07:15 - 2013-03-02 10:45 - 00125160 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dumpsd.sys
2013-04-10 07:15 - 2013-03-02 10:39 - 00495336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vhdmp.sys
2013-04-10 07:15 - 2013-03-02 10:39 - 00327912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Classpnp.sys
2013-04-10 07:15 - 2013-03-02 10:39 - 00069864 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pdc.sys
2013-04-10 07:15 - 2013-03-02 09:59 - 02231528 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-04-10 07:15 - 2013-03-02 09:59 - 00411880 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-04-10 07:15 - 2013-03-02 08:23 - 17560576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-04-10 07:15 - 2013-03-02 08:23 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-04-10 07:15 - 2013-03-02 08:23 - 01338880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-04-10 07:15 - 2013-03-02 08:23 - 00893952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2013-04-10 07:15 - 2013-03-02 08:23 - 00621056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-04-10 07:15 - 2013-03-02 08:23 - 00601088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2013-04-10 07:15 - 2013-03-02 08:23 - 00504320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2013-04-10 07:15 - 2013-03-02 08:23 - 00356352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2013-04-10 07:15 - 2013-03-02 08:23 - 00246784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-04-10 07:15 - 2013-03-02 08:23 - 00125952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-04-10 07:15 - 2013-03-02 08:23 - 00100864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncInfo.dll
2013-04-10 07:15 - 2013-03-02 08:22 - 05091840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-04-10 07:15 - 2013-03-02 08:22 - 00850944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2013-04-10 07:15 - 2013-03-02 08:22 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2013-04-10 07:15 - 2013-03-02 08:21 - 02033664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-04-10 07:15 - 2013-03-02 08:21 - 00550912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvstore.dll
2013-04-10 07:15 - 2013-03-02 08:21 - 00309760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\BCP47Langs.dll
2013-04-10 07:15 - 2013-03-02 08:21 - 00145408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\powercfg.cpl
2013-04-10 07:15 - 2013-03-02 02:45 - 19748864 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-04-10 07:15 - 2013-03-02 02:45 - 10116608 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll
2013-04-10 07:15 - 2013-03-02 02:45 - 03240448 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2013-04-10 07:15 - 2013-03-02 02:45 - 01627648 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-04-10 07:15 - 2013-03-02 02:45 - 01619968 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2013-04-10 07:15 - 2013-03-02 02:45 - 01161728 ____A (Microsoft Corporation) C:\Windows\System32\sppobjs.dll
2013-04-10 07:15 - 2013-03-02 02:45 - 01149952 ____A (Microsoft Corporation) C:\Windows\System32\winmde.dll
2013-04-10 07:15 - 2013-03-02 02:45 - 01101824 ____A (Microsoft Corporation) C:\Windows\System32\wmpmde.dll
2013-04-10 07:15 - 2013-03-02 02:45 - 00951808 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Globalization.dll
2013-04-10 07:15 - 2013-03-02 02:45 - 00760320 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2013-04-10 07:15 - 2013-03-02 02:45 - 00645120 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Security.Authentication.OnlineId.dll
2013-04-10 07:15 - 2013-03-02 02:45 - 00328192 ____A (Microsoft Corporation) C:\Windows\System32\ubpm.dll
2013-04-10 07:15 - 2013-03-02 02:45 - 00251904 ____A (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll
2013-04-10 07:15 - 2013-03-02 02:45 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\usbmon.dll
2013-04-10 07:15 - 2013-03-02 02:45 - 00240640 ____A (Microsoft Corporation) C:\Windows\System32\fsquirt.exe
2013-04-10 07:15 - 2013-03-02 02:45 - 00180224 ____A (Microsoft Corporation) C:\Windows\System32\SystemEventsBrokerServer.dll
2013-04-10 07:15 - 2013-03-02 02:45 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\storewuauth.dll
2013-04-10 07:15 - 2013-03-02 02:45 - 00171008 ____A (Microsoft Corporation) C:\Windows\System32\TimeBrokerServer.dll
2013-04-10 07:15 - 2013-03-02 02:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\wpdbusenum.dll
2013-04-10 07:15 - 2013-03-02 02:45 - 00077824 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-04-10 07:15 - 2013-03-02 02:45 - 00072192 ____A (Microsoft Corporation) C:\Windows\System32\taskhostex.exe
2013-04-10 07:15 - 2013-03-02 02:45 - 00071168 ____A (Microsoft Corporation) C:\Windows\System32\WSDPrintProxy.DLL
