Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess infection


  • This topic is locked This topic is locked
21 replies to this topic

#1 andyofmars

andyofmars

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 01 November 2013 - 12:09 AM

Hi, thanks in advance for any help. My computer has recently been infected with ZeroAcces trojan. I am using McAfee Total Protection and have been receiving messages that a trojan has been detected as well as that my firewall has been disabled. The specific messages are that ZeroAccess-FAT!CBB5F2DB64C0 and ZeroAccess-FAT!06ACC1F60B70 have been detected. McAfee then attempts to quarantine them from C:\Windows\assembly\GAC_64\Desktop.ini but fails to quarantine on restart. After searching for solutions online I have disabled certain ports on my router to minimise the activity of the Trojan.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.45.2
Run by Andy at 16:06:47 on 2013-11-01
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.8159.5065 [GMT 11:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Leap Motion\Core Services\LeapSvc.exe
c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
c:\PROGRA~1\mcafee\vul\mcvulctr.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\COMMON~1\McAfee\Platform\mcuicnt.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe
C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [BlazeServoTool] "C:\Program Files (x86)\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe"
uRun: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe
uRun: [GoogleChromeAutoLaunch_D9C6B67A63EF2C294D4A204374B6A795] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Andy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MSIAFT~1.LNK - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
StartupFolder: C:\Users\Andy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
LSP: mswsock.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{2E2CBB5A-78A7-454F-83FA-E5C3C44B9456} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{7A7C7EE7-7CC9-4F50-B353-F408E7CB3A31} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{95AE24AD-BA8F-4B19-9E63-1693FA626E51} : DHCPNameServer = 7.254.254.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [NetWorx] "C:\Program Files\NetWorx\networx.exe" /auto
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-STS: CThemeResourceChangerObject Class - {F791A188-699D-4FD4-955A-EB59E89B1907} - \Program Files\Theme Resource Changer\ThemeResourceChanger.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-10-29 781312]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-10-29 343568]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-8-28 297000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-1-13 283200]
R1 MOBKFilter;MOBKFilter;C:\Windows\System32\drivers\MOBK.sys [2012-11-18 66040]
R1 networx;networx;C:\Windows\System32\drivers\networx.sys [2013-10-23 43392]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-11-18 328928]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-18 13592]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-11-18 171688]
R2 LeapService;Leap Service;C:\Program Files (x86)\Leap Motion\Core Services\LeapSvc.exe [2013-7-27 3413176]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2013-10-4 121616]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2012-11-18 178048]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-11-18 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-11-18 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-11-18 328928]
R2 McPvDrv;McPvDrv Driver;C:\Windows\System32\drivers\McPvDrv.sys [2013-9-27 74560]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2012-11-18 1017016]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-11-18 219272]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-11-18 182752]
R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-30 15122208]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-9-14 129000]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-9-14 394216]
R3 HidEmulator;HidEmulator Leap Motion Miniport;C:\Windows\System32\drivers\HidEmulator.sys [2013-7-22 10480]
R3 HidEmulatorKmdf;HidEmulatorKmdf Lower Filter;C:\Windows\System32\drivers\HidEmulatorKmdf.sys [2013-7-22 24432]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech Webcam 300(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 Lycosa;Lycosa Keyboard;C:\Windows\System32\drivers\Lycosa.sys [2013-4-14 28928]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-10-29 310224]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-10-29 519192]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2013-9-20 390552]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-10-30 39200]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2012-11-19 13368]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2013-5-1 31232]
R3 VKbms;Virtual HID Minidriver;C:\Windows\System32\drivers\VKbms.sys [2013-3-26 13312]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-11-18 328928]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 AF9035BDA;AF9035 BDA Devices;C:\Windows\System32\drivers\AF9035BDA.sys [2013-4-18 488832]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-10-29 70112]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;E:\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [2011-7-20 25832]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2013-10-11 197704]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-7 288776]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2013-9-20 95984]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-18 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-18 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-18 30208]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2013-5-1 746392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 vncserver;VNC Server;C:\Program Files\RealVNC\VNC Server\vncserver.exe [2013-2-12 4774208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-18 1255736]
.
=============== Created Last 30 ================
.
2013-10-30 10:59:17 -------- d-----w- C:\Users\Andy\AppData\Local\NVIDIA
2013-10-30 10:18:33 955168 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2013-10-30 10:18:33 1063200 ----a-w- C:\Windows\System32\nvspcap64.dll
2013-10-27 08:17:00 -------- d-----w- C:\Users\Andy\AppData\Roaming\Bitcoin
2013-10-23 03:34:55 43392 ----a-w- C:\Windows\System32\drivers\networx.sys
2013-10-23 03:34:54 -------- d-----w- C:\ProgramData\SoftPerfect
2013-10-23 03:34:54 -------- d-----w- C:\Program Files\NetWorx
2013-10-22 16:02:36 589600 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-10-19 02:52:00 -------- d-----w- C:\ProgramData\Oracle
2013-10-19 02:51:54 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-17 08:29:11 -------- d-----w- C:\Program Files\McAfee Security Scan
2013-10-13 09:39:33 -------- d-----w- C:\Program Files (x86)\ModernRcon
2013-10-13 04:35:55 -------- d-----w- C:\Program Files (x86)\VentSrv
2013-10-10 22:51:25 197704 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
2013-10-09 06:48:40 633856 ----a-w- C:\Windows\System32\comctl32.dll
2013-10-09 06:48:40 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2013-10-09 06:26:56 368128 ----a-w- C:\Windows\System32\atmfd.dll
2013-10-09 06:26:56 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-10-09 06:26:55 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-10-09 06:26:55 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-10-09 06:26:55 41472 ----a-w- C:\Windows\System32\lpk.dll
2013-10-09 06:26:55 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-10-09 06:26:55 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2013-10-09 06:26:55 14336 ----a-w- C:\Windows\System32\dciman32.dll
2013-10-09 06:26:55 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2013-10-09 06:26:55 100864 ----a-w- C:\Windows\System32\fontsub.dll
2013-10-09 06:24:06 785624 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-10-09 06:20:50 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-09 05:50:49 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 05:50:49 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 05:50:48 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-10-09 05:50:47 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-10-09 05:46:53 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-10-09 05:46:53 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-10-09 05:46:53 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-10-09 05:46:52 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-10-09 05:46:52 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-10-09 05:46:52 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-10-09 05:46:52 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
.
==================== Find3M  ====================
.
2013-10-23 08:20:08 6669600 ----a-w- C:\Windows\System32\nvcpl.dll
2013-10-23 08:20:07 3489568 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-10-23 08:20:05 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-10-23 08:20:05 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-10-23 08:20:05 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-10-23 08:20:03 3426956 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-10-09 23:11:38 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 23:11:38 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-27 23:01:44 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2013-09-27 23:01:38 29984 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2013-09-27 23:01:38 28960 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2013-09-24 09:29:46 70112 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2013-09-24 09:25:40 343568 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2013-09-24 09:25:24 182752 ----a-w- C:\Windows\System32\mfevtps.exe
2013-09-24 09:22:48 781312 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2013-09-24 09:21:32 519192 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2013-09-24 09:20:28 310224 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2013-09-24 09:19:56 179664 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-19 22:38:30 10856 ----a-w- C:\Windows\System32\drivers\mfeclnrk.sys
2013-09-19 22:38:14 95984 ----a-w- C:\Windows\System32\drivers\mfencrk.sys
2013-09-19 22:37:56 390552 ----a-w- C:\Windows\System32\drivers\mfencbdc.sys
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-09 01:11:58 74560 ----a-w- C:\Windows\System32\drivers\McPvDrv.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
.
============= FINISH: 16:07:08.59 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:05 PM

