Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected, i think. lilyjade, trojan.dropper.h and maybe more


  • This topic is locked This topic is locked
19 replies to this topic

#1 Malmortius

Malmortius

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 07 June 2013 - 09:37 AM

I've been having quite a few problems with my computer. I acidentally downloaded a dodgey codec program for watching videos and i think it started from there. I'm dumb.

Slow start up times, black screening and other small things like unusually slow and laggy internet for no reason. I safe booted and ran 3 different scans but just to make sure i went through these steps. 

A few of what it found were:

trojan.lilyjade

trojan.dropper.h

 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 10.21.2
Run by James at 15:36:04 on 2013-06-07
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8183.4997 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\XSrvSetup.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Tablet\Pen\WacomHost.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\taskhost.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://websearch.youwillfind.info/?pid=345&r=2013/05/05&hid=1434292357&lg=EN&cc=GB
uURLSearchHooks: SearchHook Class: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
uURLSearchHooks: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - <orphaned>
uURLSearchHooks: WhiteSmoke New Toolbar: {739df940-c5ee-4bab-9d7e-270894ae687a} - 
mURLSearchHooks: WhiteSmoke New Toolbar: {739df940-c5ee-4bab-9d7e-270894ae687a} - 
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: WhiteSmoke New Toolbar: {739df940-c5ee-4bab-9d7e-270894ae687a} - 
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: VoAuUdixy: {9BC90BB1-C044-9362-F5ED-D7EC9C61EFA4} - 
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: WhiteSmoke New Toolbar: {739df940-c5ee-4bab-9d7e-270894ae687a} - 
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Google Update] "C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [VMonitorVMUVC] "C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll] "C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll",DllRegisterServer
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] "C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] "C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] "C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TP-LIN~1.LNK - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{017753BD-0070-4F90-AEEF-917EC01582EB} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{C46A218C-40AA-4E11-85C0-972448CBCE26} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\vaudix\sprote~1.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-5-6 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-5-6 189936]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2011-6-20 21544]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-5-6 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-5-6 378432]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-21 240640]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-5-6 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-5-6 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-6-5 46808]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2011-6-20 72280]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-5 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-5 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-9-3 1153368]
R2 WTabletServiceCon;Wacom Consumer Service;C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [2013-4-10 619904]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-1-15 96768]
R3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2013-4-10 13728]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-24 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-1-17 66800]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-5 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-10-26 75264]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-10-26 176640]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-20 346144]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\System32\drivers\vcsvad.sys [2011-10-7 21504]
R3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2013-4-10 81824]
R3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2013-4-10 15776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-4-22 8704]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 athur;Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2012-12-29 1930240]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-2-22 49152]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-6 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2012-1-11 34304]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-2-22 28160]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2009-12-1 38992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 VMUVC;Vimicro Camera Service VMUVC;C:\Windows\System32\drivers\vmuvc.sys [2011-9-5 198784]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;C:\Windows\System32\drivers\vvftUVC.sys [2011-9-5 303616]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-23 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\Admin\Desktop\1ATI\REALTEMP\WinRing0x64.sys [2011-6-20 14544]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-06-07 11:08:39 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{955ADD7A-95D6-4201-95B6-1FFB687CDA64}\mpengine.dll
2013-06-06 11:17:52 -------- d-----w- C:\Users\James\AppData\Roaming\Malwarebytes
2013-06-06 11:07:31 9460464 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-06 10:59:13 -------- d-----w- C:\Users\James\AppData\Local\{BA73DE98-3500-46A9-8A89-7154081166C4}
2013-06-05 21:20:13 -------- d-----w- C:\Users\James\Tracing
2013-06-05 20:36:51 -------- d-----w- C:\Program Files\File Shredder
2013-06-05 16:35:51 -------- d-----w- C:\ProgramData\Malwarebytes
2013-06-05 16:35:50 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-06-05 16:35:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-05 16:22:40 -------- d-----w- C:\Users\James\AppData\Local\{709CEA1F-E795-45E9-BC05-F36AF5B09C10}
