Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijack Virus


  • This topic is locked This topic is locked
39 replies to this topic

#1 wildshot83

wildshot83

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 29 July 2013 - 09:33 PM

I've been infected with a Browser Hijack virus that is particularly nasty.  I've tried the solutions posted on this site and I'm still getting the redirect.  Google search results are directed to random sites using internet explorer.

 

I've run rkill.exe followed up by Malwarebytes, which I had install before the hijack, and nothing comes up as infected.  tdsskiller, McAfee Rootkit remover, bit defender removal tool, and Malwarebytes Anti-Rootkit BETA also returns as nothing infected.  I'm also running AVG antivirus and nothing is coming up on that either.  I've checked that my DNS setting are correct and my host file appears to be normal.  I've also reset internet explorer to default settings. 

 

DSS Log is below. Thanks, for any help with this.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.9.2
Run by Brian at 21:06:37 on 2013-07-29
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16289.13898 [GMT -5:00]
.
AV: AVG AntiVirus 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
E:\PROGRA~2\AVG\AVG2013\avgrsa.exe
E:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
E:\Hardware Software-Drivers\Win& Bluetooth\adminservice.exe
E:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
E:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
C:\Windows\system32\svchost.exe -k imgsvc
E:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
E:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
E:\Hardware Software-Drivers\Win& Bluetooth\BtvStack.exe
E:\Hardware Software-Drivers\Win& Bluetooth\AthBtTray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE
C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
E:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - E:\Hardware Software-Drivers\Win& Bluetooth\IEPlugIn.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [igndlm.exe] F:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
uRun: [Spirited_Machine] rundll32 "C:\Users\Brian\AppData\Local\Package Cache\Spirited_Machine\gckd.dll",DllRegisterServer
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [AVG_UI] "E:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - E:\Hardware Software-Drivers\Win& Bluetooth\IEPlugIn.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{DD9BB673-A4DC-4384-8AEF-9685DAA3AE51} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages =  msv1_0 relog_ap
x64-Run: [Seagate Scheduler2 Service] "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe"
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AtherosBtStack] "E:\Hardware Software-Drivers\Win& Bluetooth\BtvStack.exe"
x64-Run: [AthBtTray] "E:\Hardware Software-Drivers\Win& Bluetooth\AthBtTray.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [CAHS1Sound] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CAHS1.dll,CMICtrlWnd
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\System32\drivers\mv91cons.sys [2011-3-14 24880]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R2 AtherosSvc;AtherosSvc;E:\Hardware Software-Drivers\Win& Bluetooth\AdminService.exe [2011-3-13 74912]
R2 AVGIDSAgent;AVGIDSAgent;E:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;E:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-1-4 13592]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-1-3 164520]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-5 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-5 701512]
R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2009-10-16 606048]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-13 28832]
R3 CorsairCAHS1;CA-HS1 Interface;C:\Windows\System32\drivers\CAHS164.sys [2012-4-12 1308160]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-1-4 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-5 25928]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2013-3-4 22016]
R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2013-3-4 117248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-13 36000]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2011-3-13 51872]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-13 298656]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-13 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-13 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-13 154272]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-13 280224]
S3 SaiH075C;SaiH075C;C:\Windows\System32\drivers\SaiH075C.sys [2012-1-14 326784]
S3 SaiK075C;SaiK075C;C:\Windows\System32\drivers\SaiK075C.sys [2013-4-30 181024]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-4 1255736]
.
=============== Created Last 30 ================
.
2013-07-30 00:57:19 -------- d-----w- C:\ProgramData\Sophos
2013-07-30 00:57:17 73728 ----a-r- C:\Users\Brian\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-07-30 00:57:17 73728 ----a-r- C:\Users\Brian\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-07-30 00:57:17 73728 ----a-r- C:\Users\Brian\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-07-30 00:12:29 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-29 05:37:52 -------- d-----w- C:\Windows\pss
2013-07-29 03:06:02 -------- d-----w- C:\Users\Brian\AppData\Roaming\AVG2013
2013-07-29 03:05:44 -------- d-----w- C:\Users\Brian\AppData\Roaming\TuneUp Software
2013-07-29 03:05:42 -------- d--h--w- C:\$AVG
2013-07-29 03:05:42 -------- d-----w- C:\ProgramData\AVG2013
2013-07-29 03:00:53 -------- d--h--w- C:\ProgramData\Common Files
2013-07-29 03:00:53 -------- d-----w- C:\Users\Brian\AppData\Local\MFAData
2013-07-29 03:00:53 -------- d-----w- C:\Users\Brian\AppData\Local\Avg2013
2013-07-29 03:00:53 -------- d-----w- C:\ProgramData\MFAData
2013-07-28 21:04:48 -------- d-----w- C:\Users\Brian\AppData\Local\Chromium
2013-07-27 16:34:38 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FEF485A3-7258-4EDD-B993-6F9E23C506F6}\mpengine.dll
2013-07-12 01:56:18 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-12 01:55:53 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-12 01:55:53 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
.
==================== Find3M  ====================
.
2013-07-14 18:01:24 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-14 18:01:24 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-21 10:23:16 6496544 ----a-w- C:\Windows\System32\nvcpl.dll
2013-06-21 10:23:16 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-06-21 10:23:11 884512 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-06-21 10:23:10 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-06-21 10:23:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-06-21 10:16:02 566048 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-06-21 02:49:05 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-20 04:17:49 3253909 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-12 21:42:27 1832224 ----a-w- C:\Windows\System32\nvdispco6432018.dll
2013-05-12 21:42:27 1511712 ----a-w- C:\Windows\System32\nvdispgenco6432018.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-06 06:03:49 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-05-06 04:56:35 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-05-02 07:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 21:06:44.80 ===============
 

 



BC AdBot (Login to Remove)

 


#2 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:11:38 AM

Posted 30 July 2013 - 02:35 PM

Hello wildshot83,

and welcome on Bleeping Computer. :welcome:

 

I will be helping with your computer problems.

Before starting please note the following:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know
  • Do not make any changes on your own to the computer (installing/uninstall programs, deleting files, modifying the registry, running scanners or other tools, etc.) without instructions to do it
  • Please read every post completely and perform all steps in the specified order. If you can't understand something or you encounter problems please stop and let me know
  • Do not attach logs, use code or quote boxes. Just copy and paste the text unless directed otherwise
  • Even if things appear to be better, it does not mean we have finished. Follow my instructions and reply back until I tell you that your computer is clean.
  • Please reply using the Add Reply button in the lower right hand corner of your screen

I'm analyzing your log, in the meanwhile please attach the Attach.txt file from DDS scan in your next reply. :)

 

 

Regards


Edited by Clairvoyant, 30 July 2013 - 02:40 PM.


#3 wildshot83

wildshot83
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 30 July 2013 - 06:34 PM

I have not solved the problem, google is still doing random redirects.  I've attached the attach.txt log from DDS as a zip.

Attached Files



#4 wildshot83

wildshot83
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 02 August 2013 - 12:42 AM

It appears that I've gotten rid of the browser hijack.  It looks like it was some remnants of the  zero access Trojan in my registry that was giving me problems.  This is the log from McAfee and it appears to have gotten the virus, I did this before my first post and was still getting the browser redirect, which is why I posted.  I downloaded rogue killer today and found a couple of entries related to the zero access. After two rounds of removing registry entries my system appears to be functioning correctly again.  Searches are going to the correct websites and there are no lags or noticeable delays when clicking on search results.  Confirmed with both Yahoo and Google searches. 

 

Any additional steps I should be taking to ensure that I've removed all traces of this thing from my system?

 

 

[TimeStamp: 20130729012811]

Rootkit Remover v0.8.9.161 [Apr  5 2013 - 16:14:29]

McAfee Labs.

 

Windows build 6.1.7601 x64 Service Pack 1

Checking for updates ...

 

Now Scanning...

    Malware Found --> ZeroAccess trojan detected!!!

    --> Registry key: HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32 ( fixed )

    --> Malicious file: \\?\globalroot\device\harddiskvolume3\users\brian\appdata\local\temp\sbqttbx\svpwxdi\wow.dll ( will be deleted after restart )

    ZeroAccess trojan was cleaned successfully!

 

Scan Finished

 

PLEASE REBOOT IMMEDIATELY TO COMPLETE CLEANING.

 

Other recommendations:

   1. Perform full scan with McAfee VirusScan product after reboot.

 

Press any key to exit.

 

RogueKiller V8.6.4 [Jul 29 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Brian [Admin rights]
Mode : Remove -- Date : 08/02/2013 00:00:43
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[DLL] rundll32.exe -- C:\Users\Brian\AppData\Local\Package Cache\Spirited_Machine\gckd.dll [-] -> rundll32.exe KILLED [TermProc]
[DLL] rundll32.exe -- C:\Users\Brian\AppData\Local\Package Cache\Spirited_Machine\gckd.dll [-] -> rundll32.exe KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Spirited_Machine (rundll32 "C:\Users\Brian\AppData\Local\Package Cache\Spirited_Machine\gckd.dll",DllRegisterServer [x][-][x]) -> NOT SELECTED
[RUN][RESIDUE] HKLM\[...]\Run : CAHS1Sound (C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CAHS1.dll,CMICtrlWnd [7][-][x]) -> NOT SELECTED
[RUN][SUSP PATH] HKUS\S-1-5-21-700339448-2649754810-3164551518-1000\[...]\Run : Spirited_Machine (rundll32 "C:\Users\Brian\AppData\Local\Package Cache\Spirited_Machine\gckd.dll",DllRegisterServer [x][-][x]) -> NOT SELECTED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED
[HJ INPROC][SUSP PATH] HKCR\[...]\InprocServer32 :  (\\?\globalroot\Device\HarddiskVolume3\Users\Brian\AppData\Local\Temp\sbqttbx\svpwxdi\wow.dll [x]) -> REPLACED (C:\Windows\system32\shell32.dll)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> E:\Users\Brian\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SYSTEM | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SOFTWARE | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SECURITY | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SAM | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\DEFAULT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Users\Brian\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Users\Default\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Users\Default User\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Users\UpdatusUser\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\Brian\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\Default\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\UpdatusUser\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31000528AS +++++
--- User ---
[MBR] 27055976d33abc82a3611359efc4a520
[BSP] 72cd2e817c7c465bc0af81ccf5c64f0d : Empty MBR Code
Partition table:
0 - [ACTIVE] EXTEN (0x05) [VISIBLE] Offset (sectors): 16065 | Size: 953859 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST31000528AS +++++
--- User ---
[MBR] 4ca62831646dcf5f3e6d80ceda1a16af
[BSP] 78fd3f574fc4ab4e9ce0ef349153e51c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 57139 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: ST31000528AS +++++
--- User ---
[MBR] 4b38c55501cfefd136df6881e143aad9
[BSP] ac64ef5561494bcb562ad29425fbb7f1 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_08022013_000043.txt >>
RKreport[0]_D_08012013_234022.txt;RKreport[0]_S_08012013_231315.txt;RKreport[0]_S_08012013_231349.txt
RKreport[0]_S_08012013_231740.txt;RKreport[0]_S_08012013_233158.txt;RKreport[0]_S_08012013_234654.txt
RKreport[0]_S_08012013_235338.txt

 

 

RogueKiller V8.6.4 [Jul 29 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Brian [Admin rights]
Mode : Remove -- Date : 08/02/2013 00:07:20
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[DLL] rundll32.exe -- C:\Users\Brian\AppData\Local\Package Cache\Spirited_Machine\gckd.dll [-] -> rundll32.exe KILLED [TermProc]
[DLL] rundll32.exe -- C:\Users\Brian\AppData\Local\Package Cache\Spirited_Machine\gckd.dll [-] -> rundll32.exe KILLED [TermProc]

¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Spirited_Machine (rundll32 "C:\Users\Brian\AppData\Local\Package Cache\Spirited_Machine\gckd.dll",DllRegisterServer [x][-][x]) -> NOT SELECTED
[RUN][RESIDUE] HKLM\[...]\Run : CAHS1Sound (C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CAHS1.dll,CMICtrlWnd [7][-][x]) -> NOT SELECTED
[RUN][SUSP PATH] HKUS\S-1-5-21-700339448-2649754810-3164551518-1000\[...]\Run : Spirited_Machine (rundll32 "C:\Users\Brian\AppData\Local\Package Cache\Spirited_Machine\gckd.dll",DllRegisterServer [x][-][x]) -> NOT SELECTED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> E:\Users\Brian\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SYSTEM | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SOFTWARE | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SECURITY | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SAM | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\DEFAULT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Users\Brian\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Users\Default\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Users\Default User\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Users\UpdatusUser\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\Brian\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\Default\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\UpdatusUser\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31000528AS +++++
--- User ---
[MBR] 27055976d33abc82a3611359efc4a520
[BSP] 72cd2e817c7c465bc0af81ccf5c64f0d : Empty MBR Code
Partition table:
0 - [ACTIVE] EXTEN (0x05) [VISIBLE] Offset (sectors): 16065 | Size: 953859 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST31000528AS +++++
--- User ---
[MBR] 4ca62831646dcf5f3e6d80ceda1a16af
[BSP] 78fd3f574fc4ab4e9ce0ef349153e51c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 57139 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: ST31000528AS +++++
--- User ---
[MBR] 4b38c55501cfefd136df6881e143aad9
[BSP] ac64ef5561494bcb562ad29425fbb7f1 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_08022013_000720.txt >>
RKreport[0]_D_08012013_234022.txt;RKreport[0]_D_08022013_000043.txt;RKreport[0]_S_08012013_231315.txt
RKreport[0]_S_08012013_231349.txt;RKreport[0]_S_08012013_231740.txt;RKreport[0]_S_08012013_233158.txt
RKreport[0]_S_08012013_234654.txt;RKreport[0]_S_08012013_235338.txt;RKreport[0]_S_08022013_000343.txt

 

 



#5 wildshot83

wildshot83
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 02 August 2013 - 12:43 AM

Updated DSS Logs

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.9.2
Run by Brian at 0:40:49 on 2013-08-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16289.13820 [GMT -5:00]
.
AV: AVG AntiVirus 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
E:\PROGRA~2\AVG\AVG2013\avgrsa.exe
E:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
E:\Hardware Software-Drivers\Win& Bluetooth\adminservice.exe
E:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
E:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
C:\Windows\system32\svchost.exe -k imgsvc
E:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
E:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
E:\Hardware Software-Drivers\Win& Bluetooth\BtvStack.exe
E:\Hardware Software-Drivers\Win& Bluetooth\AthBtTray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE
C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE
C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
E:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - E:\Hardware Software-Drivers\Win& Bluetooth\IEPlugIn.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [igndlm.exe] F:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
uRun: [Spirited_Machine] rundll32 "C:\Users\Brian\AppData\Local\Package Cache\Spirited_Machine\gckd.dll",DllRegisterServer
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [AVG_UI] "E:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - E:\Hardware Software-Drivers\Win& Bluetooth\IEPlugIn.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{DD9BB673-A4DC-4384-8AEF-9685DAA3AE51} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages =  msv1_0 relog_ap
x64-Run: [Seagate Scheduler2 Service] "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe"
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AtherosBtStack] "E:\Hardware Software-Drivers\Win& Bluetooth\BtvStack.exe"
x64-Run: [AthBtTray] "E:\Hardware Software-Drivers\Win& Bluetooth\AthBtTray.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [CAHS1Sound] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CAHS1.dll,CMICtrlWnd
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-7-10 45880]
R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\System32\drivers\mv91cons.sys [2011-3-14 24880]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R2 AtherosSvc;AtherosSvc;E:\Hardware Software-Drivers\Win& Bluetooth\AdminService.exe [2011-3-13 74912]
R2 AVGIDSAgent;AVGIDSAgent;E:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;E:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-1-4 13592]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-1-3 164520]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-5 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-5 701512]
R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2009-10-16 606048]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-13 28832]
R3 CorsairCAHS1;CA-HS1 Interface;C:\Windows\System32\drivers\CAHS164.sys [2012-4-12 1308160]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-1-4 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-5 25928]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2013-3-4 22016]
R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2013-3-4 117248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-13 36000]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2011-3-13 51872]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-13 298656]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-13 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-13 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-13 154272]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-13 280224]
S3 SaiH075C;SaiH075C;C:\Windows\System32\drivers\SaiH075C.sys [2012-1-14 326784]
S3 SaiK075C;SaiK075C;C:\Windows\System32\drivers\SaiK075C.sys [2013-4-30 181024]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-4 1255736]
.
=============== Created Last 30 ================
.
2013-08-02 04:02:10 -------- d-----w- C:\Users\Brian\AppData\Roaming\GetRightToGo
2013-07-30 00:57:19 -------- d-----w- C:\ProgramData\Sophos
2013-07-30 00:57:17 73728 ----a-r- C:\Users\Brian\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-07-30 00:57:17 73728 ----a-r- C:\Users\Brian\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-07-30 00:57:17 73728 ----a-r- C:\Users\Brian\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-07-30 00:12:29 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-29 05:37:52 -------- d-----w- C:\Windows\pss
2013-07-29 03:06:02 -------- d-----w- C:\Users\Brian\AppData\Roaming\AVG2013
2013-07-29 03:05:44 -------- d-----w- C:\Users\Brian\AppData\Roaming\TuneUp Software
2013-07-29 03:05:42 -------- d--h--w- C:\$AVG
2013-07-29 03:05:42 -------- d-----w- C:\ProgramData\AVG2013
2013-07-29 03:00:53 -------- d--h--w- C:\ProgramData\Common Files
2013-07-29 03:00:53 -------- d-----w- C:\Users\Brian\AppData\Local\MFAData
2013-07-29 03:00:53 -------- d-----w- C:\Users\Brian\AppData\Local\Avg2013
2013-07-29 03:00:53 -------- d-----w- C:\ProgramData\MFAData
2013-07-28 21:04:48 -------- d-----w- C:\Users\Brian\AppData\Local\Chromium
2013-07-27 16:34:38 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FEF485A3-7258-4EDD-B993-6F9E23C506F6}\mpengine.dll
2013-07-20 06:51:00 311608 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-07-20 06:50:56 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-07-20 06:50:56 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-07-20 06:50:50 206648 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-07-12 01:56:18 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-12 01:55:53 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-12 01:55:53 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-07-10 06:32:38 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
.
==================== Find3M  ====================
.
2013-07-14 18:01:24 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-14 18:01:24 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-01 06:45:28 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2013-06-21 10:23:16 6496544 ----a-w- C:\Windows\System32\nvcpl.dll
2013-06-21 10:23:16 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-06-21 10:23:11 884512 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-06-21 10:23:10 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-06-21 10:23:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-06-21 10:16:02 566048 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-06-21 02:49:05 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-20 04:17:49 3253909 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-12 21:42:27 1832224 ----a-w- C:\Windows\System32\nvdispco6432018.dll
2013-05-12 21:42:27 1511712 ----a-w- C:\Windows\System32\nvdispgenco6432018.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-06 06:03:49 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-05-06 04:56:35 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
.
============= FINISH:  0:40:56.53 ===============
 



#6 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:11:38 AM

Posted 02 August 2013 - 12:18 PM

Hi wildshot83,

 

your previous log has been analyzed but it is still under approval (I'm a trainee so my posts need to be approved by some instructor).

Please refrain to make other changes on your own to the computer; even if things seems to go better, the system may be damaged from some removal action performed without supervision and later we might have to repair.

 

However, thank you for the new logs. They may be useful for what we have to do later.

 

 

Regards



#7 wildshot83

wildshot83
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 03 August 2013 - 11:49 AM

Well, the Hijack is back, so whatever this thing is its buried deep.



#8 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:11:38 AM

Posted 05 August 2013 - 01:54 AM

Hello wildshot :),
 
please download ComboFix and a fresh copy of Rkill, save them to your desktop then:
 

1- Run Rkill

  1. Double-click on the Rkill desktop icon
  2. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully
  3. If it does not work, repeat the process and attempt to use one of the remaining links that you can find here until the tool runs
  4. Do not reboot the computer, you will need to run the application again

2- Run ComboFix

  • Close/disable all anti-virus and anti-malware programs. Refer to this page if you are not sure how
  • Close any open windows
  • Double click on ComboFix.exe and follow the prompts
  • During the scan leave your sick computer alone and do not mouseclick combofix's window, it may cause it to stall
  • If ComboFix asks to restart your computer, allow it to do so
  • When finished, it will produce and display a report; close it

When done, post the contents of C:\ComboFix.txt and Rkill.txt (that you can find on your desktop) in your next reply.

 

 

Regards



#9 wildshot83

wildshot83
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 05 August 2013 - 07:07 PM

Ran steps 1 and 2 Logs are below

 

Rkill 2.5.9 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/05/2013 06:52:17 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Users\Brian\AppData\Roaming\Fatshark\WINFA85.exe (PID: 3976) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)

 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Automatic (Delayed Start)

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 08/05/2013 06:52:30 PM
Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)

 