Posted 01 November 2013 - 04:09 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  • I'll catch you tomorror sinice I need my sleep. :)

 

 

Regards,
Georgi


cXfZ4wS.png


#3 andyofmars

andyofmars
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 01 November 2013 - 04:21 AM

Thanks Georgi here's the FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by Andy (administrator) on ANDY-PC on 01-11-2013 20:17:52
Running from F:\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Leap Motion, Inc.) C:\Program Files (x86)\Leap Motion\Core Services\LeapSvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) c:\PROGRA~1\mcafee\vul\mcvulctr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Razer USA Ltd.) C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe
() C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
() C:\Program Files\Core Temp\Core Temp.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\PROGRA~1\COMMON~1\McAfee\Platform\mcuicnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2012-11-18] (Realtek Semiconductor)
HKLM\...\Run: [NetWorx] - C:\Program Files\NetWorx\networx.exe [5018832 2013-10-08] (SoftPerfect Research)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [DisplayFusion] - C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [4479944 2012-05-28] (Binary Fortress Software)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [BlazeServoTool] - C:\Program Files (x86)\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe [282624 2009-07-07] (BlazeVideo Company)
HKCU\...\Run: [Unified Remote v2] - C:\Program Files (x86)\Unified Remote\RemoteServer.exe [276568 2013-04-11] (Unified Intents AB)
HKCU\...\Run: [GoogleChromeAutoLaunch_D9C6B67A63EF2C294D4A204374B6A795] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [844752 2013-10-09] (Google Inc.)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
MountPoints2: G - G:\Autorun.exe
MountPoints2: {799df4d9-f71c-11e2-b3aa-f46d043d7c7b} - I:\HTC_Sync_Manager_PC.exe
MountPoints2: {9d55c1bf-2efb-11e2-b940-806e6f6e6963} - D:\Autorun.exe
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [43632 2012-11-18] ()
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-08-23] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Lycosa] - C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe [233984 2011-03-21] (Razer USA Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\Mcx1-ANDY-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-14] (Microsoft Corporation) <==== ATTENTION 
Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSIAfterburner.lnk
ShortcutTarget: MSIAfterburner.lnk -> C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe ()
Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB7B093DC0BE8CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKCU - DefaultScope {8822802B-DAB2-4C2D-9D52-7DFC44B4B914} URL = http://au.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {8822802B-DAB2-4C2D-9D52-7DFC44B4B914} URL = http://au.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com.au/
CHR Extension: (Google Drive) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (BigAir Community Broadband Usage Meter) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbhmdmdmfbaoegmcfdfemeppnbijpgkk\1.2_0
CHR Extension: (YouTube) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Calendar) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0
CHR Extension: (SiteAdvisor) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.3.1271_0
CHR Extension: (AdBlock) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0
CHR Extension: (Ads-free Grooveshark) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hafggjhmihflaeblhdhjpbdadcofgfaf\0.5.1_0
CHR Extension: (nCage) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnbmfljfohghaepamnfokgggaejlmfol\1.3_0
CHR Extension: (Wolfram|Alpha (Official)) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icncamkooinmbehmkeilcccmoljfkdhp\1.2.2_0
CHR Extension: (Illimitux) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mamnihopcnbfnbfnnneplcohmnkkpipb\1.0_0
CHR Extension: (Steam Theme) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcphcjcjgkjmbphkfjleamgkinaeebnm\1.1_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (4chan Plus) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj\3.0.0_0
CHR Extension: (Gmail) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
 