2013-04-10 07:15 - 2013-03-02 02:45 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2013-04-10 07:15 - 2013-03-02 02:44 - 05978624 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-10 07:15 - 2013-03-02 02:44 - 01048576 ____A (Microsoft Corporation) C:\Windows\System32\mfasfsrcsnk.dll
2013-04-10 07:15 - 2013-03-02 02:44 - 00703488 ____A (Microsoft Corporation) C:\Windows\System32\drvstore.dll
2013-04-10 07:15 - 2013-03-02 02:44 - 00455168 ____A (Microsoft Corporation) C:\Windows\System32\netcfgx.dll
2013-04-10 07:15 - 2013-03-02 02:44 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\SettingSync.dll
2013-04-10 07:15 - 2013-03-02 02:44 - 00150016 ____A (Microsoft Corporation) C:\Windows\System32\discan.dll
2013-04-10 07:15 - 2013-03-02 02:44 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\NdisImPlatform.dll
2013-04-10 07:15 - 2013-03-02 02:44 - 00049152 ____A (Microsoft Corporation) C:\Windows\System32\DevDispItemProvider.dll
2013-04-10 07:15 - 2013-03-02 02:43 - 02302464 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-04-10 07:15 - 2013-03-02 02:43 - 02146304 ____A (Microsoft Corporation) C:\Windows\System32\actxprxy.dll
2013-04-10 07:15 - 2013-03-02 02:43 - 00389120 ____A (Microsoft Corporation) C:\Windows\System32\BCP47Langs.dll
2013-04-10 07:15 - 2013-03-02 02:43 - 00156160 ____A (Microsoft Corporation) C:\Windows\System32\powercfg.cpl
2013-04-10 07:15 - 2013-03-01 04:56 - 00156672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rfcomm.sys
2013-04-10 07:15 - 2013-03-01 04:55 - 01175040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2013-04-10 07:15 - 2013-02-21 10:30 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-10 07:15 - 2013-02-21 10:30 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-10 07:15 - 2013-02-21 10:29 - 14323200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-10 07:15 - 2013-02-21 10:29 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-10 07:15 - 2013-02-21 10:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-04-10 07:15 - 2013-02-21 10:29 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-10 07:15 - 2013-02-21 10:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-04-10 07:15 - 2013-02-21 10:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-10 07:15 - 2013-02-21 10:29 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-04-10 07:15 - 2013-02-21 10:29 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-04-10 07:15 - 2013-02-21 10:29 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-10 07:15 - 2013-02-21 10:29 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-04-10 07:15 - 2013-02-21 10:15 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-10 07:15 - 2013-02-21 10:15 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2013-04-10 07:15 - 2013-02-21 10:15 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-04-10 07:15 - 2013-02-21 10:14 - 19230208 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-10 07:15 - 2013-02-21 10:14 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-10 07:15 - 2013-02-21 10:14 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-10 07:15 - 2013-02-21 10:14 - 02647040 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-10 07:15 - 2013-02-21 10:14 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-10 07:15 - 2013-02-21 10:14 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-10 07:15 - 2013-02-21 10:14 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-10 07:15 - 2013-02-21 10:14 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-04-10 07:15 - 2013-02-21 10:14 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-10 07:15 - 2013-02-19 09:53 - 00534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-04-10 07:14 - 2013-03-19 22:19 - 04041728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-10 07:14 - 2013-03-07 06:50 - 06991592 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-10 07:14 - 2013-03-02 08:24 - 00034304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-04-10 07:14 - 2013-03-02 08:23 - 00375808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2013-04-10 07:14 - 2013-03-02 08:23 - 00083968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-04-10 07:14 - 2013-03-02 08:21 - 00036352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DevDispItemProvider.dll
2013-04-10 07:14 - 2013-03-02 02:45 - 00141824 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2013-04-10 07:14 - 2013-03-02 02:45 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2013-04-10 07:14 - 2013-03-02 02:45 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2013-04-10 07:14 - 2013-03-02 02:44 - 01011200 ____A (Microsoft Corporation) C:\Windows\System32\reseteng.dll
2013-04-10 07:14 - 2013-03-02 02:44 - 00128512 ____A (Microsoft Corporation) C:\Windows\System32\SettingSyncInfo.dll