2013-06-05 15:48:02 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2013-06-05 15:47:59 -------- d-----w- C:\Users\James\AppData\Local\Mojang
2013-06-05 15:47:58 -------- d-sh--w- C:\AI_RecycleBin
2013-05-27 23:57:25 -------- d-----w- C:\Users\James\AppData\Local\{D2DD7FC6-E6F9-4113-A4F5-30CE6BB3406D}
2013-05-21 06:40:18 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A90746D3-00E9-4BFF-984C-2D5515B9FC38}\gapaengine.dll
2013-05-16 15:22:51 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-16 11:24:33 -------- d-----w- C:\Users\James\AppData\Local\{5884DCAA-7849-4CE1-BAF0-FDB1013CD334}
2013-05-15 04:00:11 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 04:00:10 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-15 04:00:10 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-05-15 03:59:56 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-05-15 03:59:55 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-05-15 03:59:55 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-15 03:59:55 111448 ----a-w- C:\Windows\System32\consent.exe
2013-05-15 03:59:44 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-05-15 03:59:44 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-05-15 03:59:43 3153920 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M  ====================
.
2013-05-16 15:22:39 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-05-16 15:22:39 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-05-15 10:41:19 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 10:41:19 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-05-09 08:59:07 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-05-09 08:59:07 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-11 18:04:33 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2013-04-11 14:22:56 770384 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2013-04-11 14:22:56 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2013-04-07 08:54:58 1455408 ----a-w- C:\Windows\System32\dmwu.exe
2013-04-07 08:53:48 33792 ----a-w- C:\Windows\System32\ImHttpComm.dll
2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-03-21 06:42:36 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2013-03-21 06:42:36 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2013-03-21 06:42:34 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2013-03-21 06:42:34 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2013-03-21 06:42:20 139696 ----a-w- C:\Windows\System32\atiuxp64.dll
2013-03-21 06:42:16 118584 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2013-03-21 06:42:14 113464 ----a-w- C:\Windows\System32\atiu9p64.dll
2013-03-21 06:42:12 92304 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2013-03-21 06:42:06 1151168 ----a-w- C:\Windows\System32\aticfx64.dll
2013-03-21 06:42:04 968864 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2013-03-21 06:41:54 8271088 ----a-w- C:\Windows\System32\atidxx64.dll
2013-03-21 06:41:44 7233336 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2013-03-21 06:41:36 4474984 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2013-03-21 06:41:22 5940656 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2013-03-21 06:41:12 5034792 ----a-w- C:\Windows\System32\atiumd6a.dll
2013-03-21 06:41:04 6980480 ----a-w- C:\Windows\System32\atiumd64.dll
2013-03-21 06:32:46 11613184 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2013-03-21 02:24:56 23580672 ----a-w- C:\Windows\System32\atio6axx.dll
2013-03-21 02:16:50 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2013-03-21 02:14:32 77312 ----a-w- C:\Windows\System32\coinst_12.10.17.dll
2013-03-21 02:14:20 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2013-03-21 02:14:18 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2013-03-21 02:14:12 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2013-03-21 02:14:10 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2013-03-21 02:13:58 16082944 ----a-w- C:\Windows\System32\aticaldd64.dll
2013-03-21 02:09:36 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2013-03-21 02:05:54 19755008 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2013-03-21 01:52:52 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2013-03-21 01:52:46 561152 ----a-w- C:\Windows\System32\atieclxx.exe
2013-03-21 01:51:56 240640 ----a-w- C:\Windows\System32\atiesrxx.exe
2013-03-21 01:50:34 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2013-03-21 01:50:22 25600 ----a-w- C:\Windows\System32\atimuixx.dll
2013-03-21 01:50:16 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2013-03-21 01:50:12 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2013-03-21 01:26:46 630272 ----a-w- C:\Windows\System32\atiadlxx.dll
2013-03-21 01:26:36 425984 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2013-03-21 01:26:22 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2013-03-21 01:26:18 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2013-03-21 01:26:18 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2013-03-21 01:26:14 44032 ----a-w- C:\Windows\System32\atig6txx.dll
2013-03-21 01:26:08 34816 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2013-03-21 01:25:58 576000 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2013-03-21 01:23:08 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2013-03-20 21:29:28 222720 ----a-w- C:\Windows\System32\clinfo.exe
2013-03-20 21:29:10 76288 ----a-w- C:\Windows\System32\OpenVideo64.dll
2013-03-20 21:29:06 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2013-03-20 21:29:02 64000 ----a-w- C:\Windows\System32\OVDecode64.dll
2013-03-20 21:28:58 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2013-03-20 21:28:50 29150208 ----a-w- C:\Windows\System32\amdocl64.dll
2013-03-20 21:26:56 23810048 ----a-w- C:\Windows\SysWow64\amdocl.dll
2013-03-20 21:25:16 54784 ----a-w- C:\Windows\System32\OpenCL.dll
2013-03-20 21:25:12 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-03-20 21:19:10 5067264 ----a-w- C:\Windows\System32\amdsc64.dll
2013-03-20 21:19:08 4083200 ----a-w- C:\Windows\SysWow64\amdsc.dll
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
.
============= FINISH: 15:36:51.59 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:10 AM