==================== Services (Whitelisted) =================
 
S3 DAUpdaterSvc; e:\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [25832 2011-07-20] (BioWare)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 LeapService; C:\Program Files (x86)\Leap Motion\Core Services\LeapSvc.exe [3413176 2013-07-27] (Leap Motion, Inc.)
R2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [121616 2013-10-02] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-09-24] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-07] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-09-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-09-24] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-09-24] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-18] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-04-13] ()
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [746392 2013-03-20] (Tunngle.net GmbH)
S3 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [4774208 2013-01-22] (RealVNC Ltd)
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{c5d3a5ee-0f1a-750e-3220-eb74b4d8fc8a}\   \...\???\{c5d3a5ee-0f1a-750e-3220-eb74b4d8fc8a}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
 
==================== Drivers (Whitelisted) ====================
 
S3 AF9035BDA; C:\Windows\System32\Drivers\AF9035BDA.sys [488832 2013-04-18] (AfaTech                  )
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-09-24] (McAfee, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-01-13] (DT Soft Ltd)
R3 GEARAspiWDM; C:\Windows\SysWow64\DRIVERS\GEARAspiWDM.sys [15664 2013-02-05] (GEAR Software Inc.)
R3 HidEmulator; C:\Windows\System32\DRIVERS\HidEmulator.sys [10480 2013-07-22] (Leap Motion, Inc.)
R3 HidEmulatorKmdf; C:\Windows\System32\DRIVERS\HidEmulatorKmdf.sys [24432 2013-07-22] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [28928 2010-09-08] (Razer USA Ltd.)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-09-24] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-09-24] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519192 2013-09-24] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [781312 2013-09-24] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [390552 2013-09-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [95984 2013-09-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-09-24] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
R1 networx; C:\Windows\System32\drivers\networx.sys [43392 2013-09-13] (NetFilterSDK.com)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2012-11-19] ()
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 ALSysIO; \??\C:\Users\Andy\AppData\Local\Temp\ALSysIO64.sys [x]
S3 MFE_RR; \??\C:\Users\Andy\AppData\Local\Temp\mfe_rr.sys [x]
S3 rm; \??\C:\Windows\system32\drivers\rm.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-01 20:17 - 2013-11-01 20:17 - 00000000 ____D C:\FRST
2013-11-01 16:07 - 2013-11-01 16:07 - 00026436 _____ C:\Users\Andy\Desktop\dds.txt
2013-11-01 16:07 - 2013-11-01 16:07 - 00014621 _____ C:\Users\Andy\Desktop\attach.txt
2013-10-30 21:59 - 2013-10-30 21:59 - 00000000 ____D C:\Users\Andy\AppData\Local\NVIDIA
2013-10-30 21:58 - 2013-10-30 21:58 - 00001347 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2013-10-30 21:18 - 2013-10-30 21:18 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-10-30 21:18 - 2013-10-18 12:36 - 01063200 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-10-30 21:18 - 2013-10-18 12:36 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-10-30 21:17 - 2013-10-30 21:17 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-10-30 21:17 - 2013-09-14 04:00 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Microsoft Help
2013-10-30 21:17 - 2009-07-14 15:54 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-10-30 21:17 - 2009-07-14 15:49 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-10-30 21:16 - 2013-10-23 21:30 - 30344480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-10-30 21:16 - 2013-10-23 21:30 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-10-30 21:16 - 2013-10-23 21:30 - 22933792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-10-30 21:16 - 2013-10-23 21:30 - 18199872 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-10-30 21:16 - 2013-10-23 21:30 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-10-30 21:16 - 2013-10-23 21:30 - 15855568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-10-30 21:16 - 2013-10-23 21:30 - 12572960 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-10-30 21:16 - 2013-10-23 21:30 - 11426568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-10-30 21:16 - 2013-10-23 21:30 - 11374520 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-10-30 21:16 - 2013-10-23 21:30 - 09524088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-10-30 21:16 - 2013-10-23 21:30 - 09480328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-10-30 21:16 - 2013-10-23 21:30 - 03131680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-10-30 21:16 - 2013-10-23 21:30 - 03124512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-10-30 21:16 - 2013-10-23 21:30 - 02946848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-10-30 21:16 - 2013-10-23 21:30 - 02747168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-10-30 21:16 - 2013-10-23 21:30 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433165.dll
2013-10-30 21:16 - 2013-10-23 21:30 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433165.dll
2013-10-30 21:16 - 2013-10-23 21:30 - 01241376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-10-30 21:16 - 2013-10-23 21:30 - 00696096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-10-30 21:16 - 2013-10-23 21:30 - 00655136 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-10-30 21:16 - 2013-10-23 21:30 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-10-30 21:16 - 2013-10-23 21:30 - 00560416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-10-30 21:16 - 2013-10-23 21:30 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-10-30 21:16 - 2013-10-23 21:30 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-10-30 21:16 - 2013-10-23 21:30 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-10-30 21:16 - 2013-10-23 21:30 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-10-30 21:16 - 2013-09-28 10:01 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-10-30 21:16 - 2013-09-28 10:01 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-10-30 21:16 - 2013-09-28 10:01 - 00028960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-10-30 21:16 - 2013-06-16 23:38 - 00196384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2013-10-30 21:16 - 2013-06-16 23:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2013-10-30 21:16 - 2013-01-29 19:35 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2013-10-29 21:35 - 2013-10-29 21:16 - 00008431 _____ C:\Users\Andy\Desktop\mpdata
2013-10-27 19:17 - 2013-10-27 19:34 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Bitcoin
2013-10-23 14:34 - 2013-10-23 14:34 - 00000000 ____D C:\ProgramData\SoftPerfect
2013-10-23 14:34 - 2013-10-23 14:34 - 00000000 ____D C:\Program Files\NetWorx
2013-10-23 14:34 - 2013-09-13 09:41 - 00043392 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\networx.sys
2013-10-23 03:02 - 2013-10-23 03:02 - 00589600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-10-19 13:52 - 2013-10-19 13:52 - 00000000 ____D C:\ProgramData\Oracle