ComboFix 13-08-05.03 - Brian 08/05/2013  18:56:56.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16289.14257 [GMT -5:00]
Running from: c:\users\Brian\Desktop\ComboFix.exe
AV: AVG AntiVirus 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Brian\AppData\Local\Origin\MFAData\jfll.dll
c:\users\Brian\AppData\Local\Package Cache\Spirited_Machine\gckd.dll
E:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-06 to 2013-08-06  )))))))))))))))))))))))))))))))
.
.
2013-08-02 04:02 . 2013-08-02 04:02 -------- d-----w- c:\users\Brian\AppData\Roaming\GetRightToGo
2013-07-30 23:00 . 2013-07-30 23:00 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2013-07-30 00:57 . 2013-07-30 00:57 -------- d-----w- c:\programdata\Sophos
2013-07-30 00:57 . 2013-07-30 00:57 73728 ----a-r- c:\users\Brian\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-07-30 00:57 . 2013-07-30 00:57 73728 ----a-r- c:\users\Brian\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-07-30 00:57 . 2013-07-30 00:57 73728 ----a-r- c:\users\Brian\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-07-30 00:12 . 2013-07-30 04:14 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-29 03:06 . 2013-07-29 03:06 -------- d-----w- c:\users\Brian\AppData\Roaming\AVG2013
2013-07-29 03:05 . 2013-07-29 03:05 -------- d-----w- c:\users\Brian\AppData\Roaming\TuneUp Software
2013-07-29 03:05 . 2013-07-29 03:05 -------- d-----w- c:\programdata\AVG2013
2013-07-29 03:05 . 2013-07-29 03:05 -------- d-----w- C:\$AVG
2013-07-29 03:00 . 2013-08-05 23:44 -------- d-----w- c:\programdata\MFAData
2013-07-29 03:00 . 2013-07-29 03:14 -------- d-----w- c:\users\Brian\AppData\Local\Avg2013
2013-07-29 03:00 . 2013-07-29 03:00 -------- d--h--w- c:\programdata\Common Files
2013-07-29 03:00 . 2013-07-29 03:00 -------- d-----w- c:\users\Brian\AppData\Local\MFAData
2013-07-28 21:04 . 2013-08-03 15:36 -------- d-----w- c:\users\Brian\AppData\Local\Chromium
2013-07-27 16:34 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FEF485A3-7258-4EDD-B993-6F9E23C506F6}\mpengine.dll
2013-07-20 06:51 . 2013-07-20 06:51 311608 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-07-20 06:50 . 2013-07-20 06:50 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-07-20 06:50 . 2013-07-20 06:50 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-07-20 06:50 . 2013-07-20 06:50 206648 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-07-12 01:56 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-12 01:55 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-12 01:55 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-10 06:32 . 2013-07-10 06:32 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-14 18:01 . 2012-04-11 01:15 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-14 18:01 . 2012-01-04 05:09 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-12 03:39 . 2012-01-05 05:54 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-07-01 06:45 . 2013-07-01 06:45 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-06-21 12:06 . 2013-07-03 04:08 925648 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-06-21 12:06 . 2013-07-03 04:08 9239344 ----a-w- c:\windows\system32\nvcuda.dll
2013-06-21 12:06 . 2013-07-03 04:08 7687592 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-06-21 12:06 . 2013-07-03 04:08 7641832 ----a-w- c:\windows\system32\nvopencl.dll
2013-06-21 12:06 . 2013-07-03 04:08 6324360 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-06-21 12:06 . 2013-07-03 04:08 572704 ----a-w- c:\windows\system32\NvFBC64.dll
2013-06-21 12:06 . 2013-07-03 04:08 570656 ----a-w- c:\windows\system32\NvIFR64.dll
2013-06-21 12:06 . 2013-07-03 04:08 467232 ----a-w- c:\windows\SysWow64\NvIFR.dll
2013-06-21 12:06 . 2013-07-03 04:08 465184 ----a-w- c:\windows\SysWow64\NvFBC.dll
2013-06-21 12:06 . 2013-07-03 04:08 2953504 ----a-w- c:\windows\system32\nvcuvid.dll
2013-06-21 12:06 . 2013-07-03 04:08 27781920 ----a-w- c:\windows\system32\nvoglv64.dll
2013-06-21 12:06 . 2013-07-03 04:08 2777888 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-06-21 12:06 . 2013-07-03 04:08 266448 ----a-w- c:\windows\system32\nvinitx.dll
2013-06-21 12:06 . 2013-07-03 04:08 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-06-21 12:06 . 2013-07-03 04:08 2363680 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-06-21 12:06 . 2013-07-03 04:08 218592 ----a-w- c:\windows\system32\nvoglshim64.dll
2013-06-21 12:06 . 2013-07-03 04:08 214448 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-06-21 12:06 . 2013-07-03 04:08 21102368 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-06-21 12:06 . 2013-07-03 04:08 2002720 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-06-21 12:06 . 2013-07-03 04:08 1832224 ----a-w- c:\windows\system32\nvdispco6432049.dll
2013-06-21 12:06 . 2013-07-03 04:08 181488 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2013-06-21 12:06 . 2013-07-03 04:08 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-06-21 12:06 . 2013-07-03 04:08 15144928 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-06-21 12:06 . 2013-07-03 04:08 1511712 ----a-w- c:\windows\system32\nvdispgenco6432049.dll
2013-06-21 12:06 . 2013-07-03 04:08 13411896 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-06-21 12:06 . 2013-07-03 04:08 11235104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-06-21 12:06 . 2013-06-16 04:59 12427240 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-06-21 12:06 . 2013-02-26 05:32 2597856 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-06-21 12:06 . 2013-02-26 05:32 2936208 ----a-w- c:\windows\system32\nvapi64.dll
2013-06-21 12:06 . 2013-02-26 05:32 1059560 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-06-21 12:06 . 2013-02-26 05:32 15920536 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-06-21 10:23 . 2012-01-04 04:27 6496544 ----a-w- c:\windows\system32\nvcpl.dll
2013-06-21 10:23 . 2012-01-04 04:27 3514656 ----a-w- c:\windows\system32\nvsvc64.dll
2013-06-21 10:23 . 2012-01-04 04:27 884512 ----a-w- c:\windows\system32\nvvsvc.exe
2013-06-21 10:23 . 2012-01-04 04:27 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-06-21 10:23 . 2012-01-04 04:27 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-06-21 10:16 . 2013-06-21 10:16 566048 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-06-21 02:50 . 2013-06-21 02:50 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-21 02:50 . 2013-06-21 02:50 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-21 02:50 . 2013-06-21 02:50 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-21 02:50 . 2013-06-21 02:50 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-21 02:50 . 2013-06-21 02:50 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-21 02:50 . 2013-06-21 02:50 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-21 02:50 . 2013-06-21 02:50 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-21 02:50 . 2013-06-21 02:50 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-21 02:50 . 2013-06-21 02:50 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-21 02:50 . 2013-06-21 02:50 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-21 02:50 . 2013-06-21 02:50 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-21 02:50 . 2013-06-21 02:50 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-21 02:50 . 2013-06-21 02:50 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-21 02:50 . 2013-06-21 02:50 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-21 02:50 . 2013-06-21 02:50 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-21 02:50 . 2013-06-21 02:50 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-21 02:50 . 2013-06-21 02:50 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-21 02:50 . 2013-06-21 02:50 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-21 02:50 . 2013-06-21 02:50 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-21 02:50 . 2013-06-21 02:50 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-21 02:50 . 2013-06-21 02:50 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-21 02:50 . 2013-06-21 02:50 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-21 02:50 . 2013-06-21 02:50 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-21 02:50 . 2013-06-21 02:50 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-21 02:50 . 2013-06-21 02:50 441856 ----a-w- c:\windows\system32\html.iec
2013-06-21 02:50 . 2013-06-21 02:50 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-21 02:50 . 2013-06-21 02:50 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-21 02:50 . 2013-06-21 02:50 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-21 02:50 . 2013-06-21 02:50 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-21 02:50 . 2013-06-21 02:50 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-21 02:50 . 2013-06-21 02:50 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-21 02:50 . 2013-06-21 02:50 235008 ----a-w- c:\windows\system32\url.dll
2013-06-21 02:50 . 2013-06-21 02:50 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-21 02:50 . 2013-06-21 02:50 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-21 02:50 . 2013-06-21 02:50 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-21 02:50 . 2013-06-21 02:50 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-21 02:50 . 2013-06-21 02:50 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-06-21 02:50 . 2013-06-21 02:50 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-21 02:50 . 2013-06-21 02:50 149504 ----a-w- c:\windows\system32\occache.dll
2013-06-21 02:50 . 2013-06-21 02:50 144896 ----a-w- c:\windows\system32\wextract.exe
2013-06-21 02:50 . 2013-06-21 02:50 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-21 02:50 . 2013-06-21 02:50 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-06-21 02:50 . 2013-06-21 02:50 13824 ----a-w- c:\windows\system32\mshta.exe
2013-06-21 02:50 . 2013-06-21 02:50 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-06-21 02:50 . 2013-06-21 02:50 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-21 02:50 . 2013-06-21 02:50 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-21 02:50 . 2013-06-21 02:50 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-06-21 02:50 . 2013-06-21 02:50 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-21 02:50 . 2013-06-21 02:50 102912 ----a-w- c:\windows\system32\inseng.dll
2013-06-21 02:49 . 2013-06-21 02:49 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-21 02:49 . 2013-06-21 02:49 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-21 02:49 . 2013-06-21 02:49 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-06-21 02:49 . 2013-06-21 02:49 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-06-21 02:49 . 2013-06-21 02:49 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-21 02:49 . 2013-06-21 02:49 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-21 02:49 . 2013-06-21 02:49 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-21 02:49 . 2013-06-21 02:49 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-21 02:49 . 2013-06-21 02:49 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-06-21 02:49 . 2013-06-21 02:49 465920 ----a-w- c:\windows\system32\WMPhoto.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="f:\program files (x86)\Download Manager\DLM.exe" [2009-10-27 1103216]
"Chromium"="c:\users\Brian\AppData\Local\Chromium\PluginHooks.dll" [2013-02-20 913408]
"TimeServer"="c:\users\Brian\AppData\Roaming\Fatshark\WINFA85.exe" [2013-08-03 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2009-10-17 1325936]
"AcronisTimounterMonitor"="c:\program files (x86)\Seagate\DiscWizard\TimounterMonitor.exe" [2009-10-17 904840]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2013-03-20 607592]
"AVG_UI"="e:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-07-01 4411440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 SaiH075C;SaiH075C;c:\windows\system32\DRIVERS\SaiH075C.sys;c:\windows\SYSNATIVE\DRIVERS\SaiH075C.sys [x]
R3 SaiK075C;SaiK075C;c:\windows\system32\DRIVERS\SaiK075C.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK075C.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys;c:\windows\SYSNATIVE\DRIVERS\mv91cons.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AtherosSvc;AtherosSvc;e:\hardware software-drivers\Win& Bluetooth\adminservice.exe;e:\hardware software-drivers\Win& Bluetooth\adminservice.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;e:\program files (x86)\AVG\AVG2013\avgidsagent.exe;e:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;e:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;e:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 CorsairCAHS1;CA-HS1 Interface;c:\windows\system32\drivers\CAHS164.sys;c:\windows\SYSNATIVE\drivers\CAHS164.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 18:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-10-17 136544]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"AtherosBtStack"="e:\hardware software-drivers\Win& Bluetooth\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="e:\hardware software-drivers\Win& Bluetooth\AthBtTray.exe" [2011-03-13 379552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-01 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-01 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-01 419096]
"CAHS1Sound"="c:\windows\Syswow64\CAHS1.dll" [2011-07-08 8724480]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Spirited_Machine - c:\users\Brian\AppData\Local\Package Cache\Spirited_Machine\gckd.dll
Wow6432Node-HKCU-Run-MFAData - c:\users\Brian\AppData\Local\Origin\MFAData\jfll.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-37069717.sys
SafeBoot-51099654.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Completion time: 2013-08-05  19:01:24 - machine was rebooted
ComboFix-quarantined-files.txt  2013-08-06 00:01
.
Pre-Run: 2,685,939,712 bytes free
Post-Run: 3,292,237,824 bytes free
.
- - End Of File - - 1DB438FCBA42ECD72250CA17C63452D6
D41D8CD98F00B204E9800998ECF8427E
 



#10 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:11:38 AM

Posted 06 August 2013 - 02:36 PM

Hello wildshot :)

 

Well done. Now please download  AdwCleaner and OTL, save them to your desktop then:

 

1- Run AdwCleaner

  1. Close all open programs and internet browsers
  2. Double click on the AdwCleaner icon to run the tool
  3. Click on Search
  4. Confirm each time with Ok
  5. You will be prompted to restart your computer; a text file will open after the restart
  6. Close it and quit AdwCleaner

2- Run OTL

  • Double click on the OTL icon on your desktop
  • Click the Scan All Users checkbox
  • Change the Extra Registry option to SafeList
  • Push the Run Scan button
  • Once finished quit OTL

In your next reply please post the contents of the following files:

  • C:\AdwCleaner[R1].txt
  • OTL.txt
  • Extras.txt

Please also report to me every issue you may encounter and how things are going. :)

 

 

Regards

 



#11 wildshot83

wildshot83
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 06 August 2013 - 07:41 PM

Ran AdwCleaner, it did not ask to restart my computer. Turned off antivirus and reran, again no ask for restart.  Ran OTL.  Tried a few random searches and the results seem to be working. No redirects with the limited searching I've done.  Other programs seem to be working correctly, no error messages or things like that. Logs are posted below.

 

# AdwCleaner v2.306 - Logfile created 08/06/2013 at 19:23:01
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Brian - BRIAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Brian\Desktop\AdwCleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [516 octets] - [06/08/2013 19:23:01]

########## EOF - C:\AdwCleaner[R1].txt - [575 octets] ##########

 

 

# AdwCleaner v2.306 - Logfile created 08/06/2013 at 19:24:52
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Brian - BRIAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Brian\Desktop\AdwCleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [643 octets] - [06/08/2013 19:23:01]
AdwCleaner[R2].txt - [575 octets] - [06/08/2013 19:24:52]

########## EOF - C:\AdwCleaner[R2].txt - [634 octets] ##########

 

OTL logfile created on: 8/6/2013 7:27:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Brian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.91 Gb Total Physical Memory | 13.48 Gb Available Physical Memory | 84.73% Memory free
31.81 Gb Paging File | 29.13 Gb Available in Paging File | 91.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.80 Gb Total Space | 3.43 Gb Free Space | 6.15% Space Free | Partition Type: NTFS
Drive D: | 210.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 931.50 Gb Total Space | 582.94 Gb Free Space | 62.58% Space Free | Partition Type: NTFS
Drive F: | 465.66 Gb Total Space | 198.95 Gb Free Space | 42.72% Space Free | Partition Type: NTFS
Drive G: | 100.00 Mb Total Space | 61.86 Mb Free Space | 61.86% Space Free | Partition Type: NTFS
 