Posted 07 June 2013 - 06:35 PM

Please run the following:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Malmortius

Malmortius
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 07 June 2013 - 06:42 PM

Please run the following:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-06-2013 02
Ran by James (administrator) on 08-06-2013 00:40:17
Running from C:\Users\James\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
() C:\Windows\SysWOW64\XSrvSetup.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Vimicro Corporation) C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Google Inc.) C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11464296 2010-09-03] (Realtek Semiconductor)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized [7468784 2013-02-28] (Logitech Inc.)
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll",DllRegisterServer [2785280 2013-01-29] (DivX, LLC)
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer [90112 2013-01-29] ()
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer [66048 2013-01-29] ()
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer [335872 2013-01-29] ()
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer [1110016 2013-01-29] ()
HKCU\...\Run: [Google Update] "C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-21] (Google Inc.)
HKCU\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKCU\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [393216 2011-09-23] (AMD)
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll",DllRegisterServer [2785280 2013-01-29] (DivX, LLC)
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer [90112 2013-01-29] ()
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer [66048 2013-01-29] ()
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer [335872 2013-01-29] ()
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer [1110016 2013-01-29] ()
HKLM-x32\...\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [375000 2009-10-15] (DeviceVM, Inc.)
HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [106496 2009-10-21] (NEC Electronics Corporation)
HKLM-x32\...\Run: [VMonitorVMUVC] "C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC [143360 2008-08-29] (Vimicro Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1564872 2012-06-06] (Ask)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-01-30] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-13] ()
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642656 2013-03-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Admin\...\Run: [Google Update] "C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-21] (Google Inc.)
HKU\Admin\...\Run: [Comrade.exe] C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe [x]
HKU\Admin\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Admin\...\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent [x]
HKU\Admin\...\RunOnce: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3082320 2011-12-09] ()
HKU\Mcx1-JAMES-PC.James-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-14] (Microsoft Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.youwillfind.info/?pid=345&r=2013/05/05&hid=1434292357&lg=EN&cc=GB
URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll (DeviceVM, Inc.)
URLSearchHook: (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} -  No File
URLSearchHook: (No Name) - {739df940-c5ee-4bab-9d7e-270894ae687a} -  No File
HKLM-x32 SearchScopes: DefaultScope {0814A95D-C3AF-4A2D-8853-2160BABAEF10} URL = 
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.youwillfind.info/?l=1&q={searchTerms}&pid=345&r=2013/05/05&hid=1434292357&lg=EN&cc=GB
HKCU SearchScopes: DefaultScope {545C989E-9561-466e-A6C0-DBA1DC26D4B4} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
SearchScopes: HKCU - {545C989E-9561-466e-A6C0-DBA1DC26D4B4} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO-x32: WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: VoAuUdixy - {9BC90BB1-C044-9362-F5ED-D7EC9C61EFA4} - C:\ProgramData\VoAuUdixy\5186545b6b365.dll No File
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll No File
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
FireFox:
========
FF ProfilePath: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.co.uk/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\James\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\James\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\James\AppData\Local\Google\Chrome\Application\27.0.1453.110\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll No File
CHR Plugin: (Windows Live\\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\James\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0
CHR Extension: (Google Search) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0
CHR Extension: (New tab for Chrome\u2122) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR Extension: (Gmail) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
 