2013-10-19 13:51 - 2013-10-19 13:51 - 00004821 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-19 13:51 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-19 13:51 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-19 13:51 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-19 13:51 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-17 19:29 - 2013-10-17 19:29 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-17 18:45 - 2013-10-17 18:45 - 00000000 ____D C:\Users\Andy\AppData\OICE_15_974FA576_32C1D314_9F3
2013-10-16 11:03 - 2013-10-16 11:03 - 00293512 _____ C:\Windows\Minidump\101613-6146-01.dmp
2013-10-13 20:39 - 2013-10-13 20:39 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModernRcon
2013-10-13 20:39 - 2013-10-13 20:39 - 00000000 ____D C:\Program Files (x86)\ModernRcon
2013-10-13 15:35 - 2013-10-13 15:39 - 00000000 ____D C:\Program Files (x86)\VentSrv
2013-10-11 09:51 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2013-10-10 18:49 - 2013-10-10 18:49 - 00000000 ____D C:\Users\Andy\AppData\OICE_15_974FA576_32C1D314_257D
2013-10-09 23:52 - 2013-09-23 10:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 23:52 - 2013-09-23 10:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 23:52 - 2013-09-23 10:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 23:52 - 2013-09-23 10:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 23:52 - 2013-09-23 10:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 23:52 - 2013-09-23 10:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 23:52 - 2013-09-23 10:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 23:52 - 2013-09-23 10:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 23:52 - 2013-09-23 10:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 23:52 - 2013-09-23 10:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 23:52 - 2013-09-23 10:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 23:52 - 2013-09-23 10:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 23:52 - 2013-09-23 10:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 23:52 - 2013-09-23 09:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 23:52 - 2013-09-23 09:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 23:52 - 2013-09-23 09:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-09 23:52 - 2013-09-23 09:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 23:52 - 2013-09-23 09:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 23:52 - 2013-09-23 09:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 23:52 - 2013-09-23 09:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 23:52 - 2013-09-23 09:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 23:52 - 2013-09-23 09:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 23:52 - 2013-09-23 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 23:52 - 2013-09-23 09:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-09 23:52 - 2013-09-23 09:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-09 23:52 - 2013-09-23 09:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 23:52 - 2013-09-23 09:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-09 23:52 - 2013-09-21 14:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 23:52 - 2013-09-21 14:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 23:52 - 2013-09-21 13:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-09 23:52 - 2013-09-21 13:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 17:48 - 2013-07-04 23:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 17:48 - 2013-07-04 22:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 17:26 - 2013-06-06 16:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 17:26 - 2013-06-06 16:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 17:26 - 2013-06-06 16:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 17:26 - 2013-06-06 16:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 17:26 - 2013-06-06 15:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 17:26 - 2013-06-06 15:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 17:26 - 2013-06-06 15:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 17:26 - 2013-06-06 14:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 17:26 - 2013-06-06 14:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 17:26 - 2013-06-06 14:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 17:24 - 2013-06-26 09:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 17:23 - 2013-09-14 12:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 17:23 - 2013-09-08 13:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 17:23 - 2013-09-08 13:27 - 00327168 _____ C:\Windows\system32\mswsock.dll
2013-10-09 17:23 - 2013-09-08 13:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 17:23 - 2013-07-12 21:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 17:23 - 2013-07-12 21:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 17:23 - 2013-07-12 21:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-09 17:23 - 2013-07-04 23:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 17:23 - 2013-07-04 23:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 17:23 - 2013-07-04 22:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 17:23 - 2013-07-04 22:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 17:23 - 2013-07-04 21:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 17:23 - 2013-07-03 15:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 17:23 - 2013-07-03 15:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 17:20 - 2013-08-28 12:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 17:10 - 2013-08-29 13:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 17:10 - 2013-08-29 13:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 17:10 - 2013-08-29 13:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 17:10 - 2013-08-29 13:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-09 17:10 - 2013-08-29 13:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 17:10 - 2013-08-29 12:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 17:10 - 2013-08-29 12:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 17:10 - 2013-08-29 12:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 17:10 - 2013-08-29 12:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 17:10 - 2013-08-29 12:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 17:10 - 2013-08-29 12:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 17:10 - 2013-08-29 11:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 17:10 - 2013-08-29 11:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 17:10 - 2013-08-29 11:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 17:10 - 2013-08-29 11:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 16:50 - 2013-08-28 12:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 16:50 - 2013-08-01 23:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 16:50 - 2013-07-20 21:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 16:50 - 2013-07-20 21:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 16:46 - 2013-09-04 23:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 16:46 - 2013-09-04 23:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 16:46 - 2013-09-04 23:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 16:46 - 2013-09-04 23:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 16:46 - 2013-09-04 23:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 16:46 - 2013-09-04 23:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 16:46 - 2013-09-04 23:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
 