Computer Name: BRIAN-PC | User Name: Brian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/08/06 19:21:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
PRC - [2013/08/03 11:47:47 | 000,138,240 | ---- | M] () -- C:\Users\Brian\AppData\Roaming\Fatshark\WINFA85.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- E:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/01 01:46:26 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- E:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/06/21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/05/16 09:44:05 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/05/16 09:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/05/16 09:38:28 | 001,213,216 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/20 15:12:58 | 000,607,592 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
PRC - [2013/02/19 04:01:14 | 000,328,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- E:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
PRC - [2012/02/18 23:29:13 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/09/28 16:29:46 | 000,905,216 | ---- | M] () -- C:\Program Files\Corsair USB Headset\Customapp\Program\CAHS.exe
PRC - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 11:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/11/16 20:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/10/16 19:42:54 | 000,904,840 | ---- | M] (Acronis) -- C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2009/10/16 19:39:32 | 000,136,544 | ---- | M] (Seagate) -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2009/10/16 19:37:22 | 001,325,936 | ---- | M] (Seagate) -- C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/08/03 11:47:47 | 000,138,240 | ---- | M] () -- C:\Users\Brian\AppData\Roaming\Fatshark\WINFA85.exe
MOD - [2013/07/12 07:20:09 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\36d4abefb9287140975d11057bb8f7ee\System.Management.ni.dll
MOD - [2013/07/12 07:19:42 | 001,021,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\146c1e45baba9c81ed88ef28a368f215\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/07/12 07:19:41 | 002,646,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d040bb34ddf0766f4de0fb9cc5191ca8\System.Runtime.Serialization.ni.dll
MOD - [2013/07/12 07:19:41 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\81cce7362766900e91afb51f2c48abb0\SMDiagnostics.ni.dll
MOD - [2013/07/12 07:19:40 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\e8aafadcd1fc0f8f406434176fb97477\System.Xaml.ni.dll
MOD - [2013/07/12 07:19:40 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\a9e3c09042ad08eba13462acbd482c30\System.Xml.Linq.ni.dll
MOD - [2013/07/12 07:18:27 | 000,492,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\11c176470524e1843fbbcc571cd0aa88\IAStorUtil.ni.dll
MOD - [2013/07/12 07:18:27 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\22d36f517c7545fdb65ccddae680a3eb\IAStorCommon.ni.dll
MOD - [2013/07/12 07:13:43 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\dcc781ebbddf98a9cf6dd4f3b17f1063\System.Web.ni.dll
MOD - [2013/07/12 07:13:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c8ea295fd4dce110b32c3c4f0e3807b2\System.Runtime.Remoting.ni.dll
MOD - [2013/07/12 07:13:26 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013/07/12 07:13:22 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013/07/12 07:13:16 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll
MOD - [2013/07/12 07:13:13 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013/07/12 07:13:11 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013/07/12 07:13:10 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013/07/12 07:13:07 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/11 22:40:51 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\aa78c26d45f57e7bb99a7356154de49b\PresentationFramework.ni.dll
MOD - [2013/07/11 22:40:43 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ea5ee4386d67f4b432a27c40fbff93c\System.Windows.Forms.ni.dll
MOD - [2013/07/11 22:40:43 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b8562544df44384d9800def1ab7d096b\PresentationCore.ni.dll
MOD - [2013/07/11 22:40:40 | 007,053,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\5326f0da29e8171624f520a81f6e3eb1\System.Core.ni.dll
MOD - [2013/07/11 22:40:38 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\91c185bd043af039dcdc93e3fcf87f3d\System.Xml.ni.dll
MOD - [2013/07/11 22:40:38 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9631f1dac820cb6987560f074492150d\PresentationFramework.Aero.ni.dll
MOD - [2013/07/11 22:40:37 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\fc07e5bc2553d060a814674b67f50318\WindowsBase.ni.dll
MOD - [2013/07/11 22:40:37 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4787bb699ed4291859fb86f15d793add\System.Drawing.ni.dll
MOD - [2013/07/11 22:40:36 | 001,013,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\256b7bb1216345c5a66ced50c1cf239d\System.Configuration.ni.dll
MOD - [2013/07/11 22:40:35 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\8a6d1c8abeb8eb82f06c7d075130cc67\System.ni.dll
MOD - [2013/07/11 22:38:17 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2011/09/28 16:29:46 | 000,905,216 | ---- | M] () -- C:\Program Files\Corsair USB Headset\Customapp\Program\CAHS.exe
MOD - [2011/04/19 14:56:58 | 000,143,360 | ---- | M] () -- C:\Program Files\Corsair USB Headset\Customapp\Program\VMixHS.dll
MOD - [2009/10/16 18:59:30 | 001,328,480 | ---- | M] () -- C:\Program Files (x86)\Seagate\DiscWizard\fox.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/01/17 17:00:50 | 000,164,520 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- E:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/14 13:01:24 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- E:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/06/21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/05/16 09:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/25 08:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/02/18 23:29:13 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/03/13 11:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Running] -- E:\Hardware Software-Drivers\Win& Bluetooth\AdminService.exe -- (AtherosSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/16 19:39:50 | 000,606,048 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/10 01:32:38 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/04/30 11:48:14 | 000,181,024 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiK075C.sys -- (SaiK075C)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/03/04 01:48:30 | 000,117,248 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2013/03/04 01:48:30 | 000,022,016 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzendpt.sys -- (rzendpt)
DRV:64bit: - [2013/02/25 00:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/04 19:37:54 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2012/01/04 19:37:54 | 000,593,952 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2012/01/04 19:37:54 | 000,235,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2012/01/04 19:37:54 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2011/06/16 15:10:08 | 001,308,160 | -H-- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAHS164.sys -- (CorsairCAHS1)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/23 05:17:06 | 012,259,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/05/20 10:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/14 04:29:46 | 000,313,136 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011/03/14 04:29:46 | 000,024,880 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2011/03/13 11:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/03/13 11:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/03/13 11:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/03/13 11:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/03/13 11:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/03/13 11:58:42 | 000,051,872 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2011/03/13 11:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/03/13 11:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/02/08 06:03:04 | 000,328,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011/01/18 12:37:48 | 000,032,936 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iqvw64e.sys -- (NAL)
DRV:64bit: - [2010/12/10 00:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 00:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/24 22:27:42 | 000,120,408 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/10/14 12:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/07/27 06:49:02 | 000,326,784 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiH075C.sys -- (SaiH075C)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-700339448-2649754810-3164551518-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-700339448-2649754810-3164551518-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-700339448-2649754810-3164551518-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4B DB 98 27 B9 8C CE 01  [binary data]
IE - HKU\S-1-5-21-700339448-2649754810-3164551518-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-700339448-2649754810-3164551518-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-700339448-2649754810-3164551518-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2013/08/05 19:00:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - E:\Hardware Software-Drivers\Win& Bluetooth\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AthBtTray] E:\Hardware Software-Drivers\Win& Bluetooth\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] E:\Hardware Software-Drivers\Win& Bluetooth\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [CAHS1Sound] C:\Windows\Syswow64\CAHS1.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AVG_UI] E:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd)
O4 - HKU\S-1-5-21-700339448-2649754810-3164551518-1000..\Run: [Chromium] C:\Users\Brian\AppData\Local\Chromium\PluginHooks.dll (iZotope, Inc.)
O4 - HKU\S-1-5-21-700339448-2649754810-3164551518-1000..\Run: [igndlm.exe] F:\Program Files (x86)\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKU\S-1-5-21-700339448-2649754810-3164551518-1000..\Run: [TimeServer] C:\Users\Brian\AppData\Roaming\Fatshark\WINFA85.exe ()
O4 - HKU\S-1-5-21-700339448-2649754810-3164551518-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-700339448-2649754810-3164551518-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-700339448-2649754810-3164551518-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-700339448-2649754810-3164551518-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-700339448-2649754810-3164551518-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - E:\Hardware Software-Drivers\Win& Bluetooth\IEPlugIn.dll (Atheros Commnucations)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD9BB673-A4DC-4384-8AEF-9685DAA3AE51}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/21 14:08:38 | 000,000,082 | RH-- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/06 19:21:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
[2013/08/05 19:01:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/08/05 19:00:19 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/08/05 18:56:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/08/05 18:56:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/08/05 18:56:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/08/05 18:56:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/05 18:56:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/08/05 18:51:57 | 001,893,504 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Brian\Desktop\rkill.exe
[2013/08/01 23:12:15 | 000,000,000 | ---D | C] -- C:\Users\Brian\Desktop\RK_Quarantine
[2013/08/01 23:05:46 | 005,100,695 | R--- | C] (Swearware) -- C:\Users\Brian\Desktop\ComboFix.exe
[2013/08/01 23:02:10 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\GetRightToGo
[2013/07/30 18:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/07/29 19:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2013/07/29 19:57:17 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2013/07/29 19:21:26 | 000,000,000 | ---D | C] -- C:\Users\Brian\Desktop\rkill
[2013/07/29 19:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/07/29 00:37:52 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/07/28 22:06:02 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\AVG2013
[2013/07/28 22:05:44 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\TuneUp Software
[2013/07/28 22:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/07/28 22:05:42 | 000,000,000 | ---D | C] -- C:\$AVG
[2013/07/28 22:00:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/07/28 22:00:53 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\MFAData
[2013/07/28 22:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/07/28 22:00:53 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\Avg2013
[2013/07/28 16:04:48 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\Chromium
[2013/07/23 22:59:23 | 000,000,000 | ---D | C] -- C:\Users\Brian\Documents\Square Enix
[2013/07/20 01:51:00 | 000,311,608 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
[2013/07/20 01:50:56 | 000,246,072 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2013/07/20 01:50:56 | 000,071,480 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2013/07/20 01:50:50 | 000,206,648 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2013/07/11 22:38:45 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/11 22:38:45 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/11 22:38:45 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/07/11 22:38:45 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/07/11 22:38:45 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/07/11 22:38:45 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/11 22:38:45 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/07/11 22:38:45 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/07/11 22:38:45 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/07/11 22:38:45 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/07/11 22:38:45 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/07/11 22:38:44 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/11 22:38:44 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/11 22:38:44 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/11 22:38:43 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/11 20:56:17 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/11 20:56:17 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/11 20:56:17 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/11 20:56:17 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/11 20:55:53 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/07/10 01:32:38 | 000,045,880 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/06 19:22:50 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/06 19:22:50 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/06 19:21:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
[2013/08/06 19:21:28 | 000,666,633 | ---- | M] () -- C:\Users\Brian\Desktop\AdwCleaner.exe
[2013/08/06 19:20:57 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/06 19:20:57 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/06 19:20:57 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/06 19:15:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/06 19:15:40 | 4220,276,734 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/05 19:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/05 19:00:18 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/08/05 18:56:14 | 005,100,695 | R--- | M] (Swearware) -- C:\Users\Brian\Desktop\ComboFix.exe
[2013/08/05 18:48:47 | 001,893,504 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Brian\Desktop\rkill.exe
[2013/07/30 18:30:53 | 000,003,300 | ---- | M] () -- C:\Users\Brian\Desktop\attach.zip
[2013/07/30 18:00:11 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/07/29 21:31:35 | 000,039,997 | ---- | M] () -- C:\Users\Brian\AppData\Local\Perfmon.PerfmonCfg
[2013/07/29 19:57:17 | 000,003,135 | ---- | M] () -- C:\Users\Brian\Desktop\Sophos Virus Removal Tool.lnk
[2013/07/20 21:11:12 | 000,000,212 | ---- | M] () -- C:\Users\Brian\Desktop\FINAL FANTASY VII.url
[2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
[2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2013/07/14 13:01:24 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/07/14 13:01:24 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/07/12 07:12:53 | 000,292,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/10 01:32:38 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/08/06 19:21:28 | 000,666,633 | ---- | C] () -- C:\Users\Brian\Desktop\AdwCleaner.exe
[2013/08/05 18:56:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/05 18:56:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/05 18:56:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/05 18:56:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/05 18:56:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/30 18:30:37 | 000,003,300 | ---- | C] () -- C:\Users\Brian\Desktop\attach.zip
[2013/07/29 21:31:35 | 000,039,997 | ---- | C] () -- C:\Users\Brian\AppData\Local\Perfmon.PerfmonCfg
[2013/07/29 19:57:17 | 000,003,135 | ---- | C] () -- C:\Users\Brian\Desktop\Sophos Virus Removal Tool.lnk
[2013/07/28 22:05:44 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/07/20 21:11:12 | 000,000,212 | ---- | C] () -- C:\Users\Brian\Desktop\FINAL FANTASY VII.url
[2012/12/26 18:28:58 | 000,773,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/12 18:54:49 | 000,143,360 | ---- | C] () -- C:\Windows\VmixHS1.dll
[2012/04/12 18:54:49 | 000,013,521 | ---- | C] () -- C:\Windows\CAHS1.ini.cfl
[2012/04/12 18:54:48 | 000,002,029 | ---- | C] () -- C:\Windows\CAHS1.ini.cfg
[2012/04/12 18:54:48 | 000,000,639 | ---- | C] () -- C:\Windows\CAHS1.ini.imi
[2012/04/12 18:54:48 | 000,000,638 | ---- | C] () -- C:\Windows\CAHS1.ini
[2012/03/10 12:08:51 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2012/03/10 12:08:51 | 000,000,142 | ---- | C] () -- C:\Windows\wpd99.drv
[2012/01/05 01:06:57 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/01/05 01:06:54 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/01/05 01:04:23 | 000,000,259 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/01/04 21:05:39 | 000,007,598 | ---- | C] () -- C:\Users\Brian\AppData\Local\resmon.resmoncfg
[2012/01/04 19:56:59 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/01/04 19:56:59 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/01/04 19:56:59 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/01/03 11:06:31 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/01/03 11:06:28 | 000,037,650 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/12/14 23:39:42 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:635FFD7D