==================== Services (Whitelisted) =================
 
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-02-22] ()
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72280 2010-09-07] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-12-03] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025808 2013-05-09] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378432 2013-05-09] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-05-09] ()
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [34304 2012-01-11] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2012-02-22] (ManyCam LLC)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S3 VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [198784 2009-05-25] (Vimicro Corporation)
S3 vvftUVC; C:\Windows\System32\drivers\vvftUVC.sys [303616 2008-07-01] (Vimicro Corporation)
S3 WinRing0_1_2_0; C:\Users\Admin\Desktop\1ATI\REALTEMP\WinRing0x64.sys [14544 2011-03-14] (OpenLibSys.org)
S3 ALSysIO; \??\C:\Users\James\AppData\Local\Temp\ALSysIO64.sys [x]
S3 cpuz135; \??\C:\Users\Admin\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 gdrv; \??\C:\Windows\gdrv.sys [x]
S0 TfFsMon; system32\drivers\TfFsMon.sys [x]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [x]
S0 TfSysMon; system32\drivers\TfSysMon.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-06-08 00:40 - 2013-06-08 00:40 - 00000000 ____D C:\FRST
2013-06-08 00:37 - 2013-06-08 00:38 - 01919218 ____A (Farbar) C:\Users\James\Downloads\FRST64.exe
2013-06-07 15:36 - 2013-06-07 15:36 - 00027463 ____A C:\Users\James\Desktop\dds.txt
2013-06-07 15:36 - 2013-06-07 15:36 - 00014790 ____A C:\Users\James\Desktop\attach.txt
2013-06-07 15:35 - 2013-06-07 15:35 - 00688992 ____R (Swearware) C:\Users\James\Downloads\dds (1).com
2013-06-06 12:17 - 2013-06-06 12:17 - 00000000 ____D C:\Users\James\AppData\Roaming\Malwarebytes
2013-06-06 12:04 - 2013-06-06 12:04 - 00688992 ____R (Swearware) C:\Users\James\Downloads\dds.com
2013-06-06 11:59 - 2013-06-06 11:59 - 00000000 ____D C:\Users\James\AppData\Local\{BA73DE98-3500-46A9-8A89-7154081166C4}
2013-06-05 22:20 - 2013-06-06 11:58 - 00000000 ____D C:\Users\James\Tracing
2013-06-05 21:41 - 2013-06-05 21:42 - 02317839 ____A (PowTools                                                    ) C:\Users\Admin\Downloads\file_shredder_setup (1).exe
2013-06-05 21:36 - 2013-06-05 21:42 - 00000000 ____D C:\Program Files\File Shredder
2013-06-05 21:36 - 2013-06-05 21:36 - 02317839 ____A (PowTools                                                    ) C:\Users\Admin\Downloads\file_shredder_setup.exe
2013-06-05 17:41 - 2013-06-05 17:41 - 00002517 ____A C:\Users\Admin\Desktop\Google Chrome.lnk
2013-06-05 17:41 - 2013-06-05 17:41 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2013-06-05 17:35 - 2013-06-05 17:35 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Admin\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-05 17:35 - 2013-06-05 17:35 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-05 17:35 - 2013-06-05 17:35 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-06-05 17:35 - 2013-06-05 17:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-05 17:35 - 2013-06-05 17:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-05 17:35 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-05 17:32 - 2013-06-05 17:32 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Macromedia
2013-06-05 17:32 - 2013-06-05 17:32 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2013-06-05 17:27 - 2013-06-05 22:16 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2013-06-05 17:22 - 2013-06-05 17:23 - 00000000 ____D C:\Users\James\AppData\Local\{709CEA1F-E795-45E9-BC05-F36AF5B09C10}
2013-06-05 17:02 - 2013-06-05 17:02 - 00002591 ____A C:\Users\James\Desktop\Scrolls.lnk
2013-06-05 16:48 - 2013-06-05 16:48 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-06-05 16:47 - 2013-06-05 16:48 - 00000000 __SHD C:\AI_RecycleBin
2013-06-05 16:47 - 2013-06-05 16:47 - 02327040 ____A C:\Users\James\Downloads\Scrolls-Installer.msi
2013-06-05 16:47 - 2013-06-05 16:47 - 00000000 ____D C:\Users\James\AppData\Local\Mojang
2013-06-01 01:38 - 2013-06-01 01:38 - 00000000 ____D C:\Users\James\Documents\NeocoreGames
2013-05-28 00:57 - 2013-05-28 00:57 - 00000000 ____D C:\Users\James\AppData\Local\{D2DD7FC6-E6F9-4113-A4F5-30CE6BB3406D}
2013-05-16 16:22 - 2013-05-16 16:22 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-05-16 16:22 - 2013-05-16 16:22 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-05-16 16:20 - 2013-05-16 16:20 - 00903072 ____A (Oracle Corporation) C:\Users\James\Downloads\chromeinstall-7u21.exe
2013-05-16 12:24 - 2013-05-16 12:24 - 00000000 ____D C:\Users\James\AppData\Local\{5884DCAA-7849-4CE1-BAF0-FDB1013CD334}
2013-05-16 03:01 - 2013-04-05 07:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-16 03:01 - 2013-04-05 07:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-16 03:01 - 2013-04-05 07:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-16 03:01 - 2013-04-05 07:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-16 03:01 - 2013-04-05 07:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-16 03:01 - 2013-04-05 07:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-16 03:01 - 2013-04-05 07:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-16 03:01 - 2013-04-05 07:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-16 03:01 - 2013-04-05 07:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-16 03:01 - 2013-04-05 07:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-16 03:01 - 2013-04-05 07:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-16 03:01 - 2013-04-05 07:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-16 03:01 - 2013-04-05 07:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-16 03:01 - 2013-04-05 07:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-16 03:01 - 2013-04-05 06:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-16 03:01 - 2013-04-05 06:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-16 03:01 - 2013-04-05 06:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-16 03:01 - 2013-04-05 06:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-16 03:01 - 2013-04-05 06:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-16 03:01 - 2013-04-05 06:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-16 03:01 - 2013-04-05 06:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-16 03:01 - 2013-04-05 06:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-16 03:01 - 2013-04-05 06:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-16 03:01 - 2013-04-05 06:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-16 03:01 - 2013-04-05 06:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-16 03:01 - 2013-04-05 06:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-16 03:01 - 2013-04-05 06:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-16 03:01 - 2013-04-05 05:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-16 03:01 - 2013-04-05 05:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-16 03:01 - 2013-04-05 04:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-16 03:01 - 2013-04-05 04:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-15 05:00 - 2013-04-10 07:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 05:00 - 2013-04-10 07:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 05:00 - 2011-02-03 12:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 04:59 - 2013-04-10 04:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 04:59 - 2013-03-19 06:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-15 04:59 - 2013-03-19 06:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-15 04:59 - 2013-02-27 07:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 04:59 - 2013-02-27 06:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 04:59 - 2013-02-27 06:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 04:59 - 2013-02-27 06:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 04:59 - 2013-02-27 06:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 04:59 - 2013-02-27 05:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 04:59 - 2013-02-27 05:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 04:59 - 2013-02-27 05:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-12 23:36 - 2013-05-12 23:36 - 00001258 ____A C:\Users\James\Desktop\Spybot - Search & Destroy (2).lnk
 