2013-04-10 07:14 - 2013-03-02 02:15 - 00026112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mouhid.sys
2013-04-10 07:14 - 2013-03-01 04:56 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\monitor.sys
2013-04-10 07:14 - 2013-02-20 23:08 - 00387867 ____A C:\Windows\System32\ApnDatabase.xml
2013-04-10 02:54 - 2013-04-10 03:03 - 00001239 ____A C:\Users\glass\Documents\Invitation.msrcIncident
2013-04-09 03:57 - 2013-04-09 03:57 - 00000000 ____D C:\Users\glass\Downloads\ui
2013-04-09 03:36 - 2013-04-09 03:36 - 00000000 ____D C:\Program Files (x86)\3d-io plugins
2013-04-09 02:38 - 2013-04-09 03:40 - 00000000 ____D C:ProgramData\3d-io
2013-04-09 02:36 - 2013-04-09 02:36 - 00000000 ____D C:\Users\glass\Downloads\Unwrella v2 20 For 3DsMax  2013 x32 x64
2013-04-09 02:32 - 2013-04-09 02:32 - 00020019 ____A C:\Users\glass\Downloads\[isoHunt] Autodesk Maya Max  2013 Plugins Collection Suite.torrent
2013-04-09 01:24 - 2013-04-09 01:24 - 00004581 ____A C:\Users\glass\Downloads\[isoHunt] UVLayout Pro 2.08.torrent
2013-04-09 00:16 - 2013-04-10 07:15 - 00000000 ____D C:\Windows\softwaredistribution.bak4
2013-04-09 00:16 - 2013-04-09 00:16 - 00000000 ____D C:\Windows\softwaredistribution.bak3
2013-04-09 00:02 - 2013-04-09 00:02 - 00000000 ____D C:\Windows\softwaredistribution.bak2
2013-04-08 12:29 - 2013-04-08 12:29 - 00032217 ____A C:\Users\glass\Downloads\andys trial.txt
2013-04-08 08:57 - 2013-04-10 02:10 - 00000000 ____D C:\Users\glass\AppData\Local\headus
2013-04-08 08:56 - 2013-04-10 00:44 - 00000000 ____D C:\Program Files (x86)\headus UVLayout v2 Professional
2013-04-05 09:41 - 2013-04-05 09:42 - 00000000 ____D C:\Users\ad_2\AppData\Roaming\WTablet
2013-04-02 00:11 - 2013-04-02 00:11 - 00471328 ____A C:\Windows\Minidump\040213-36125-01.dmp
2013-03-29 18:17 - 2013-03-29 18:17 - 00494672 ____A C:\Windows\Minidump\032913-30781-01.dmp
2013-03-28 05:00 - 2013-03-28 05:00 - 00000000 ____D C:\Users\glass\Documents\caustic
2013-03-28 05:00 - 2013-03-28 05:00 - 00000000 ____D C:\Program Files (x86)\SingleCellSoftware
2013-03-27 03:55 - 2013-03-27 03:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-03-27 03:55 - 2013-03-27 03:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-03-27 03:49 - 2013-03-27 03:53 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2012
2013-03-27 03:49 - 2013-03-27 03:53 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2012
2013-03-26 17:17 - 2013-03-15 05:53 - 02539128 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-03-26 17:17 - 2013-03-15 05:53 - 01807136 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco6431422.dll
2013-03-26 17:17 - 2013-03-15 05:53 - 01510176 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6431422.dll
2013-03-26 17:16 - 2013-03-15 05:53 - 25256736 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2013-03-26 17:16 - 2013-03-15 05:53 - 20542752 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-03-26 17:16 - 2013-03-15 05:53 - 17560352 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-03-26 17:16 - 2013-03-15 05:53 - 15508512 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2013-03-26 17:16 - 2013-03-15 05:53 - 13088000 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-03-26 17:16 - 2013-03-15 05:53 - 11048736 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2013-03-26 17:16 - 2013-03-15 05:53 - 09414456 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2013-03-26 17:16 - 2013-03-15 05:53 - 07959000 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-03-26 17:16 - 2013-03-15 05:53 - 07573816 ____A (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2013-03-26 17:16 - 2013-03-15 05:53 - 06271872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-03-26 17:16 - 2013-03-15 05:53 - 02913056 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2013-03-26 17:16 - 2013-03-15 05:53 - 02728736 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-03-26 17:16 - 2013-03-15 05:53 - 02355488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2013-03-26 17:16 - 2013-03-15 05:53 - 01995552 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-03-26 17:16 - 2013-03-15 05:53 - 00420128 ____A (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
2013-03-26 17:16 - 2013-03-15 05:53 - 00364832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-03-26 17:16 - 2013-03-15 05:53 - 00284448 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvkflt.sys
2013-03-26 17:16 - 2013-03-15 05:53 - 00030496 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvpciflt.sys
2013-03-25 23:36 - 2013-01-29 01:57 - 00035232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdBoot.sys
2013-03-25 23:36 - 2013-01-28 23:08 - 00230904 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdFilter.sys
2013-03-22 14:39 - 2013-03-22 14:39 - 00000021 ____A C:\Users\glass\AppData\Roaming\my_intel.sys
 