< End of report >

 

OTL Extras logfile created on: 8/6/2013 7:27:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Brian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.91 Gb Total Physical Memory | 13.48 Gb Available Physical Memory | 84.73% Memory free
31.81 Gb Paging File | 29.13 Gb Available in Paging File | 91.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.80 Gb Total Space | 3.43 Gb Free Space | 6.15% Space Free | Partition Type: NTFS
Drive D: | 210.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 931.50 Gb Total Space | 582.94 Gb Free Space | 62.58% Space Free | Partition Type: NTFS
Drive F: | 465.66 Gb Total Space | 198.95 Gb Free Space | 42.72% Space Free | Partition Type: NTFS
Drive G: | 100.00 Mb Total Space | 61.86 Mb Free Space | 61.86% Space Free | Partition Type: NTFS
 
Computer Name: BRIAN-PC | User Name: Brian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FA57C42-069A-42B9-9A04-941033C21907}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1E987573-1609-48D2-B3BE-B906F2F03FD4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{26509516-F2D7-4C48-BD74-948B1E3A1B9E}" = lport=137 | protocol=17 | dir=in | app=system |
"{27B014B8-62B4-4D61-8E1D-C8A99096FFD6}" = lport=139 | protocol=6 | dir=in | app=system |
"{285B7AB7-EBE5-4B0E-8F93-BF22966B4CF5}" = rport=139 | protocol=6 | dir=out | app=system |
"{398A4C78-9DB6-419E-8428-ABB5085166F7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{49FBBFB6-878F-41C1-AE3C-F60ADD6816DC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4C836325-458F-4CEC-A16F-8CE7AD2CB44C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4E282564-063F-42E7-A57C-DFA3F929A356}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{504B44D0-3AC9-400C-BDF4-53EFB1B58771}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{53CDBEEC-0336-4586-8260-C7A39FFCB7A8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5E3828C6-E9F8-43A4-AD94-A3F7606540D3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{79539055-41FE-4D1C-8DBD-77D5767769E2}" = rport=445 | protocol=6 | dir=out | app=system |
"{821BF509-C126-440D-9365-F19090C6D365}" = lport=138 | protocol=17 | dir=in | app=system |
"{AF949F00-E5E9-4066-8A15-78B54878C97F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B41EFD70-89B6-44D0-AFF6-295A259DFC07}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C4631560-4CD3-4A11-8BE4-C201C5BC43F8}" = rport=138 | protocol=17 | dir=out | app=system |
"{CF461FD6-9262-42B2-8E0B-C4CBACEA56F5}" = rport=137 | protocol=17 | dir=out | app=system |
"{CFFF3EB7-5D2D-499A-825B-B660E8CC4FF1}" = lport=445 | protocol=6 | dir=in | app=system |
"{D0CB6F37-F6FD-48F6-B07B-79495E087622}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E1EE46CA-0B26-4BC8-AFFF-64D905F5786E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02EEEBAA-B3AA-427B-BDE5-6E1ABD2A8E00}" = protocol=6 | dir=in | app=e:\program files (x86)\avg\avg2013\avgnsa.exe |
"{037BEBA2-3125-4F94-B390-90894961778D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0604C282-7AC1-4042-A8C8-31F972301A3F}" = protocol=6 | dir=in | app=e:\game files\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{085C4A2B-E688-4057-8318-E67302DE1610}" = protocol=17 | dir=in | app=e:\game files\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{0DC39FEF-AE3B-4F51-A1C8-015F5A3B2EEF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{103B2199-E9EC-4B10-A2E3-159355EC9D27}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{108CB917-81D5-42B5-B18F-D67F8C0EA61B}" = protocol=6 | dir=in | app=e:\game files\steam\steamapps\common\wargame airland battle\wargame2.exe |
"{14500EFE-D3D6-4EF4-B6D9-D8FBB3D0C437}" = protocol=17 | dir=in | app=e:\game files\steam\steamapps\common\kerbal space program\ksp.exe |
"{14D647E7-4E5D-4CD4-B2B8-872D026DD3C0}" = protocol=6 | dir=in | app=e:\game files\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{15A4866C-6C0F-4AA4-B76C-C2BDDF096F1F}" = protocol=17 | dir=in | app=e:\game files\steam\steamapps\common\wargame european escalation\wargame.exe |
"{168825D9-AE9D-48B3-A14F-F76E43946E48}" = protocol=6 | dir=in | app=e:\game files\age3y.exe |
"{19665376-8E66-49E4-924E-6B7D66E43A28}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1F6BCBC6-ECF2-4D72-8ACA-EA372348180F}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steam.exe |
"{1FD79D54-CA7E-4049-B64D-8E78430050E1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{207582F7-A87E-4BFD-AC5D-16CF5A15E634}" = protocol=17 | dir=in | app=e:\game files\age3x.exe |
"{20960B74-C006-4A07-B4B6-E68C7DC4C564}" = protocol=6 | dir=in | app=e:\game files\company of heros\relicdownloader\relicdownloader.exe |
"{210FD91D-09B0-47F2-BA9F-460A83F3939E}" = protocol=17 | dir=in | app=e:\game files\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{21634A36-6831-4691-B6D7-E51D471D9A8B}" = protocol=6 | dir=in | app=e:\game files\steam\steamapps\common\kerbal space program\ksp.exe |
"{223EBFC5-95FB-4D7E-97A5-B840A99E30F3}" = protocol=17 | dir=in | app=e:\game files\origin games\simcity\simcity\simcity.exe |
"{240AD0F9-2573-454D-9094-F70F75058B57}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2A510DFB-1924-48F6-8A7A-8402C97D06B9}" = protocol=6 | dir=in | app=e:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{2D8F78BB-A553-4AC6-BF67-681D28429D07}" = protocol=6 | dir=out | app=system |
"{2DE14534-9D37-427A-B8F7-56FCB4C365AB}" = protocol=17 | dir=in | app=e:\game files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{2E18E796-F7F1-4F3D-B8E3-63DB9AD04D91}" = protocol=6 | dir=in | app=e:\game files\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{30E6756B-7E6F-470E-BEA1-45D3C267E722}" = protocol=17 | dir=in | app=e:\game files\steam\steamapps\common\portal 2\portal2.exe |
"{3341C5BA-FEB0-426D-96FE-16B478BCE2C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{397FAF25-C358-4150-BDD8-5DE3DD45D5F1}" = protocol=6 | dir=in | app=e:\game files\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{3A4A086D-DB7D-4876-ACE0-B61B983FF90A}" = protocol=6 | dir=in | app=e:\game files\steam\steamapps\common\bioshock\builds\release\bioshock.exe |
"{3B86D678-1FAA-48F5-B779-BF9FCBF53EBA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{3DEEFC5E-FEF5-4848-8AE4-A19BF03F5048}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{4567AEE2-3EE8-4C87-B9D5-3DF12F71A526}" = protocol=6 | dir=in | app=e:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{4726FD22-FF6A-4C38-82D5-A4F0B977D1AE}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{4741F796-1DE7-49A5-9FAF-E1D5C389C7B5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{485EA220-6AC7-4730-A4DF-AC0661E8E633}" = protocol=6 | dir=in | app=e:\game files\origin games\simcity\simcity\simcity.exe |
"{4AEFF6EF-99A1-49D2-9746-E6A9554C33F9}" = protocol=6 | dir=in | app=e:\game files\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{4BD6F808-BFE6-4AA8-B9F2-11EC803E0585}" = protocol=17 | dir=in | app=e:\game files\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{4DC4AFD7-EC1E-4A8A-844E-93DDC5C9275E}" = protocol=17 | dir=in | app=e:\game files\age3y.exe |
"{51C6908B-7C40-4897-81E8-26538B2BFA6F}" = protocol=6 | dir=in | app=e:\game files\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{5580C16A-B34D-4AC4-8616-A3A909347EAE}" = protocol=6 | dir=in | app=e:\software\bittorrent\bittorrent.exe |
"{561E0DC8-A22B-4CC8-A408-609E247D3A31}" = protocol=6 | dir=in | app=e:\game files\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{56A8CC1F-5FAF-4B3A-9ECB-0773E2CC1297}" = protocol=6 | dir=in | app=e:\game files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{590617F3-D14D-49D8-8439-0F71C66A686F}" = protocol=17 | dir=in | app=e:\game files\steam\steamapps\common\final fantasy vii\ff7_launcher.exe |
"{5B2511F0-0B72-479E-9062-9136E6848D37}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{5BCEEA67-363F-4763-8C51-C0C4B22DA163}" = protocol=17 | dir=in | app=e:\game files\steam\steamapps\common\wargame european escalation trailer\smp.exe |
"{5DD4669A-4F93-4411-B6F1-D96687A4174C}" = protocol=17 | dir=in | app=e:\game files\steam\steamapps\common\arma 2\arma2.exe |
"{5E935671-12FE-442F-94FB-58884E6ABFC5}" = protocol=17 | dir=in | app=e:\game files\steam\steamapps\common\r.u.s.e\ruse.exe |
"{5FA76771-6DF0-4A18-8B76-1A40DE71BDD2}" = protocol=17 | dir=in | app=e:\game files\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{61766264-2A38-4408-9183-3ADE4FBA2904}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{666FC7E7-2AC9-4AE7-9671-0F9CD075F34C}" = protocol=17 | dir=in | app=e:\game files\ventrilo\ventrilo.exe |
"{6765AE58-AD1E-4458-8620-A0D1F7117348}" = protocol=17 | dir=in | app=e:\game files\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{6D87B93C-F922-4312-9996-E7D8FA9FA167}" = protocol=17 | dir=in | app=e:\game files\steam\steamapps\common\bioshock\builds\release\bioshock.exe |
"{6EC600E2-0AE6-4FCF-85B7-866D859D723B}" = protocol=6 | dir=in | app=e:\game files\steam\steamapps\wildshot83@hotmail.com\counter-strike source\hl2.exe |
"{7276C3AC-3807-4172-A036-0A4CB5FCFB22}" = protocol=6 | dir=in | app=e:\game files\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{731DC418-0D96-454F-BB95-905A3A1A5761}" = protocol=6 | dir=in | app=e:\game files\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{75008D6B-6F41-4F4D-A014-B4ABE591E70A}" = protocol=17 | dir=in | app=e:\game files\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{7593AA07-68DD-42E9-A019-E4E21332EECC}" = protocol=6 | dir=in | app=e:\game files\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{762FBADD-C940-4670-BD55-8C7E2E90B849}" = protocol=6 | dir=in | app=e:\game files\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{767FC7A1-B6BA-482C-A5B2-A193DF6D57F7}" = protocol=17 | dir=in | app=e:\game files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{77F69C74-09C7-42F0-8B3D-A2E467149A3C}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steam.exe |
"{7849E7A7-2ACB-46E7-BF61-522C506E14E5}" = protocol=17 | dir=in | app=e:\program files (x86)\avg\avg2013\avgnsa.exe |
"{7ADD9E51-5B05-4AEC-BFFD-38245F619A71}" = protocol=17 | dir=in | app=e:\game files\steam\steamapps\wildshot83@hotmail.com\counter-strike source\hl2.exe |
"{88E35258-54F5-4566-B46E-225AFCBAD826}" = protocol=17 | dir=in | app=e:\game files\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{89D5CBF1-214B-44C2-930E-594B9E3FABE2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8B6C5897-2600-42D3-ABC2-8842A93807E2}" = protocol=17 | dir=in | app=e:\game files\company of heros\relicdownloader\relicdownloader.exe |
"{8CD0DC27-033A-43E7-8FBB-227B01412CD8}" = protocol=17 | dir=in | app=e:\game files\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{8D43CDF3-7BC3-4478-B0EE-6386E22994C4}" = protocol=6 | dir=in | app=e:\game files\steam\steamapps\common\wargame european escalation trailer\smp.exe |
"{8DD9EF76-99ED-429F-993F-79256982ED82}" = protocol=6 | dir=in | app=e:\game files\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{8FBBA81B-4775-42B6-AAAA-AD4A7F711725}" = protocol=17 | dir=in | app=e:\game files\origin games\battlefield 3\bf3.exe |
"{93FA6D25-186B-4806-B87F-F5E5B51007DC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9C262BDF-2951-48D8-BA01-00BCAA886B3A}" = protocol=6 | dir=in | app=e:\game files\steam\steamapps\common\r.u.s.e\ruse.exe |
"{9D1D598E-69F7-40F2-802A-E8969988B563}" = protocol=17 | dir=in | app=e:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{9F76E55E-64E8-49A8-AE39-E901B88ABE5B}" = protocol=17 | dir=in | app=e:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{9FA74699-D8B1-47C2-B6DD-B847E28CDCE6}" = protocol=6 | dir=in | app=e:\game files\steam\steamapps\common\war of the roses\run_game.exe |
"{A20D257E-097A-4D75-8439-69F5DACF1B89}" = protocol=17 | dir=in | app=e:\software\bittorrent\bittorrent.exe |