==================== One Month Modified Files and Folders =======
 
2013-11-01 20:17 - 2013-11-01 20:17 - 00000000 ____D C:\FRST
2013-11-01 20:10 - 2012-11-18 10:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-01 20:05 - 2012-11-18 12:46 - 00000000 ____D C:\Users\Andy\AppData\Roaming\DisplayFusion
2013-11-01 19:27 - 2013-07-16 08:21 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce81a1500308ae.job
2013-11-01 19:27 - 2012-11-18 11:06 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-01 17:51 - 2013-09-28 23:12 - 00004950 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Andy-PC-Andy Andy-PC
2013-11-01 17:42 - 2012-11-16 10:00 - 01412157 _____ C:\Windows\WindowsUpdate.log
2013-11-01 16:07 - 2013-11-01 16:07 - 00026436 _____ C:\Users\Andy\Desktop\dds.txt
2013-11-01 16:07 - 2013-11-01 16:07 - 00014621 _____ C:\Users\Andy\Desktop\attach.txt
2013-11-01 16:06 - 2012-11-18 13:01 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Skype
2013-11-01 15:55 - 2009-07-14 15:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-01 15:55 - 2009-07-14 15:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-01 15:06 - 2009-07-14 16:13 - 00783164 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-01 15:05 - 2012-11-18 11:57 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2013-11-01 15:04 - 2012-12-16 21:11 - 00086226 _____ C:\Windows\setupact.log
2013-11-01 15:04 - 2012-11-18 10:17 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2013-11-01 10:01 - 2013-04-03 15:48 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-01 10:01 - 2012-12-19 11:20 - 00050504 _____ C:\Windows\PFRO.log
2013-11-01 10:01 - 2009-07-14 16:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-31 22:48 - 2012-11-18 12:21 - 00003018 _____ C:\Windows\System32\Tasks\MSIAfterburner
2013-10-31 22:47 - 2013-02-11 13:56 - 00000000 ____D C:\Users\Andy\AppData\Roaming\DC++
2013-10-31 22:47 - 2013-02-11 13:56 - 00000000 ____D C:\Users\Andy\AppData\Local\DC++
2013-10-31 11:28 - 2012-11-18 18:58 - 00000000 ____D C:\Users\Andy\AppData\Roaming\vlc
2013-10-30 21:59 - 2013-10-30 21:59 - 00000000 ____D C:\Users\Andy\AppData\Local\NVIDIA
2013-10-30 21:59 - 2012-11-18 13:00 - 00000000 ____D C:\Users\Andy\AppData\Roaming\BitTorrent
2013-10-30 21:58 - 2013-10-30 21:58 - 00001347 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2013-10-30 21:18 - 2013-10-30 21:18 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-10-30 21:18 - 2013-04-03 15:48 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-10-30 21:18 - 2012-11-18 09:48 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-10-30 21:18 - 2012-11-18 09:47 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-10-30 21:17 - 2013-10-30 21:17 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-10-29 22:24 - 2012-11-18 11:06 - 00000000 ____D C:\Users\Andy\AppData\Local\Google
2013-10-29 22:24 - 2012-11-18 11:06 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-29 21:16 - 2013-10-29 21:35 - 00008431 _____ C:\Users\Andy\Desktop\mpdata
2013-10-29 09:49 - 2009-07-14 16:08 - 00032540 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-27 19:34 - 2013-10-27 19:17 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Bitcoin
2013-10-26 18:36 - 2012-11-18 18:28 - 00000000 ____D C:\Users\Andy\AppData\Local\Paint.NET
2013-10-23 21:30 - 2013-10-30 21:16 - 30344480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-10-23 21:30 - 2013-10-30 21:16 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-10-23 21:30 - 2013-10-30 21:16 - 22933792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-10-23 21:30 - 2013-10-30 21:16 - 18199872 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-10-23 21:30 - 2013-10-30 21:16 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-10-23 21:30 - 2013-10-30 21:16 - 15855568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-10-23 21:30 - 2013-10-30 21:16 - 12572960 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-10-23 21:30 - 2013-10-30 21:16 - 11426568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-10-23 21:30 - 2013-10-30 21:16 - 11374520 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-10-23 21:30 - 2013-10-30 21:16 - 09524088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-10-23 21:30 - 2013-10-30 21:16 - 09480328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-10-23 21:30 - 2013-10-30 21:16 - 03131680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-10-23 21:30 - 2013-10-30 21:16 - 03124512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-10-23 21:30 - 2013-10-30 21:16 - 02946848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-10-23 21:30 - 2013-10-30 21:16 - 02747168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-10-23 21:30 - 2013-10-30 21:16 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433165.dll
2013-10-23 21:30 - 2013-10-30 21:16 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433165.dll