==================== One Month Modified Files and Folders =======
 
2013-04-21 10:38 - 2013-04-21 10:38 - 00000000 ____D C:\FRST
2013-04-21 09:36 - 2012-11-24 03:51 - 01539263 ____A C:\Windows\WindowsUpdate.log
2013-04-21 09:36 - 2012-07-26 05:26 - 00524288 __ASH C:\Windows\System32\config\BBI
2013-04-21 09:30 - 2012-07-26 07:28 - 00898288 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-21 09:29 - 2013-02-26 11:50 - 00000000 ____D C:\Users\glass\AppData\Roaming\Skype
2013-04-21 09:28 - 2013-03-12 00:38 - 00000000 ____D C:\Users\glass\AppData\Roaming\Dropbox
2013-04-21 09:28 - 2013-02-18 18:35 - 00000000 ____D C:\Program Files (x86)\Steam
2013-04-21 09:28 - 2013-02-18 14:55 - 00000000 ____D C:\Users\glass\AppData\Local\Adobe
2013-04-21 09:27 - 2013-02-18 14:59 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-21 09:27 - 2013-02-18 14:51 - 00000423 ____A C:\Users\glass\AppData\Roaming\sp_data.sys
2013-04-21 09:26 - 2012-11-24 03:30 - 00000000 ____D C:ProgramData\NVIDIA
2013-04-21 09:26 - 2012-07-26 07:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-21 09:19 - 2012-07-26 07:21 - 00042981 ____A C:\Windows\setupact.log
2013-04-21 09:16 - 2013-04-21 09:16 - 01707098 ____A (Farbar) C:\Users\glass\Downloads\FRST64.exe
2013-04-21 09:10 - 2013-02-25 21:17 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-21 09:09 - 2013-02-18 14:59 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-21 09:00 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\System32\sru
2013-04-20 23:48 - 2013-02-18 19:59 - 00000000 ____D C:\Users\glass\AppData\Roaming\vlc
2013-04-20 18:34 - 2013-04-20 18:34 - 00027326 ____A C:\Users\glass\Downloads\ad-Merriden.NetHack-saved-game
2013-04-20 02:49 - 2013-04-20 02:48 - 05056689 ____A (Swearware) C:\Users\glass\Desktop\comfix.exe
2013-04-19 22:57 - 2013-04-19 22:57 - 00000000 ____A C:\Users\glass\Downloads\record
2013-04-19 22:56 - 2013-04-19 22:56 - 02046488 ____A C:\Users\glass\Downloads\nethack-343-win.zip
2013-04-19 20:58 - 2013-04-19 20:58 - 00000000 ____D C:\Users\glass\Documents\The Courtyard
2013-04-19 20:55 - 2013-04-19 20:54 - 00000000 ____D C:\Users\glass\Documents\Akira
2013-04-17 16:07 - 2012-08-02 13:24 - 00034142 ____A C:\Windows\PFRO.log
2013-04-17 16:05 - 2013-04-17 16:04 - 00011236 ____A C:\AdwCleaner[S1].txt
2013-04-17 16:01 - 2013-04-17 16:01 - 00613083 ____A C:\Users\glass\Downloads\adwcleaner.exe
2013-04-17 11:50 - 2013-04-17 11:49 - 00688992 ____R (Swearware) C:\Users\glass\Downloads\dds.com
2013-04-16 17:50 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-04-12 00:29 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\System32\NDF
2013-04-11 23:36 - 2013-04-11 23:36 - 12894739 ____A C:\Users\glass\Downloads\mbar-1.01.0.1022.zip
2013-04-11 23:27 - 2013-04-11 23:27 - 00000000 ____D C:\Users\glass\AppData\Roaming\Malwarebytes
2013-04-11 23:26 - 2013-04-11 23:26 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\glass\Downloads\mbam-setup-1.75.0.1300.exe
2013-04-11 23:26 - 2013-04-11 23:26 - 00000000 ____D C:ProgramData\Malwarebytes
2013-04-11 23:26 - 2013-04-11 23:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-11 23:25 - 2013-04-11 23:24 - 00035348 ____A C:\Users\glass\Downloads\Result.txt
2013-04-11 23:24 - 2013-04-11 23:24 - 00760335 ____A (Farbar) C:\Users\glass\Downloads\MiniToolBox.exe
2013-04-11 23:16 - 2013-04-11 20:23 - 00004450 ____A C:\Users\glass\Downloads\FSS.txt
2013-04-11 20:19 - 2013-04-11 20:19 - 00354265 ____A (Farbar) C:\Users\glass\Downloads\FSS.exe
2013-04-11 20:10 - 2013-04-11 20:10 - 00079686 ____A C:\Users\glass\Downloads\windowsupdate (2).diagcab
2013-04-11 20:10 - 2013-03-07 20:31 - 00048128 __ASH C:\Users\glass\Desktop\Thumbs.db
2013-04-11 20:09 - 2013-04-11 20:09 - 00691200 ____A C:\Users\glass\Downloads\MicrosoftFixit50686.msi
2013-04-11 20:05 - 2013-04-11 19:57 - 00000000 ____D C:\Windows\softwaredistribution.bak9
2013-04-11 20:01 - 2013-04-11 20:01 - 04933936 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-11 19:56 - 2013-04-11 19:56 - 00000000 ____D C:\Windows\softwaredistribution.bak8
2013-04-11 13:59 - 2013-04-11 13:59 - 00000000 ____D C:\Windows\softwaredistribution.bak7
2013-04-11 13:54 - 2013-04-11 13:54 - 00000000 ____D C:\Windows\softwaredistribution.bak6
2013-04-11 13:53 - 2013-04-11 13:53 - 00079686 ____A C:\Users\glass\Downloads\windowsupdate (1).diagcab
2013-04-11 12:58 - 2013-04-11 12:58 - 00213606 ____A C:\Users\glass\Downloads\AppsDiagnostic.diagcab
2013-04-11 12:56 - 2013-04-11 12:56 - 00689664 ____A C:\Users\glass\Downloads\MicrosoftFixit50202.msi
2013-04-11 12:54 - 2013-04-11 12:54 - 00000000 ____D C:\Windows\softwaredistribution.bak5
2013-04-11 12:53 - 2013-04-11 12:53 - 00079686 ____A C:\Users\glass\Downloads\windowsupdate.diagcab
2013-04-11 12:52 - 2013-04-11 12:52 - 00677376 ____A C:\Users\glass\Downloads\MicrosoftFixit50687.msi
2013-04-11 12:51 - 2013-04-11 12:51 - 00347424 ____A (Microsoft Corporation) C:\Users\glass\Downloads\MicrosoftFixit.wu.Run.exe