"{A406E2C6-63F0-4DC2-AA33-B8F734A11BF3}" = protocol=6 | dir=in | app=e:\game files\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{A4D1C73D-6BF6-4C0F-8C71-BC7F367CE09D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A61F185D-9E64-4F32-8E5E-2AEDA7955DCA}" = protocol=17 | dir=in | app=e:\game files\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{A7861D06-BE11-4DE6-B09F-6D51FE027759}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{AC933BD3-4E25-472D-B855-FF42CA6FF6A9}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B0CDCCAA-6290-4EA2-9F5F-D55CEAB8CAB9}" = protocol=17 | dir=in | app=e:\game files\origin games\dead space 3\deadspace3.exe |
"{B0E51B81-6615-44D7-BCE3-387F224F27B8}" = protocol=6 | dir=in | app=e:\game files\origin games\battlefield 3\bf3.exe |
"{B3C9C8A3-62E8-432B-8B34-83D855F464D6}" = protocol=17 | dir=in | app=e:\game files\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{B484F027-6A1B-4F16-A67C-B9E5B27393ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B757700D-1A53-41CD-879B-FBB78BA043B2}" = protocol=6 | dir=in | app=e:\game files\steam\steamapps\common\portal 2\portal2.exe |
"{B8F4283F-8319-4C44-B3E1-1F49797CCFDC}" = protocol=17 | dir=in | app=e:\game files\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{BCFCB2C5-758F-4682-9501-932EF189AD20}" = protocol=6 | dir=in | app=e:\game files\ventrilo\ventrilo.exe |
"{BD25D472-1DDE-407E-A98D-0168077BA2D4}" = protocol=17 | dir=in | app=e:\game files\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{C129E90C-F6D9-4F43-9E93-C8319B6C8CF0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C4A26BD8-541C-4E0F-B449-90802E3CB7CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C4FE2865-9C83-4F8B-853E-4804D057E9DC}" = protocol=6 | dir=in | app=e:\game files\steam\steamapps\common\dcs a-10c warthog\bin\run.exe |
"{C6D86F44-7C34-4F06-8751-76E2C3AB359D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C762A68F-4916-449E-8892-60EDD70A2CEC}" = protocol=6 | dir=in | app=e:\game files\steam\steamapps\common\wargame european escalation\wargame.exe |
"{C77BFBC9-1975-4173-B6FC-E51FD1C139BD}" = protocol=6 | dir=in | app=e:\game files\origin games\battlefield 3\bf3.exe |
"{C7F22644-F7F5-414A-8648-FB6B14B14C09}" = protocol=17 | dir=in | app=e:\game files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{C9B469FF-93E0-41BE-83F4-2BA028F6B7E4}" = protocol=6 | dir=in | app=e:\game files\steam\steamapps\common\arma 2\arma2.exe |
"{CAC7B8EC-1347-4B62-A1AB-7C4BFCFE1CEA}" = protocol=6 | dir=in | app=e:\game files\age3.exe |
"{CCE25BC1-FB1A-4E6E-B7C8-8A21542444CC}" = protocol=17 | dir=in | app=e:\game files\steam\steamapps\common\dcs a-10c warthog\bin\run.exe |
"{CE7DC1A2-CE47-4E35-BAC4-64FF0CEA9D39}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CF00A7F0-42F9-461E-9D2E-8045201B87B7}" = protocol=6 | dir=in | app=e:\game files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{D0EAD702-71ED-47FF-8D35-010CF5E0CEC0}" = protocol=17 | dir=in | app=e:\game files\age3.exe |
"{D2025F3F-90CE-4596-AB66-59B4D0CB9EC6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D5738B6E-20AC-4093-B2CC-57EF5A3D86A5}" = protocol=17 | dir=in | app=e:\game files\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{D687F0FC-3556-4679-A0CB-83B6FF3C69CA}" = protocol=6 | dir=in | app=e:\game files\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{D968FFC3-4E2B-4F3F-B5B4-0789AF238BA9}" = protocol=6 | dir=in | app=e:\game files\age3x.exe |
"{D9C383CC-F097-4FC2-8404-117E55C3FE2A}" = protocol=17 | dir=in | app=e:\game files\origin games\battlefield 3\bf3.exe |
"{DDDC3947-28C4-4938-A7E1-DB92B3D65A95}" = protocol=17 | dir=in | app=e:\game files\steam\steamapps\common\war of the roses\run_game.exe |
"{E57ABCF3-F1C7-422B-A449-C65A1E4D98E3}" = protocol=17 | dir=in | app=e:\game files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{E7385619-CC17-4BAF-ACF6-940FA6661F1C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E86BF4E7-9549-43D4-BDDD-EB41604D03B2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EA65EE9A-6319-495F-94BC-84367A3E3560}" = protocol=6 | dir=in | app=e:\game files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{EBE4008D-10D1-44D8-9303-D847A056CDBC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EC8C0974-09C0-4986-AA51-6AA7D6AAA54E}" = protocol=17 | dir=in | app=e:\game files\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{ECB27266-E0FA-4FF1-8EF5-82057928A4B8}" = protocol=6 | dir=in | app=e:\game files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{ED23A308-8E4C-45DD-99A0-B476CE95A941}" = protocol=17 | dir=in | app=e:\game files\world_of_tanks\wotlauncher.exe |
"{EEE4B168-1C46-458C-A33C-8CE52EA79D88}" = protocol=17 | dir=in | app=e:\game files\steam\steamapps\common\wargame airland battle\wargame2.exe |
"{EEF94E6C-EE71-448E-B7DC-A97CA4E56FD9}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{EF44FDD6-0DDE-4059-BFE2-163749DE05FA}" = protocol=6 | dir=in | app=e:\game files\origin games\dead space 3\deadspace3.exe |
"{F9867140-CBBA-4585-A7AC-8CCDDEC1BFF2}" = protocol=6 | dir=in | app=e:\game files\steam\steamapps\common\final fantasy vii\ff7_launcher.exe |
"{F9D54B62-E7CF-48C7-9C40-9BA27AAA4C68}" = protocol=6 | dir=in | app=e:\game files\world_of_tanks\wotlauncher.exe |
"TCP Query User{0C40EA87-150B-41B7-B871-94FEBB1641BC}E:\game files\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=e:\game files\world_of_tanks\worldoftanks.exe |
"TCP Query User{0CFA565B-BE8D-4682-8452-9BA93FC14E31}E:\game files\company of heros\reliccoh.exe" = protocol=6 | dir=in | app=e:\game files\company of heros\reliccoh.exe |
"TCP Query User{192B9046-79A0-4285-A466-E7CCF7F5ECA2}E:\game files\steam\steam.exe" = protocol=6 | dir=in | app=e:\game files\steam\steam.exe |
"TCP Query User{33F94FDB-D6F8-4F68-9D4E-23629A7A2411}E:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=e:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{407268C5-24ED-464B-907A-4E7506E4050D}E:\game files\xfire\xfire.exe" = protocol=6 | dir=in | app=e:\game files\xfire\xfire.exe |
"TCP Query User{5D0E5A9E-9110-4246-A9DD-70544EF115C6}E:\game files\sixupdater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=e:\game files\sixupdater\tools\bin\rsync.exe |
"TCP Query User{66C23EDB-B053-433B-B8EE-0DF43803BA01}E:\game files\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=e:\game files\world_of_tanks\wotlauncher.exe |
"TCP Query User{7A8D24AB-8265-4C0C-82A6-5331C5609557}E:\game files\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=e:\game files\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"TCP Query User{CA0D946B-E5A9-48CB-8BD2-F1B7F9F7A2D1}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{6F0328E1-834E-4698-9D7A-15737DB8A667}E:\game files\xfire\xfire.exe" = protocol=17 | dir=in | app=e:\game files\xfire\xfire.exe |
"UDP Query User{81000320-30BC-4706-9CAB-CE282D1CA404}E:\game files\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=e:\game files\world_of_tanks\wotlauncher.exe |
"UDP Query User{90DD90BD-4AAA-4D3C-9CC4-A449986D91D6}E:\game files\steam\steam.exe" = protocol=17 | dir=in | app=e:\game files\steam\steam.exe |
"UDP Query User{9308FA3C-224E-4C77-8F91-A20E05CF5E18}E:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=e:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{9423213C-4E0B-4499-A4BB-ED0D6605F171}E:\game files\company of heros\reliccoh.exe" = protocol=17 | dir=in | app=e:\game files\company of heros\reliccoh.exe |
"UDP Query User{B7476DA9-C078-43BC-9494-8B119C6D58C3}E:\game files\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=e:\game files\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"UDP Query User{C100826C-A28D-48CF-90C8-D6DC25DD7800}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{E7C981E6-87D6-434B-8C55-2AE91374AAB1}E:\game files\sixupdater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=e:\game files\sixupdater\tools\bin\rsync.exe |
"UDP Query User{EADE768B-2E4E-495C-ABA6-6B3B9FD1BCB7}E:\game files\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=e:\game files\world_of_tanks\worldoftanks.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{4FF9E8AA-D554-4CE7-89F9-B69DAA5A1E98}" = AVG 2013
"{57B82DB4-8A01-4F7B-987C-9A46CEC4303A}" = AVG 2013
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{645AE9CF-AF1B-4FBB-9B9D-17A23D03AF10}" = Intel® Network Connections 16.1.53.0
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PROSetDX" = Intel® Network Connections 16.1.53.0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0
"{0DF40A5F-0CB2-4E4C-9790-A7DFEBC84D0F}" = Six Updater
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.3.11
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}" = NVIDIA PhysX
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5DC107C1-0D15-4CCF-9F78-77FDF465CE90}" = H&R Block Minnesota 2011
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{71B53BA8-4BE3-49AF-BC3E-07F392DDDFB7}" = Corsair USB Headset
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7A5E940E-017E-47F8-9D0D-62D49C8D18ED}" = Active@ KillDisk
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89D20029-0578-4D8D-979A-695C8D868868}" = H&R Block Deluxe + Efile + State 2012
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate DiscWizard
"{C6006AED-E5A7-4F77-BAD5-95AC43DE04F3}" = H&R Block Deluxe + Efile + State 2011
"{D4329609-4102-4F8C-B83F-7FE024EEA314}" = Dead Space™ 3
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{E19DE9C7-C80D-4439-9E55-028D84BD3E61}" = H&R Block Minnesota 2012
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™
"{F8511A0F-D91D-4E3D-A59C-3CA8FB8EAFE8}" = MechWarrior Online
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Battlelog Web Plugins" = Battlelog Web Plugins
"BitTorrent" = BitTorrent
"Company of Heroes" = Company of Heroes
"ESN Sonar-0.70.4" = ESN Sonar
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"Pdf995" = Pdf995 (installed by H&R Block)
"PdfEdit995" = PdfEdit995 (installed by H&R Block)
"Precision" = EVGA Precision 2.1.1
"PunkBusterSvc" = PunkBuster Services
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 220200" = Kerbal Space Program
"Steam App 222750" = Wargame: AirLand Battle
"Steam App 39140" = FINAL FANTASY VII
"Steam App 400" = Portal
"Steam App 42160" = War of the Roses
"Steam App 49520" = Borderlands 2
"Steam App 58610" = Wargame: European Escalation
"Steam App 61010" = Digital Combat Simulator: A-10C Warthog
"Steam App 620" = Portal 2
"Steam App 644" = Portal 2 Publishing Tool
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Xfire" = Xfire (remove only)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-700339448-2649754810-3164551518-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{74d11f91-05cc-44f6-8e49-94fe7f33c79b}" = MechWarrior Online
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/2/2013 12:54:17 AM | Computer Name = Brian-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 8/2/2013 1:04:06 AM | Computer Name = Brian-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 8/2/2013 1:10:17 AM | Computer Name = Brian-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 8/3/2013 11:03:51 AM | Computer Name = Brian-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 8/4/2013 6:53:57 PM | Computer Name = Brian-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 8/5/2013 7:41:02 PM | Computer Name = Brian-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 8/5/2013 7:53:03 PM | Computer Name = Brian-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 8/5/2013 8:01:42 PM | Computer Name = Brian-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 8/5/2013 8:05:39 PM | Computer Name = Brian-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 8/6/2013 8:17:22 PM | Computer Name = Brian-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 4/9/2013 9:17:46 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
Error - 4/13/2013 9:46:38 PM | Computer Name = Brian-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{DD9BB673-A4DC-4384-8AEF-9685DAA3AE51}
 because another computer on the network has the same name.  The server could not
 start.
 