2013-10-23 21:30 - 2013-10-30 21:16 - 01241376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-10-23 21:30 - 2013-10-30 21:16 - 00696096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-10-23 21:30 - 2013-10-30 21:16 - 00655136 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-10-23 21:30 - 2013-10-30 21:16 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-10-23 21:30 - 2013-10-30 21:16 - 00560416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-10-23 21:30 - 2013-10-30 21:16 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-10-23 21:30 - 2013-10-30 21:16 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-10-23 21:30 - 2013-10-30 21:16 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-10-23 21:30 - 2013-10-30 21:16 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-10-23 21:30 - 2013-04-03 15:48 - 18286416 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-10-23 21:30 - 2013-04-03 15:48 - 01435504 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-10-23 21:30 - 2013-04-03 15:48 - 00023287 _____ C:\Windows\system32\nvinfo.pb
2013-10-23 21:30 - 2013-04-03 15:47 - 15212336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-10-23 21:30 - 2013-04-03 15:47 - 03067560 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-10-23 21:30 - 2013-04-03 15:47 - 02695200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-10-23 21:30 - 2012-11-18 09:48 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2013-10-23 21:30 - 2012-11-18 09:48 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2013-10-23 19:20 - 2013-04-03 15:48 - 06669600 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-10-23 19:20 - 2013-04-03 15:48 - 03489568 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-10-23 19:20 - 2013-04-03 15:48 - 03426956 _____ C:\Windows\system32\nvcoproc.bin
2013-10-23 19:20 - 2013-04-03 15:48 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-10-23 19:20 - 2013-04-03 15:48 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-10-23 19:20 - 2013-04-03 15:48 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-10-23 14:34 - 2013-10-23 14:34 - 00000000 ____D C:\ProgramData\SoftPerfect
2013-10-23 14:34 - 2013-10-23 14:34 - 00000000 ____D C:\Program Files\NetWorx
2013-10-23 03:02 - 2013-10-23 03:02 - 00589600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-10-20 11:49 - 2013-01-17 13:22 - 00000000 ____D C:\Users\Andy\AppData\Local\SKIDROW
2013-10-20 11:48 - 2012-11-18 11:58 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-10-19 13:52 - 2013-10-19 13:52 - 00000000 ____D C:\ProgramData\Oracle
2013-10-19 13:51 - 2013-10-19 13:51 - 00004821 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-19 13:51 - 2012-12-09 10:34 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-18 12:36 - 2013-10-30 21:18 - 01063200 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-10-18 12:36 - 2013-10-30 21:18 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-10-17 19:29 - 2013-10-17 19:29 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-17 18:45 - 2013-10-17 18:45 - 00000000 ____D C:\Users\Andy\AppData\OICE_15_974FA576_32C1D314_9F3
2013-10-16 11:03 - 2013-10-16 11:03 - 00293512 _____ C:\Windows\Minidump\101613-6146-01.dmp
2013-10-16 11:03 - 2013-02-13 16:37 - 697631534 _____ C:\Windows\MEMORY.DMP
2013-10-16 11:03 - 2012-11-19 12:51 - 00000000 ____D C:\Windows\Minidump
2013-10-13 23:47 - 2013-02-11 16:40 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-13 20:39 - 2013-10-13 20:39 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModernRcon
2013-10-13 20:39 - 2013-10-13 20:39 - 00000000 ____D C:\Program Files (x86)\ModernRcon
2013-10-13 15:45 - 2013-08-25 14:07 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-10-13 15:39 - 2013-10-13 15:35 - 00000000 ____D C:\Program Files (x86)\VentSrv
2013-10-13 13:33 - 2013-03-05 18:49 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-10-12 12:14 - 2009-07-14 16:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-10-12 03:01 - 2013-07-28 23:07 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 19:22 - 2013-07-16 08:21 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1ce81a1500308ae
2013-10-11 19:22 - 2012-11-18 11:06 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-11 09:45 - 2012-11-18 10:08 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-10-10 18:49 - 2013-10-10 18:49 - 00000000 ____D C:\Users\Andy\AppData\OICE_15_974FA576_32C1D314_257D
2013-10-10 12:14 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\rescache
2013-10-10 10:11 - 2012-11-18 10:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-10 10:11 - 2012-11-18 10:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-10 10:11 - 2012-11-18 10:28 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-10 08:47 - 2009-07-14 15:45 - 00435008 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-09 23:51 - 2013-04-12 21:48 - 00768822 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-08 07:50 - 2013-10-19 13:51 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-08 07:46 - 2013-10-19 13:51 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-08 07:46 - 2013-10-19 13:51 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-08 07:46 - 2013-10-19 13:51 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-03 12:01 - 2013-06-06 12:16 - 00000000 ____D C:\ProgramData\TrackMania
 