2013-04-11 10:38 - 2013-02-18 14:59 - 00000000 ____D C:\Program Files (x86)\Google
2013-04-11 10:37 - 2013-04-11 10:37 - 00299288 ____A C:\Users\glass\Downloads\GmailInstaller.exe
2013-04-10 17:27 - 2013-03-07 14:10 - 00000000 ____D C:\Users\glass\AppData\Roaming\Notepad++
2013-04-10 08:14 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\rescache
2013-04-10 07:28 - 2012-07-26 08:12 - 00000000 ___RD C:\Windows\ToastData
2013-04-10 07:28 - 2012-07-26 05:38 - 00000000 ____D C:\Windows\System32\oobe
2013-04-10 07:16 - 2013-02-18 21:40 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-04-10 07:15 - 2013-04-09 00:16 - 00000000 ____D C:\Windows\softwaredistribution.bak4
2013-04-10 04:16 - 2013-02-18 14:48 - 00000000 ____D C:\users\glass
2013-04-10 03:03 - 2013-04-10 02:54 - 00001239 ____A C:\Users\glass\Documents\Invitation.msrcIncident
2013-04-10 02:10 - 2013-04-08 08:57 - 00000000 ____D C:\Users\glass\AppData\Local\headus
2013-04-10 02:05 - 2013-02-18 14:49 - 00000000 ____D C:\Users\glass\AppData\Local\VirtualStore
2013-04-10 00:44 - 2013-04-08 08:56 - 00000000 ____D C:\Program Files (x86)\headus UVLayout v2 Professional
2013-04-09 03:57 - 2013-04-09 03:57 - 00000000 ____D C:\Users\glass\Downloads\ui
2013-04-09 03:40 - 2013-04-09 02:38 - 00000000 ____D C:ProgramData\3d-io
2013-04-09 03:36 - 2013-04-09 03:36 - 00000000 ____D C:\Program Files (x86)\3d-io plugins
2013-04-09 03:30 - 2013-02-18 21:23 - 00000000 ____D C:\Users\glass\AppData\Roaming\Azureus
2013-04-09 02:36 - 2013-04-09 02:36 - 00000000 ____D C:\Users\glass\Downloads\Unwrella v2 20 For 3DsMax  2013 x32 x64
2013-04-09 02:32 - 2013-04-09 02:32 - 00020019 ____A C:\Users\glass\Downloads\[isoHunt] Autodesk Maya Max  2013 Plugins Collection Suite.torrent
2013-04-09 01:24 - 2013-04-09 01:24 - 00004581 ____A C:\Users\glass\Downloads\[isoHunt] UVLayout Pro 2.08.torrent
2013-04-09 00:16 - 2013-04-09 00:16 - 00000000 ____D C:\Windows\softwaredistribution.bak3
2013-04-09 00:02 - 2013-04-09 00:02 - 00000000 ____D C:\Windows\softwaredistribution.bak2
2013-04-08 23:42 - 2012-07-26 08:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2013-04-08 12:29 - 2013-04-08 12:29 - 00032217 ____A C:\Users\glass\Downloads\andys trial.txt
2013-04-07 02:58 - 2013-02-18 20:59 - 00000000 ____D C:\Users\glass\Downloads\mafia
2013-04-05 09:42 - 2013-04-05 09:41 - 00000000 ____D C:\Users\ad_2\AppData\Roaming\WTablet
2013-04-05 09:41 - 2013-02-21 17:47 - 00000000 ____D C:\Users\ad_2\AppData\Roaming\Wacom
2013-04-05 09:41 - 2013-02-21 17:46 - 00000408 ____A C:\Users\ad_2\AppData\Roaming\sp_data.sys
2013-04-04 13:50 - 2013-04-11 23:26 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-04-02 22:08 - 2013-02-19 07:36 - 00692576 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-04-02 22:08 - 2013-02-19 07:36 - 00078176 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-04-02 10:34 - 2013-02-25 12:58 - 00282744 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-04-02 00:16 - 2012-07-26 05:26 - 00262144 __ASH C:\Windows\System32\config\ELAM
2013-04-02 00:11 - 2013-04-02 00:11 - 00471328 ____A C:\Windows\Minidump\040213-36125-01.dmp
2013-04-02 00:11 - 2013-03-04 02:15 - 1137444484 ____A C:\Windows\MEMORY.DMP
2013-04-02 00:11 - 2013-03-04 02:15 - 00000000 ____D C:\Windows\Minidump
2013-03-30 11:42 - 2013-02-26 11:50 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-03-30 11:42 - 2013-02-26 11:50 - 00000000 ____D C:ProgramData\Skype
2013-03-29 18:17 - 2013-03-29 18:17 - 00494672 ____A C:\Windows\Minidump\032913-30781-01.dmp
2013-03-29 14:05 - 2012-08-17 00:52 - 05444962 ____A C:\Windows\AsDebug.log
2013-03-29 03:54 - 2013-03-21 14:53 - 00000000 ____D C:\Users\glass\AppData\Roaming\Train2Game
2013-03-28 05:00 - 2013-03-28 05:00 - 00000000 ____D C:\Users\glass\Documents\caustic
2013-03-28 05:00 - 2013-03-28 05:00 - 00000000 ____D C:\Program Files (x86)\SingleCellSoftware
2013-03-27 14:59 - 2013-02-18 19:40 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-03-27 14:59 - 2013-02-18 19:40 - 00000000 ____D C:\Windows\System32\NV
2013-03-27 14:55 - 2012-07-26 08:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-03-27 14:55 - 2012-07-26 08:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-03-27 03:55 - 2013-03-27 03:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-03-27 03:55 - 2013-03-27 03:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-03-27 03:54 - 2012-07-26 08:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-03-27 03:53 - 2013-03-27 03:49 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2012
2013-03-27 03:53 - 2013-03-27 03:49 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2012
2013-03-27 03:49 - 2013-02-25 13:16 - 00000000 ____D C:ProgramData\Package Cache
2013-03-26 17:20 - 2013-02-18 19:37 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-03-22 14:39 - 2013-03-22 14:39 - 00000021 ____A C:\Users\glass\AppData\Roaming\my_intel.sys
 