==================== One Month Modified Files and Folders =======
 
2013-06-08 00:40 - 2013-06-08 00:40 - 00000000 ____D C:\FRST
2013-06-08 00:39 - 2011-07-04 00:13 - 00000000 ____D C:\Users\James\AppData\Roaming\Skype
2013-06-08 00:38 - 2013-06-08 00:37 - 01919218 ____A (Farbar) C:\Users\James\Downloads\FRST64.exe
2013-06-08 00:10 - 2013-05-06 20:57 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-08 00:02 - 2011-06-21 13:06 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2900345096-177661304-3973086600-1002UA.job
2013-06-07 23:41 - 2012-04-12 13:31 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-07 22:19 - 2012-07-11 14:57 - 00000348 ___AH C:\Windows\Tasks\CodecUpdaterUpdaterRefreshTask.job
2013-06-07 21:10 - 2013-05-06 20:37 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-07 15:36 - 2013-06-07 15:36 - 00027463 ____A C:\Users\James\Desktop\dds.txt
2013-06-07 15:36 - 2013-06-07 15:36 - 00014790 ____A C:\Users\James\Desktop\attach.txt
2013-06-07 15:35 - 2013-06-07 15:35 - 00688992 ____R (Swearware) C:\Users\James\Downloads\dds (1).com
2013-06-07 14:11 - 2011-06-20 12:33 - 01773148 ____A C:\Windows\WindowsUpdate.log
2013-06-07 12:51 - 2011-06-21 15:15 - 00000000 ____D C:\Program Files (x86)\Steam
2013-06-07 07:02 - 2011-06-21 13:06 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2900345096-177661304-3973086600-1002Core.job
2013-06-06 12:17 - 2013-06-06 12:17 - 00000000 ____D C:\Users\James\AppData\Roaming\Malwarebytes
2013-06-06 12:05 - 2009-07-14 05:45 - 00021888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-06 12:05 - 2009-07-14 05:45 - 00021888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-06 12:04 - 2013-06-06 12:04 - 00688992 ____R (Swearware) C:\Users\James\Downloads\dds.com
2013-06-06 11:59 - 2013-06-06 11:59 - 00000000 ____D C:\Users\James\AppData\Local\{BA73DE98-3500-46A9-8A89-7154081166C4}
2013-06-06 11:58 - 2013-06-05 22:20 - 00000000 ____D C:\Users\James\Tracing
2013-06-06 11:56 - 2012-07-11 14:57 - 00000368 ___AH C:\Windows\Tasks\CodecUpdaterUpdaterLogonTask.job
2013-06-06 11:56 - 2011-12-07 13:44 - 00042097 ____A C:\Windows\setupact.log
2013-06-06 11:56 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-06 04:03 - 2013-02-15 02:48 - 00002364 ____A C:\Users\James\Desktop\Google Chrome.lnk
2013-06-05 22:20 - 2011-06-21 13:00 - 00000000 ____D C:\users\James
2013-06-05 22:18 - 2011-12-07 14:44 - 00033120 ____A C:\Windows\PFRO.log
2013-06-05 22:16 - 2013-06-05 17:27 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2013-06-05 21:42 - 2013-06-05 21:41 - 02317839 ____A (PowTools                                                    ) C:\Users\Admin\Downloads\file_shredder_setup (1).exe
2013-06-05 21:42 - 2013-06-05 21:36 - 00000000 ____D C:\Program Files\File Shredder
2013-06-05 21:36 - 2013-06-05 21:36 - 02317839 ____A (PowTools                                                    ) C:\Users\Admin\Downloads\file_shredder_setup.exe
2013-06-05 20:38 - 2011-10-12 21:55 - 00000000 ____D C:\Download
2013-06-05 20:12 - 2011-07-23 12:11 - 00000000 ____D C:\Users\James\AppData\Local\Ubisoft Game Launcher
2013-06-05 17:41 - 2013-06-05 17:41 - 00002517 ____A C:\Users\Admin\Desktop\Google Chrome.lnk
2013-06-05 17:41 - 2013-06-05 17:41 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2013-06-05 17:35 - 2013-06-05 17:35 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Admin\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-05 17:35 - 2013-06-05 17:35 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-05 17:35 - 2013-06-05 17:35 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-06-05 17:35 - 2013-06-05 17:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-05 17:35 - 2013-06-05 17:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-05 17:32 - 2013-06-05 17:32 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Macromedia
2013-06-05 17:32 - 2013-06-05 17:32 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2013-06-05 17:23 - 2013-06-05 17:22 - 00000000 ____D C:\Users\James\AppData\Local\{709CEA1F-E795-45E9-BC05-F36AF5B09C10}