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
 
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
 
Files to move or delete:
====================
ZeroAccess:
C:\Users\Andy\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
C:\ProgramData\hash.dat
C:\Users\Andy\lwjgl64.dll
C:\Users\Andy\OpenAL64.dll
 
 
Some content of TEMP:
====================
C:\Users\Andy\AppData\Local\Temp\DevSetup32.dll
C:\Users\Andy\AppData\Local\Temp\DevSetup64.dll
C:\Users\Andy\AppData\Local\Temp\DriverInstall32.exe
C:\Users\Andy\AppData\Local\Temp\DriverInstall64.exe
C:\Users\Andy\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Andy\AppData\Local\Temp\drm_dyndata_7330014.dll
C:\Users\Andy\AppData\Local\Temp\drm_dyndata_7380007.dll
C:\Users\Andy\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Andy\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\Andy\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Andy\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Andy\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Andy\AppData\Local\Temp\LeapUpdate.exe
C:\Users\Andy\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Andy\AppData\Local\Temp\nvStInst.exe
C:\Users\Andy\AppData\Local\Temp\ose00001.exe
C:\Users\Andy\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Andy\AppData\Local\Temp\sonarinst.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
 
 
LastRegBack: 2013-10-31 09:59
 
==================== End Of Log ============================

Attached Files



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:05 PM

Posted 02 November 2013 - 06:07 PM

Hello,

 

I am sorry about the delay. I was in place with no internet connection...

 

Next please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#5 andyofmars

andyofmars
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 02 November 2013 - 08:32 PM

I ran the FRST program, it went unresponsive for a while then restarted. It is saying that the post is too long when I only post a third of the log, I would have to post it in at least 6 messages for it to fit.

 



#6 andyofmars

andyofmars
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 02 November 2013 - 08:34 PM

I zipped the log file I hope thats alright, sorry for the inconvenience.

Attached Files



#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:05 PM

Posted 03 November 2013 - 04:04 AM

Hi,

 

Great work. Can you please rerun FRST and click on the Scan button. Attach the resulting log to your next reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#8 andyofmars

andyofmars
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 03 November 2013 - 04:17 AM

Heres the scan log

Attached Files

  • Attached File  FRST.txt   50.03KB   2 downloads


#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:05 PM

Posted 03 November 2013 - 05:13 AM

Hi,

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

Next let's check for leftovers.

The most of them should take no more than 5 minutes each.

 

 

 

STEP 1

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
     
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.



STEP 2




  • Please download RogueKiller.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3



Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    JtwHB.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.



STEP 4




  • Please download the newest version of Malwarebytes' Anti-Malware and install it.
  • Please start the application by double-click on it's icon.
  • Once the program has loaded go to the UPDATE tab and check for updates.
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Please save it to a convenient location and copy and past the results at pastebin.com and post the link to the log in your next reply.




STEP 5



Please download Farbar Service Scanner and run it on the computer with the issue.


  • Make sure that all options are checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#10 andyofmars

andyofmars
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 03 November 2013 - 06:30 AM

Hi Georgi,

 

Here are the links to the Logs

 

FRST: http://pastebin.com/0jQ4wJ2P

 

RKill: http://pastebin.com/8S9F7WF7

 

RogueKiller: http://pastebin.com/Zym4Fys8

 

TDSSKiller: http://pastebin.com/sK5qmdQH

 

MalwareBytes: http://pastebin.com/KsRR9us5

 

Farbar: http://pastebin.com/rzK35EF9

 

I think thats all of them, when I ran RKill it listed about ten registry entries, but I did not delete them or do anything, just closed the program and saved the log.



#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:05 PM

Posted 03 November 2013 - 08:54 PM

Next let's try to fix the broken services.


Backup Your Registry

 


 

Now download the following files and save them to your desktop:

mpsdrv.reg

 

BFE.reg

 

iphlpsvc.reg

 

MpsSvc.reg

 

PcaSvc.reg

 

PolicyAgent.reg

 

RemoteAccess.reg

 

WinDefend.reg

 

wscsvc.reg

 

SharedAccess.reg

Now double click on each of them one by one. An information box will pop up asking if you want to merge the information in the file into the registry, click YES.

 

  • Next please download the ESET ServicesRepair utility and save it to your Desktop.
  • Double-click ServicesRepair.exe to run the ESET ServicesRepair utility.
  • If you are using User Access Control, click Run when prompted and then click Yes when asked to allow changes.
  • Reboot the computer and then please attach fresh logs from the following 2 tools - RKILL and Farbar Service Scanner.