Error - 4/13/2013 9:46:38 PM | Computer Name = Brian-PC | Source = NetBT | ID = 4321
Description = The name "BRIAN-PC       :20" could not be registered on the interface
 with IP address 192.168.1.2.  The computer with the IP address 192.168.1.7 did not
 allow the name to be claimed by  this computer.
 
Error - 4/13/2013 9:46:39 PM | Computer Name = Brian-PC | Source = NetBT | ID = 4321
Description = The name "BRIAN-PC       :0" could not be registered on the interface
 with IP address 192.168.1.2.  The computer with the IP address 192.168.1.7 did not
 allow the name to be claimed by  this computer.
 
Error - 4/13/2013 9:48:35 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured password due to the following error:   %%1330    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).
 
Error - 4/13/2013 9:48:35 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
Error - 4/14/2013 12:24:15 AM | Computer Name = Brian-PC | Source = NetBT | ID = 4321
Description = The name "BRIAN-PC       :0" could not be registered on the interface
 with IP address 192.168.1.2.  The computer with the IP address 192.168.1.7 did not
 allow the name to be claimed by  this computer.
 
Error - 4/14/2013 12:24:15 AM | Computer Name = Brian-PC | Source = NetBT | ID = 4321
Description = The name "BRIAN-PC       :0" could not be registered on the interface
 with IP address 192.168.1.2.  The computer with the IP address 192.168.1.7 did not
 allow the name to be claimed by  this computer.
 
Error - 4/14/2013 1:44:21 AM | Computer Name = Brian-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070103: NVIDIA driver update for NVIDIA GeForce GTX 560.
 
Error - 4/14/2013 4:37:28 PM | Computer Name = Brian-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070103: NVIDIA driver update for NVIDIA GeForce GTX 560.
 
 
< End of report >
 



#12 wildshot83

wildshot83
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 07 August 2013 - 10:26 PM

So, Combofix has made something worse.  Roguekiller and AVG are listing all sorts of problems now, so my system has actually gotten worse.

 

Log from Roguekiller

 

RogueKiller V8.6.4 [Jul 29 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Brian [Admin rights]
Mode : Scan -- Date : 08/07/2013 22:14:59
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]
[SUSP PATH] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : TimeServer ("C:\Users\Brian\AppData\Roaming\Fatshark\WINFA85.exe" [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Chromium Update (regsvr32.exe C:\Users\Brian\AppData\Local\Chromium\smzcahp.dll [x][-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Adobe CSS5.1 Manager (C:\Users\Brian\AppData\Local\2d178463-01be-46e2-bd75-c59c9064751cad\dbeebdcccad.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-700339448-2649754810-3164551518-1000\[...]\Run : TimeServer ("C:\Users\Brian\AppData\Roaming\Fatshark\WINFA85.exe" [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-700339448-2649754810-3164551518-1000\[...]\Run : Chromium Update (regsvr32.exe C:\Users\Brian\AppData\Local\Chromium\smzcahp.dll [x][-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-700339448-2649754810-3164551518-1000\[...]\Run : Adobe CSS5.1 Manager (C:\Users\Brian\AppData\Local\2d178463-01be-46e2-bd75-c59c9064751cad\dbeebdcccad.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\RunOnce : Adobe CSS5.1 Manager (C:\Users\Brian\AppData\Local\2d178463-01be-46e2-bd75-c59c9064751cad\dbeebdcccad.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-700339448-2649754810-3164551518-1000\[...]\RunOnce : Adobe CSS5.1 Manager (C:\Users\Brian\AppData\Local\2d178463-01be-46e2-bd75-c59c9064751cad\dbeebdcccad.exe [-]) -> FOUND
[SHELL][Rans.Gendarm] HKCU\[...]\Winlogon : shell (explorer.exe,C:\Users\Brian\AppData\Roaming\skype.dat [x][-]) -> FOUND
[SHELL][Rans.Gendarm] HKUS\[...]\Winlogon : shell (explorer.exe,C:\Users\Brian\AppData\Roaming\skype.dat [x][-]) -> FOUND
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V1][SUSP PATH] {279B7161-B05A-409D-A62B-220039C3A310}.job : C:\Users\Brian\AppData\Local\2d178463-01be-46e2-bd75-c59c9064751cad\dbeebdcccad.exe [-] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> E:\Users\Brian\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SYSTEM | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SOFTWARE | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SECURITY | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SAM | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\DEFAULT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Users\Brian\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Users\Default\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Users\Default User\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Users\UpdatusUser\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\Brian\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\Default\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\UpdatusUser\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]

¤¤¤ Infection : Rans.Gendarm ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31000528AS +++++
--- User ---
[MBR] 27055976d33abc82a3611359efc4a520
[BSP] 72cd2e817c7c465bc0af81ccf5c64f0d : Empty MBR Code
Partition table:
0 - [ACTIVE] EXTEN (0x05) [VISIBLE] Offset (sectors): 16065 | Size: 953859 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST31000528AS +++++
--- User ---
[MBR] 4ca62831646dcf5f3e6d80ceda1a16af
[BSP] 78fd3f574fc4ab4e9ce0ef349153e51c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 57139 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: ST31000528AS +++++
--- User ---
[MBR] 4b38c55501cfefd136df6881e143aad9
[BSP] ac64ef5561494bcb562ad29425fbb7f1 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_08072013_221459.txt >>
RKreport[0]_D_08012013_234022.txt;RKreport[0]_D_08022013_000043.txt;RKreport[0]_D_08022013_000720.txt
RKreport[0]_S_08012013_231315.txt;RKreport[0]_S_08012013_231349.txt;RKreport[0]_S_08012013_231740.txt
RKreport[0]_S_08012013_233158.txt;RKreport[0]_S_08012013_234654.txt;RKreport[0]_S_08012013_235338.txt
RKreport[0]_S_08022013_000343.txt;RKreport[0]_S_08022013_001648.txt;RKreport[0]_S_08032013_103401.txt

 

 



#13 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:11:38 AM

Posted 09 August 2013 - 03:17 AM

Hello wildshot smile.gif,

did you use a Restore Point or a registry backup? Some of the new entries should not to be here.

Anyway, please follow these steps:

  • Open notepad
  • Copy this code
    Filelook:
    C:\Users\Brian\AppData\Roaming\Fatshark\WINFA85.exe
    C:\Windows\twunk_32.exe
    
    Dirlook::
    C:\Users\Brian\AppData\Local\2d178463-01be-46e2-bd75-c59c9064751cad
    C:\Users\Brian\AppData\Local\Chromium
  • Paste it into the notepad file
  • Save the file as CFScript.txt and close it
  • Disable all Antivirus and security programs
  • Drag CFScript.txt and drop it on the ComboFix icon

    CFScriptB-4.gif
     
  • Follow the prompts to start the scan
  • During the scan leave your sick computer alone and do not mouseclick combofix's window, it may cause it to stall
  • If ComboFix asks to restart your computer, allow it to do so
  • When finished, it will produce and display a report; close it

Then please post the contents of the C:\ComboFix.txt file in your next reply.


Regards



#14 wildshot83

wildshot83
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 09 August 2013 - 10:01 PM

Combo fix logs posted

 

 