2013-06-05 17:08 - 2012-07-31 10:12 - 00001446 ____A C:\Windows\wininit.ini
2013-06-05 17:02 - 2013-06-05 17:02 - 00002591 ____A C:\Users\James\Desktop\Scrolls.lnk
2013-06-05 17:01 - 2013-04-10 15:26 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-06-05 16:48 - 2013-06-05 16:48 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-06-05 16:48 - 2013-06-05 16:47 - 00000000 __SHD C:\AI_RecycleBin
2013-06-05 16:47 - 2013-06-05 16:47 - 02327040 ____A C:\Users\James\Downloads\Scrolls-Installer.msi
2013-06-05 16:47 - 2013-06-05 16:47 - 00000000 ____D C:\Users\James\AppData\Local\Mojang
2013-06-05 16:38 - 2011-08-07 03:41 - 00000000 ____D C:\Users\James\AppData\Roaming\.minecraft
2013-06-04 23:28 - 2011-12-14 05:32 - 00000000 ____D C:\Users\James\Documents\Witcher 2
2013-06-03 00:23 - 2011-12-12 02:58 - 00836712 ____A C:\Windows\DirectX.log
2013-06-02 03:00 - 2011-12-05 00:49 - 00000356 ____A C:\Windows\Tasks\RegInOut Scheduled Scan - James.job
2013-06-01 21:37 - 2011-11-30 02:34 - 00000890 ____A C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2013-06-01 21:37 - 2011-11-30 02:34 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2013-06-01 21:37 - 2011-11-11 01:11 - 00000000 ____D C:\Users\James\AppData\Local\Skyrim
2013-06-01 01:38 - 2013-06-01 01:38 - 00000000 ____D C:\Users\James\Documents\NeocoreGames
2013-05-28 01:05 - 2011-12-09 05:40 - 00000000 ____D C:\Users\James\AppData\Local\PMB Files
2013-05-28 01:05 - 2011-12-09 05:40 - 00000000 ____D C:\ProgramData\PMB Files
2013-05-28 00:57 - 2013-05-28 00:57 - 00000000 ____D C:\Users\James\AppData\Local\{D2DD7FC6-E6F9-4113-A4F5-30CE6BB3406D}
2013-05-22 16:19 - 2009-07-14 06:13 - 00792550 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-16 16:22 - 2013-05-16 16:22 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-05-16 16:22 - 2013-05-16 16:22 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-05-16 16:22 - 2012-11-03 14:23 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-05-16 16:22 - 2012-11-03 14:23 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-05-16 16:22 - 2012-06-14 03:39 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-05-16 16:22 - 2012-02-28 23:14 - 00000000 ____D C:\Program Files (x86)\Java
2013-05-16 16:22 - 2011-08-07 01:12 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-05-16 16:20 - 2013-05-16 16:20 - 00903072 ____A (Oracle Corporation) C:\Users\James\Downloads\chromeinstall-7u21.exe
2013-05-16 12:24 - 2013-05-16 12:24 - 00000000 ____D C:\Users\James\AppData\Local\{5884DCAA-7849-4CE1-BAF0-FDB1013CD334}
2013-05-16 08:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-05-16 07:28 - 2009-07-14 05:45 - 00274264 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-16 03:06 - 2011-06-25 00:48 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 11:41 - 2012-04-12 13:31 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 11:41 - 2011-07-04 03:22 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-14 18:38 - 2011-06-21 13:33 - 00000000 ____D C:\Users\James\Documents\My Games
2013-05-12 23:36 - 2013-05-12 23:36 - 00001258 ____A C:\Users\James\Desktop\Spybot - Search & Destroy (2).lnk
2013-05-09 09:59 - 2013-05-06 20:37 - 01025808 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-05-09 09:59 - 2013-05-06 20:37 - 00378432 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-05-09 09:59 - 2013-05-06 20:37 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-05-09 09:59 - 2013-05-06 20:37 - 00080816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-05-09 09:59 - 2013-05-06 20:37 - 00072016 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-05-09 09:59 - 2013-05-06 20:37 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-05-09 09:59 - 2013-05-06 20:37 - 00064288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-05-09 09:59 - 2013-05-06 20:37 - 00033400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-05-09 09:58 - 2013-05-06 20:36 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-05-09 09:58 - 2013-04-10 15:26 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
Last Boot: 2013-06-03 08:35
 