 

Also did you install a theme by any chance because some of the system files are patched:

 

Searching for Missing Digital Signatures:
 
 * C:\Windows\System32\dwm.exe : 123,392 : 05/08/2009 09:55 AM : d31c99073fcdfb2b7b22365c262d0d9d [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.1.7601.17514_none_ebc99983d3d18578\dwm.exe : 120,320 : 07/14/2009 12:39 AM : f162d5f5e845b9dc352dd1bad8cef1bc [Pos Repl]
 
 * C:\Windows\System32\UxTheme.dll : 332,288 : 12/29/2012 04:59 PM : 8bf20c54ffb37cfb960f708ffa813fa7 [NoSig]
 +-> C:\Windows\SysWOW64\uxtheme.dll : 245,760 : 07/14/2009 12:11 AM : 43964fa89ccf97ba6be34d69455ac65f [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_01d98c7b2040a1b9\uxtheme.dll : 332,288 : 07/14/2009 12:41 AM : d29e998e8277666982b4f0303bf4e7af [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_0c2e36cd54a163b4\uxtheme.dll : 245,760 : 07/14/2009 12:11 AM : 43964fa89ccf97ba6be34d69455ac65f [Pos Repl]

 

We can restore the original files from the strore but you will probably lose any visual style changes made.

 

Also are you sure that you checked everything prior the scan with Farbar Service Scanner?

 

 

 

Regards,

Georgi


cXfZ4wS.png


#12 andyofmars

andyofmars
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 04 November 2013 - 01:03 AM

Thanks Georgi,

 

Here are the links to the RKill and FSS scan logs. This time I did check all the boxes prior to scanning with FSS. And yes I do have a theme installed, but I am not fussed if I have to reinstall it afterwards. I have noticed that McAfee firewall is still regularly being turned off, is this because of the disabled services, or because there is still some form of virus infection? I havent noticed it come up since I restarted after running the last FSS scan though.

 

RKill: http://pastebin.com/8d4Phe6t

 

FSS: http://pastebin.com/czz6qnU6



#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:05 PM

Posted 04 November 2013 - 05:20 AM

Hi,

 

Now download the following file and save it to your desktop:

fix.reg

 

Now double click on each of them one by one. An information box will pop up asking if you want to merge the information in the file into the registry, click YES.

 

Also I don't recommend using themes that patch system files in order to run... Check this out:

 

http://www.thebloggieman.com/2013/07/uxstyle-use-custom-themes-without-patching-system-files.html

 

 

 

Please click Start Menu > All Programs > Accessories, right click on Command Prompt and select "Run as administrator".

Copy/paste the following text at the command prompt and press enter after each line:

sfc.exe /scanfile=c:\windows\system32\dwm.exe

 

sfc.exe /scanfile=c:\windows\system32\UxTheme.dll

findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

A txt file named sfcdetails.txt should appear on the desktop.

Upload it here and post the link to the log in your next reply.

Reboot the computer in order the changes to take effect.

 

 

 

Also please download Windows Repair (all in one) from here

Install the program then go to step 4 and create a new system restore point and new registry backup.

step-4-tab.jpg

On the the Start Repairs tab => Click the Start

start-repairs-tab.jpg

Click on the Select All button and then click on Start

7fthj.png

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure.

Post new log from Rkill and Farbar Service Scanner.

 

 

 

have noticed that McAfee firewall is still regularly being turned off, is this because of the disabled services, or because there is still some form of virus infection?

 

Hmm the DDS log show that Mcafee is enabled:

 

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

 

Did you try to change the services status from here:

 

In the Start menu search box, type in services.msc. Look for the following services:

 

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [121616 2013-10-02] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-09-24] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-07] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-09-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-09-24] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-09-24] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-09-24] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-09-24] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-09-24] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519192 2013-09-24] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [781312 2013-09-24] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [390552 2013-09-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [95984 2013-09-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-09-24] (McAfee, Inc.)

 

Right-click on each of them one by one  and select properties and change their Startup type to Automatic then hit apply and restart the computer or reinstall McAfee to see if that would fix this issue.

 

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 04 November 2013 - 05:39 PM.
typo.

cXfZ4wS.png


#14 andyofmars

andyofmars
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 04 November 2013 - 10:54 PM

Hi Georgi,

 

when I ran sfc.exe /scanfile=c:\windows\system32\dwm.exe  it came up with the message "Windows Resource Protection could not perform the requested operation" The other two commands seem to have executed correctly though. Here is the link to the sfcdetails: http://pastebin.com/VpSMN7HR

 

I ran that scan and then ran Rkill and FSS again, here are the logs:

 

RKill: http://pastebin.com/eVsthwmF

 

FSS: http://pastebin.com/mTEsMvkd

 

I had a look through the services but could not find entries for most of those that you have listed, I did check that most services relating to McAfee or the firewall were on automatic. I will reinstall McAfee tonight.



#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:05 PM

Posted 05 November 2013 - 04:28 AM

Hello,

 

Before I try to copy the missing files back in the store:

 

2013-11-05 09:43:24, Error                 CSI    00000009 (F) [SR] Component not found: Microsoft-Windows-DesktopWindowManager-Core, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral[gle=0x80004005]

 

 

 

I need to check something else. In the meantime let's replace the file manually then.

 

 

 

Next please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

Also let me know if you were able to resolve the issues with McAfee.

 

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 05 November 2013 - 04:29 AM.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users