ZeroAccess:
C:\Windows\Installer\{16fe19f8-4efb-8cf6-4cb6-bf11919e4939}
C:\Windows\Installer\{16fe19f8-4efb-8cf6-4cb6-bf11919e4939}\@
C:\Windows\Installer\{16fe19f8-4efb-8cf6-4cb6-bf11919e4939}\L
C:\Windows\Installer\{16fe19f8-4efb-8cf6-4cb6-bf11919e4939}\U
C:\Windows\Installer\{16fe19f8-4efb-8cf6-4cb6-bf11919e4939}\L\00000004.@
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2013-04-04 05:25:23
Restore point made on: 2013-04-08 08:55:56
Restore point made on: 2013-04-10 00:44:21
Restore point made on: 2013-04-18 19:28:39
 
==================== Memory info =========================== 
 
Percentage of memory in use: 11%
Total physical RAM: 8077.47 MB
Available physical RAM: 7175.15 MB
Total Pagefile: 8077.47 MB
Available Pagefile: 7174.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:237.02 GB) NTFS (Disk=0 Partition=4) ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:537.89 GB) (Free:504.78 GB) NTFS
Drive e: () (Removable) (Total:0.95 GB) (Free:0.95 GB) FAT32 (Disk=1 Partition=1)
Drive f: (BATMANGOTY) (CDROM) (Total:7.91 GB) (Free:0 GB) UDF
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
 