==================== End Of Log ============================

Attached Files



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:10 AM

Posted 07 June 2013 - 06:52 PM

Please do the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it on your desktop as fixlist.txt

(if you saved FRST to a different folder and not your desktop originally, then save fixlist.txt to the same location as FRST was saved)


start
HKLM-x32\...\Run: []  [x]
URLSearchHook: (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} -  No File
URLSearchHook: (No Name) - {739df940-c5ee-4bab-9d7e-270894ae687a} -  No File
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.youwillfind.info/?pid=345&r=2013/05/05&hid=1434292357&lg=EN&cc=GB
HKLM-x32 SearchScopes: DefaultScope {0814A95D-C3AF-4A2D-8853-2160BABAEF10} URL = 
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.youwillfind.info/?l=1&q={searchTerms}&pid=345&r=2013/05/05&hid=1434292357&lg=EN&cc=GB
SearchScopes: HKCU - {0814A95D-C3AF-4A2D-8853-2160BABAEF10} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN29049557391626713&UM=2
SearchScopes: HKCU - {47B66E53-CA83-4B10-B9AE-493CE1E21150} URL = http://websearch.ask.com/redirect?client=ie&tb=W3I4&o=41648000&src=kw&q={searchTerms}&locale=&apn_ptnrs=^A9L&apn_dtid=^YYYYYY^YY^GB&apn_uid=C008B92A-C308-4FFC-934E-86BF2ECA6603&apn_sauid=FEF4783B-8510-4B09-A23A-2EEC4782C6BC
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.youwillfind.info/?l=1&q={searchTerms}&pid=345&r=2013/05/05&hid=1434292357&lg=EN&cc=GB
BHO-x32: WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll No File
BHO-x32: VoAuUdixy - {9BC90BB1-C044-9362-F5ED-D7EC9C61EFA4} - C:\ProgramData\VoAuUdixy\5186545b6b365.dll No File
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll No File
C:\ProgramData\hash.dat
end
NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on your desktop (Fixlog.txt) please attach that log to your reply.

Note: FixList.txt and FRST must be saved to the same location or the fix will not work

Reboot Normally.

NEXT

Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 Malmortius

Malmortius
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 07 June 2013 - 07:05 PM

Please do the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it on your desktop as fixlist.txt

(if you saved FRST to a different folder and not your desktop originally, then save fixlist.txt to the same location as FRST was saved)

 

start
HKLM-x32\...\Run: []  [x]
URLSearchHook: (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} -  No File
URLSearchHook: (No Name) - {739df940-c5ee-4bab-9d7e-270894ae687a} -  No File
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.youwillfind.info/?pid=345&r=2013/05/05&hid=1434292357&lg=EN&cc=GB
HKLM-x32 SearchScopes: DefaultScope {0814A95D-C3AF-4A2D-8853-2160BABAEF10} URL = 
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.youwillfind.info/?l=1&q={searchTerms}&pid=345&r=2013/05/05&hid=1434292357&lg=EN&cc=GB
SearchScopes: HKCU - {0814A95D-C3AF-4A2D-8853-2160BABAEF10} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN29049557391626713&UM=2
SearchScopes: HKCU - {47B66E53-CA83-4B10-B9AE-493CE1E21150} URL = http://websearch.ask.com/redirect?client=ie&tb=W3I4&o=41648000&src=kw&q={searchTerms}&locale=&apn_ptnrs=^A9L&apn_dtid=^YYYYYY^YY^GB&apn_uid=C008B92A-C308-4FFC-934E-86BF2ECA6603&apn_sauid=FEF4783B-8510-4B09-A23A-2EEC4782C6BC
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.youwillfind.info/?l=1&q={searchTerms}&pid=345&r=2013/05/05&hid=1434292357&lg=EN&cc=GB
BHO-x32: WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll No File
BHO-x32: VoAuUdixy - {9BC90BB1-C044-9362-F5ED-D7EC9C61EFA4} - C:\ProgramData\VoAuUdixy\5186545b6b365.dll No File
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll No File
C:\ProgramData\hash.dat
end
NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on your desktop (Fixlog.txt) please attach that log to your reply.