ComboFix 13-08-05.03 - Brian 08/09/2013  21:49:54.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16289.14113 [GMT -5:00]
Running from: c:\users\Brian\Desktop\ComboFix.exe
Command switches used :: c:\users\Brian\Desktop\CFScript.txt
AV: AVG AntiVirus 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Brian\acrobat.exe
c:\users\Brian\acrobat161706.exe
c:\users\Brian\acrobatreader.exe
c:\users\Brian\acrobatreader387080.exe
c:\users\Brian\acrobatreader831415.exe
c:\users\Brian\alg.exe
c:\users\Brian\AppData\Roaming\skype.ini
c:\users\Brian\chrome304555.exe
c:\users\Brian\csrss173079.exe
c:\users\Brian\csrss1869.exe
c:\users\Brian\csrss398827.exe
c:\users\Brian\ctfmon512325.exe
c:\users\Brian\flashplayer.exe
c:\users\Brian\icq.exe
c:\users\Brian\icq649000.exe
c:\users\Brian\icq972977.exe
c:\users\Brian\java.exe
c:\users\Brian\jqs622586.exe
c:\users\Brian\jucheck649516.exe
c:\users\Brian\msconfig.exe
c:\users\Brian\msconfig867053.exe
c:\users\Brian\mstsc.exe
c:\users\Brian\mstsc444424.exe
c:\users\Brian\mstsc990901.exe
c:\users\Brian\notepad.exe
c:\users\Brian\notepad66117.exe
c:\users\Brian\skype.exe
c:\users\Brian\teamviewer331959.exe
c:\users\Brian\teamviewer531828.exe
c:\users\Brian\vlcplayer.exe
c:\users\Brian\vlcplayer25388.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-10 to 2013-08-10  )))))))))))))))))))))))))))))))
.
.
2013-08-10 02:51 . 2013-08-10 02:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-08-10 02:51 . 2013-08-10 02:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-08 23:17 . 2013-08-08 23:17 -------- d-----w- c:\windows\system32\MRT
2013-08-08 22:24 . 2013-08-08 22:24 -------- d-----w- C:\Autoruns
2013-08-08 22:16 . 2013-08-08 22:16 -------- d-----w- c:\users\Brian\AppData\Local\ElevatedDiagnostics
2013-08-08 22:01 . 2013-08-08 22:01 -------- d-----w- c:\users\Brian\AppData\Local\Cygwin
2013-08-08 02:44 . 2013-08-08 02:44 -------- d-----w- c:\users\Brian\AppData\Local\2d178463-01be-46e2-bd75-c59c9064751cad
2013-08-02 04:02 . 2013-08-02 04:02 -------- d-----w- c:\users\Brian\AppData\Roaming\GetRightToGo
2013-07-30 23:00 . 2013-07-30 23:00 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2013-07-30 00:57 . 2013-07-30 00:57 -------- d-----w- c:\programdata\Sophos
2013-07-30 00:57 . 2013-07-30 00:57 73728 ----a-r- c:\users\Brian\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-07-30 00:57 . 2013-07-30 00:57 73728 ----a-r- c:\users\Brian\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-07-30 00:57 . 2013-07-30 00:57 73728 ----a-r- c:\users\Brian\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-07-30 00:12 . 2013-07-30 04:14 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-29 03:06 . 2013-07-29 03:06 -------- d-----w- c:\users\Brian\AppData\Roaming\AVG2013
2013-07-29 03:05 . 2013-07-29 03:05 -------- d-----w- c:\users\Brian\AppData\Roaming\TuneUp Software
2013-07-29 03:05 . 2013-07-29 03:05 -------- d-----w- c:\programdata\AVG2013
2013-07-29 03:05 . 2013-07-29 03:05 -------- d-----w- C:\$AVG
2013-07-29 03:00 . 2013-08-10 00:23 -------- d-----w- c:\programdata\MFAData
2013-07-29 03:00 . 2013-07-29 03:14 -------- d-----w- c:\users\Brian\AppData\Local\Avg2013
2013-07-29 03:00 . 2013-07-29 03:00 -------- d--h--w- c:\programdata\Common Files
2013-07-29 03:00 . 2013-07-29 03:00 -------- d-----w- c:\users\Brian\AppData\Local\MFAData
2013-07-28 21:04 . 2013-08-08 03:18 -------- d-----w- c:\users\Brian\AppData\Local\Chromium
2013-07-27 16:34 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FEF485A3-7258-4EDD-B993-6F9E23C506F6}\mpengine.dll
2013-07-20 06:51 . 2013-07-20 06:51 311608 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-07-20 06:50 . 2013-07-20 06:50 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-07-20 06:50 . 2013-07-20 06:50 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-07-20 06:50 . 2013-07-20 06:50 206648 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-07-12 01:56 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-12 01:55 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-12 01:55 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-14 18:01 . 2012-04-11 01:15 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-14 18:01 . 2012-01-04 05:09 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-10 06:32 . 2013-07-10 06:32 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-07-01 06:45 . 2013-07-01 06:45 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-06-24 11:20 . 2013-06-24 11:20 768000 ----a-w- c:\windows\SysWow64\rzdevicedll.dll
2013-06-24 05:57 . 2012-01-05 05:54 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-21 12:06 . 2013-07-03 04:08 925648 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-06-21 12:06 . 2013-07-03 04:08 9239344 ----a-w- c:\windows\system32\nvcuda.dll
2013-06-21 12:06 . 2013-07-03 04:08 7687592 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-06-21 12:06 . 2013-07-03 04:08 7641832 ----a-w- c:\windows\system32\nvopencl.dll
2013-06-21 12:06 . 2013-07-03 04:08 6324360 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-06-21 12:06 . 2013-07-03 04:08 572704 ----a-w- c:\windows\system32\NvFBC64.dll
2013-06-21 12:06 . 2013-07-03 04:08 570656 ----a-w- c:\windows\system32\NvIFR64.dll
2013-06-21 12:06 . 2013-07-03 04:08 467232 ----a-w- c:\windows\SysWow64\NvIFR.dll
2013-06-21 12:06 . 2013-07-03 04:08 465184 ----a-w- c:\windows\SysWow64\NvFBC.dll
2013-06-21 12:06 . 2013-07-03 04:08 2953504 ----a-w- c:\windows\system32\nvcuvid.dll
2013-06-21 12:06 . 2013-07-03 04:08 27781920 ----a-w- c:\windows\system32\nvoglv64.dll
2013-06-21 12:06 . 2013-07-03 04:08 2777888 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-06-21 12:06 . 2013-07-03 04:08 266448 ----a-w- c:\windows\system32\nvinitx.dll
2013-06-21 12:06 . 2013-07-03 04:08 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-06-21 12:06 . 2013-07-03 04:08 2363680 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-06-21 12:06 . 2013-07-03 04:08 218592 ----a-w- c:\windows\system32\nvoglshim64.dll
2013-06-21 12:06 . 2013-07-03 04:08 214448 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-06-21 12:06 . 2013-07-03 04:08 21102368 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-06-21 12:06 . 2013-07-03 04:08 2002720 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-06-21 12:06 . 2013-07-03 04:08 1832224 ----a-w- c:\windows\system32\nvdispco6432049.dll
2013-06-21 12:06 . 2013-07-03 04:08 181488 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2013-06-21 12:06 . 2013-07-03 04:08 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-06-21 12:06 . 2013-07-03 04:08 15144928 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-06-21 12:06 . 2013-07-03 04:08 1511712 ----a-w- c:\windows\system32\nvdispgenco6432049.dll
2013-06-21 12:06 . 2013-07-03 04:08 13411896 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-06-21 12:06 . 2013-07-03 04:08 11235104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-06-21 12:06 . 2013-06-16 04:59 12427240 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-06-21 12:06 . 2013-02-26 05:32 2597856 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-06-21 12:06 . 2013-02-26 05:32 2936208 ----a-w- c:\windows\system32\nvapi64.dll
2013-06-21 12:06 . 2013-02-26 05:32 1059560 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-06-21 12:06 . 2013-02-26 05:32 15920536 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-06-21 10:23 . 2012-01-04 04:27 6496544 ----a-w- c:\windows\system32\nvcpl.dll
2013-06-21 10:23 . 2012-01-04 04:27 3514656 ----a-w- c:\windows\system32\nvsvc64.dll
2013-06-21 10:23 . 2012-01-04 04:27 884512 ----a-w- c:\windows\system32\nvvsvc.exe
2013-06-21 10:23 . 2012-01-04 04:27 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-06-21 10:23 . 2012-01-04 04:27 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-06-21 10:16 . 2013-06-21 10:16 566048 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-06-21 02:50 . 2013-06-21 02:50 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-21 02:50 . 2013-06-21 02:50 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-21 02:50 . 2013-06-21 02:50 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-21 02:50 . 2013-06-21 02:50 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-21 02:50 . 2013-06-21 02:50 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-21 02:50 . 2013-06-21 02:50 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-21 02:50 . 2013-06-21 02:50 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-21 02:50 . 2013-06-21 02:50 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-21 02:50 . 2013-06-21 02:50 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-21 02:50 . 2013-06-21 02:50 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-21 02:50 . 2013-06-21 02:50 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-21 02:50 . 2013-06-21 02:50 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-21 02:50 . 2013-06-21 02:50 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-21 02:50 . 2013-06-21 02:50 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-21 02:50 . 2013-06-21 02:50 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-21 02:50 . 2013-06-21 02:50 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-21 02:50 . 2013-06-21 02:50 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-21 02:50 . 2013-06-21 02:50 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-21 02:50 . 2013-06-21 02:50 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-21 02:50 . 2013-06-21 02:50 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-21 02:50 . 2013-06-21 02:50 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-21 02:50 . 2013-06-21 02:50 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-21 02:50 . 2013-06-21 02:50 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-21 02:50 . 2013-06-21 02:50 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-21 02:50 . 2013-06-21 02:50 441856 ----a-w- c:\windows\system32\html.iec
2013-06-21 02:50 . 2013-06-21 02:50 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-21 02:50 . 2013-06-21 02:50 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-21 02:50 . 2013-06-21 02:50 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-21 02:50 . 2013-06-21 02:50 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-21 02:50 . 2013-06-21 02:50 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-21 02:50 . 2013-06-21 02:50 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-21 02:50 . 2013-06-21 02:50 235008 ----a-w- c:\windows\system32\url.dll
2013-06-21 02:50 . 2013-06-21 02:50 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-21 02:50 . 2013-06-21 02:50 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-21 02:50 . 2013-06-21 02:50 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-21 02:50 . 2013-06-21 02:50 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-21 02:50 . 2013-06-21 02:50 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-06-21 02:50 . 2013-06-21 02:50 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-21 02:50 . 2013-06-21 02:50 149504 ----a-w- c:\windows\system32\occache.dll
2013-06-21 02:50 . 2013-06-21 02:50 144896 ----a-w- c:\windows\system32\wextract.exe
2013-06-21 02:50 . 2013-06-21 02:50 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-21 02:50 . 2013-06-21 02:50 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-06-21 02:50 . 2013-06-21 02:50 13824 ----a-w- c:\windows\system32\mshta.exe
2013-06-21 02:50 . 2013-06-21 02:50 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-06-21 02:50 . 2013-06-21 02:50 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-21 02:50 . 2013-06-21 02:50 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-21 02:50 . 2013-06-21 02:50 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-06-21 02:50 . 2013-06-21 02:50 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-21 02:50 . 2013-06-21 02:50 102912 ----a-w- c:\windows\system32\inseng.dll
2013-06-21 02:49 . 2013-06-21 02:49 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-21 02:49 . 2013-06-21 02:49 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-21 02:49 . 2013-06-21 02:49 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-06-21 02:49 . 2013-06-21 02:49 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-06-21 02:49 . 2013-06-21 02:49 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-21 02:49 . 2013-06-21 02:49 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-21 02:49 . 2013-06-21 02:49 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-21 02:49 . 2013-06-21 02:49 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\users\Brian\AppData\Roaming\Fatshark\WINFA85.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 138240
Created time: 2013-08-03 16:47
Modified time: 2013-08-03 16:47
MD5: 09082FF88E73F3F6666362ABEACE80EE
SHA1: E23D36CF7633D46C4CF14CC7AB5B339A94AB39F9
.
---- Directory of c:\users\Brian\AppData\Local\2d178463-01be-46e2-bd75-c59c9064751cad ----
.
2013-08-08 02:43 . 2013-08-08 02:44 192512 ----a-w- c:\users\Brian\AppData\Local\2d178463-01be-46e2-bd75-c59c9064751cad\dbeebdcccad.exe
.
---- Directory of c:\users\Brian\AppData\Local\Chromium ----
.
2013-08-07 00:37 . 2013-08-07 00:37 1710 ----a-w- c:\users\Brian\AppData\Local\Chromium\smzcahp.txt
2013-08-07 00:37 . 2013-08-07 00:37 933888 ----a-w- c:\users\Brian\AppData\Local\Chromium\smzcahp.dll
2013-07-28 21:20 . 2013-07-28 21:20 2018 ----a-w- c:\users\Brian\AppData\Local\Chromium\fmtpdf.txt
2013-07-28 21:20 . 2013-07-28 21:20 700416 ----a-w- c:\users\Brian\AppData\Local\Chromium\fmtpdf.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="f:\program files (x86)\Download Manager\DLM.exe" [2009-10-27 1103216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2009-10-17 1325936]
"AcronisTimounterMonitor"="c:\program files (x86)\Seagate\DiscWizard\TimounterMonitor.exe" [2009-10-17 904840]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2013-06-21 610152]
"AVG_UI"="e:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-07-01 4411440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 AVGIDSAgent;AVGIDSAgent;e:\program files (x86)\AVG\AVG2013\avgidsagent.exe;e:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 SaiH075C;SaiH075C;c:\windows\system32\DRIVERS\SaiH075C.sys;c:\windows\SYSNATIVE\DRIVERS\SaiH075C.sys [x]
R3 SaiK075C;SaiK075C;c:\windows\system32\DRIVERS\SaiK075C.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK075C.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys;c:\windows\SYSNATIVE\DRIVERS\mv91cons.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AtherosSvc;AtherosSvc;e:\hardware software-drivers\Win& Bluetooth\adminservice.exe;e:\hardware software-drivers\Win& Bluetooth\adminservice.exe [x]
S2 avgwd;AVG WatchDog;e:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;e:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 CorsairCAHS1;CA-HS1 Interface;c:\windows\system32\drivers\CAHS164.sys;c:\windows\SYSNATIVE\drivers\CAHS164.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - FASTFAT
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 18:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-10-17 136544]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"AtherosBtStack"="e:\hardware software-drivers\Win& Bluetooth\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="e:\hardware software-drivers\Win& Bluetooth\AthBtTray.exe" [2011-03-13 379552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-01 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-01 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-01 419096]
"CAHS1Sound"="c:\windows\Syswow64\CAHS1.dll" [2011-07-08 8724480]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-09  21:52:48
ComboFix-quarantined-files.txt  2013-08-10 02:52
ComboFix2.txt  2013-08-06 00:01
.
Pre-Run: 2,540,154,880 bytes free
Post-Run: 2,729,271,296 bytes free
.
- - End Of File - - C85DAFC5FDA7A40C7DF77A867BAD89D0
D41D8CD98F00B204E9800998ECF8427E
 



#15 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:11:38 AM

Posted 10 August 2013 - 02:26 PM

Hello wildshot smile.gif,

it seems that ComboFix did a bit of cleaning.
Now we need to run a new CFscript, so:

  • Open notepad
  • Copy this code  
    File::
    c:\users\Brian\AppData\Roaming\Fatshark\WINFA85.exe
    
    Folder::
    c:\users\Brian\AppData\Local\2d178463-01be-46e2-bd75-c59c9064751cad
    c:\users\Brian\AppData\Local\Chromium
    
    ClearJavaCache::
  • Paste it into the notepad file
  • Save the file as CFScript.txt and close it
  • Disable all Antivirus and security programs
  • Drag CFScript.txt and drop it on the ComboFix icon

    CFScriptB-4.gif
     
  • Follow the prompts to start the scan
  • During the scan leave your sick computer alone and do not mouseclick combofix's window, it may cause it to stall
  • If ComboFix asks to restart your computer, allow it to do so
  • When finished, it will produce and display a report; close it

Then please

  • Go to the C:\Qoobox\Quarantine\C\Users\Brian folder
  • Look for these files:
    acrobatreader.exe.vir
    acrobatreader387080.exe.vir
    acrobatreader831415.exe.vir
    alg.exe.vir
    jqs622586.exe.vir
  • Select all those files
  • Right-click on them => 7Zip => Add to "Brian.zip" 
  • Go to this link
  • Copy the link of your topic and paste it to the field Link to topic where this file was requested:
  • Click on the Select file button, then click on to your zip file
  • Click on the Send button 

When done, please post the contents of the C:\ComboFix.txt file in your next reply.
 
 
Regards






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users