  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          931 GB      0 B        *
  Disk 1    Online          980 MB      0 B         
 
Partitions of Disk 0:
===============
 
Disk ID: {A6E9090D-B5AB-412A-8568-2EEE08FA3FA8}
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    System (partition with boot components)             300 MB  1024 KB
  Partition 2    Recovery           600 MB   301 MB
  Partition 3    Reserved           128 MB   901 MB
  Partition 4    Primary            372 GB  1029 MB
  Partition 5    Primary            537 GB   373 GB
  Partition 6    Recovery            20 GB   911 GB
 
==================================================================================
 
Disk: 0
Partition 1
Type    : c12a7328-f81f-11d2-ba4b-00a0c93ec93b
Hidden  : Yes
Required: No
Attrib  : 0X8000000000000000
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3         SYSTEM       FAT32  Partition    300 MB  Healthy    Hidden  
 
=========================================================
 
Disk: 0
Partition 2
Type    : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden  : Yes
Required: Yes
Attrib  : 0X8000000000000001
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4         Recovery     NTFS   Partition    600 MB  Healthy    Hidden  
 
=========================================================
 
Disk: 0
Partition 3
Type    : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden  : Yes
Required: No
Attrib  : 0X8000000000000000
 
There is no volume associated with this partition.
 
=========================================================
 
Disk: 0
Partition 4
Type    : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden  : No
Required: No
Attrib  : 0000000000000000
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C   OS           NTFS   Partition    372 GB  Healthy            
 
=========================================================
 
Disk: 0
Partition 5
Type    : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden  : No
Required: No
Attrib  : 0000000000000000
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     D   Data         NTFS   Partition    537 GB  Healthy            
 
=========================================================
 
Disk: 0
Partition 6
Type    : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden  : Yes
Required: Yes
Attrib  : 0X8000000000000001
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5         Restore      NTFS   Partition     20 GB  Healthy    Hidden  
 
=========================================================
 
Partitions of Disk 1:
===============
 
Disk ID: 126B7D4D
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            979 MB   232 KB
 
==================================================================================
 
Disk: 1
Partition 1
Type  : 0B
Hidden: No
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 6     E                FAT32  Removable    979 MB  Healthy            
 
=========================================================
============================== MBR & Partition Table ==================
 
====================================================================
Disk: 0 (Size: 932 GB) (Disk ID: CDFAD22C)
 
Partition 1: GPT Partition Type
====================================================================
Disk: 1 (Size: 980 MB) (Disk ID: 126B7D4D)
 
Partition 1: (Not Active) - (Size=980 MB) - (Type=0B)
 
 
Last Boot: 2013-04-13 02:02
 
==================== End Of Log ============================


#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:15 PM

Posted 21 April 2013 - 06:49 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt
 
C:\Windows\Installer\{16fe19f8-4efb-8cf6-4cb6-bf11919e4939}
C:\Windows\Installer\{16fe19f8-4efb-8cf6-4cb6-bf11919e4939}\@
C:\Windows\Installer\{16fe19f8-4efb-8cf6-4cb6-bf11919e4939}\L
C:\Windows\Installer\{16fe19f8-4efb-8cf6-4cb6-bf11919e4939}\U
C:\Windows\Installer\{16fe19f8-4efb-8cf6-4cb6-bf11919e4939}\L\00000004.@
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7/8: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors.
Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it in your reply.

Posted Image
m0le is a proud member of UNITE

#11 fingersmurphy

fingersmurphy
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 21 April 2013 - 07:42 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-04-2013 01
Ran by SYSTEM at 2013-04-22 01:38:27 Run:1
Running from E:\
Boot Mode: Recovery
==============================================
 
C:\Windows\Installer\{16fe19f8-4efb-8cf6-4cb6-bf11919e4939} moved successfully.
C:\Windows\Installer\{16fe19f8-4efb-8cf6-4cb6-bf11919e4939}\@ not found.
C:\Windows\Installer\{16fe19f8-4efb-8cf6-4cb6-bf11919e4939}\L not found.
C:\Windows\Installer\{16fe19f8-4efb-8cf6-4cb6-bf11919e4939}\U not found.
C:\Windows\Installer\{16fe19f8-4efb-8cf6-4cb6-bf11919e4939}\L\00000004.@ not found.
 