Note: FixList.txt and FRST must be saved to the same location or the fix will not work

Reboot Normally.

NEXT

Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

 

One question, should i be doing all this in safe mode? I'm up to the FRST part and i've just realised i'm not doing it from safe mode.

 

Does it matter?



#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:10 AM

Posted 07 June 2013 - 07:37 PM

No, it needs to be done in normal mode

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 Malmortius

Malmortius
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 07 June 2013 - 07:56 PM

Heres the file from Combofix, i think.

Attached Files



#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:10 AM

Posted 07 June 2013 - 08:03 PM

Please run the following:

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply
NEXT
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 Malmortius

Malmortius
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 07 June 2013 - 08:12 PM

Onto Adwcleaner now, should i post these logs one by one or all together? ill post the first from JRT

Attached Files

  • Attached File  JRT.txt   68.66KB   1 downloads


#10 Malmortius

Malmortius
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 07 June 2013 - 08:17 PM

Heres the one from the AdwCleaner

Attached Files



#11 Malmortius

Malmortius
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 07 June 2013 - 08:47 PM

MBAM log attached

 

Doing the online scan now

Attached Files


Edited by Malmortius, 07 June 2013 - 10:09 PM.


#12 Malmortius

Malmortius
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 07 June 2013 - 10:59 PM

Oh god, 19 detections.

 

Ill be going to bed now, so if you've replied by the morning ill do it as quick as possible. Stayed up to 5am to make sure i completed this.

Attached Files



#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:10 AM

Posted 08 June 2013 - 08:08 AM

Most of those ESET detections are already in Spybot quarantine and ComboFix quarantine.

Just right click on the Spybot – Search & Destroy icon in your traybar beside the Windows clock and navigate to “Basic Tools“ → “Quarantine“. Once “Quarantine“ has been started > select all the items > hit the purge selected button.

The item in ComboFix quarantine we will cleanup when ComboFix gets uninstalled at the end,

which leaves these:
C:\ProgramData\CodecUpdate\runtime.dll
C:\Users\All Users\CodecUpdate\runtime.dll

navigate to their location > right click and delete them


How is the computer running now, are there any outstanding issues?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 Malmortius

Malmortius
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 08 June 2013 - 08:24 AM

Most of those ESET detections are already in Spybot quarantine and ComboFix quarantine.

Just right click on the Spybot – Search & Destroy icon in your traybar beside the Windows clock and navigate to “Basic Tools“ → “Quarantine“. Once “Quarantine“ has been started > select all the items > hit the purge selected button.

The item in ComboFix quarantine we will cleanup when ComboFix gets uninstalled at the end,

which leaves these:
C:\ProgramData\CodecUpdate\runtime.dll
C:\Users\All Users\CodecUpdate\runtime.dll

navigate to their location > right click and delete them


How is the computer running now, are there any outstanding issues?

I deleted "C:\ProgramData\CodecUpdate\runtime.dll" but i can't find "all users" location in my users folder, there is only admin, james, mcx-1-JAMES-PC, mcx-1-PC.JAMES-PC and public. Any ideas?

 

My computers running alot better, much quicker. You do amazing work. You probably don't get told enough but, you're awesome. 



#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:10 AM

Posted 08 June 2013 - 09:20 AM

my apologies, that is a hidden system folder

please do this:

Click start->all programs->accessories and right click 'command prompt' there. Select 'run as administrator' option.
Command prompt window should open up. Copy/paste these commands at the command prompt:


attrib -r -s -h C:\Users\All Users\CodecUpdate\runtime.dll
del /q C:\Users\All Users\CodecUpdate\runtime.dll
exit
cls





NEXT


remove this old version of Java from your machine via Programs and Features as you already have the latest version installed:

Java™ 6 Update 31 (Version: 6.0.310)



NEXT

Visit ADOBE and download the latest version of Acrobat Reader (version XI)
Having the latest updates ensures there are no security vulnerabilities in your system.
Decline any additional installs that may be offered.


let me know if there is anything outstanding, if not then we can cleanup our tools

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users