==== End of Fixlog ====


#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:15 PM

Posted 22 April 2013 - 02:07 PM

That's removed the last of ZeroAccess. Please rerun MWB Antirootkit and post the result
Posted Image
m0le is a proud member of UNITE

#13 fingersmurphy

fingersmurphy
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 22 April 2013 - 02:56 PM

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.2.9200 Windows 8 x64
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16540
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.395000 GHz
Memory total: 8469839872, free: 5649047552
 
------------ Kernel report ------------
     04/22/2013 20:46:05
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\nvkflt.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
\SystemRoot\System32\drivers\XHCIPort.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\AiCharger.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETwew00.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\L1C63x64.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\AsusTP.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbfiltr.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\AsHIDSwitch64.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\iwdbus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\AMPPAL.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\usb3Hub.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\system32\DRIVERS\iBtFltCoex.sys
\SystemRoot\system32\DRIVERS\btmhsf.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btmaux.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\drivers\condrv.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\Drivers\rikvm_38F51D56.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\drivers\rdpdr.sys
\SystemRoot\system32\DRIVERS\WinUSB.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800ad56740
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000055\
Lower Device Object: 0xfffffa800ad62b00
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8008be4420
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000042\
Lower Device Object: 0xfffffa80077137f0
Lower Device Driver Name: \Driver\iaStorA\
Driver name found: iaStorA
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\Drivers\storport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.04.22.08
Downloaded database version: v2013.04.17.03
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 4
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8008be4420, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008be3040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008be4420, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80076d6250, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80077137f0, DeviceName: \Device\00000042\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xfffff8a00f78ec80, 0xfffffa8008be4420, 0xfffffa8007018090
Lower DeviceData: 0xfffff8a00ed8c400, 0xfffffa80077137f0, 0xfffffa80074383d0
Partition type: GUID
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 4
Partition type: GUID
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: CDFAD22C
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 1953525167
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2064295494
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34  LastUsableLba 1953525134
    GPT Header Guid a6e9090d-b5ab-412a-8568-2eee8fa3fa8
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 2064295494
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1953525134
    Backup GPT header Guid a6e9090d-b5ab-412a-8568-2eee8fa3fa8
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 272b1762-6388-4215-a727-17f846f78473
    FirstLBA 2048  Last LBA 616447
    Attributes 0
    Partition Name                 EFI system partition
 
    GPT Partition 0 is bootable
    Partition 1 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID f8cf9fde-3933-44d4-a767-60219ef24fae
    FirstLBA 616448  Last LBA 1845247
    Attributes 1
    Partition Name                 Basic data partition
 
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 2f6e83b7-8a24-49eb-91ce-b79681b556ad
    FirstLBA 1845248  Last LBA 2107391
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 3391d0dd-52c-4a3b-a442-302fdd33563
    FirstLBA 2107392  Last LBA 783515647
    Attributes 0
    Partition Name                 Basic data partition
 
    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID b9c9a4f1-fe1a-4c81-9561-ff56562c8df
    FirstLBA 783515648  Last LBA 1911560191
    Attributes 0
    Partition Name                 Basic data partition
 
    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 2ef8acd1-833c-4056-ae4d-6b151fb7f7ee
    FirstLBA 1911560192  Last LBA 1953523711
    Attributes 1
    Partition Name                 Basic data partition
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800ad56740, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800ad55040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800ad56740, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800ad62b00, DeviceName: \Device\00000055\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0xfffff8a0071e07d0, 0xfffffa800ad56740, 0xfffffa8006ec3090
Lower DeviceData: 0xfffff8a00faa87d0, 0xfffffa800ad62b00, 0xfffffa800730d090
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 126B7D4D
 
Partition information:
 
    Partition 0 type is Other (0xb)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 464  Numsec = 2006576
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 1027604480 bytes
Sector size: 512 bytes
 
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================


Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
 
Database version: v2013.04.22.08
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16540
ad :: WAYNETUNDRA [administrator]
 
22/04/2013 20:55:24
mbar-log-2013-04-22 (20-55-24).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 15312
Time elapsed: 8 minute(s), 57 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:15 PM

Posted 22 April 2013 - 06:41 PM

Is everything still running okay?
Posted Image
m0le is a proud member of UNITE

#15 fingersmurphy

fingersmurphy
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 22 April 2013 - 06:52 PM

aye man, as far as i can tell... i've restarted since and everything i use is working as it usually would. i can't say i've given the machine a proper going over- launched a few programs that i use for work, played a game or two, and nothing seems out of the ordinary- then again, nothing seemed strange or startling in the first place... (i was surprise to discover my machine had a rootkit to begin with :/ )

 

the reason i came here was because my firewall was reporting an error ( original thread http://www.bleepingcomputer.com/forums/t/491444/windows-8-firewall-error-code-0x80070424/

)-

 

i know your time is valuable and probably better suited to sorting out these more serious issues but do you have any idea what my next step should be?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users