Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 No boot after Combofix: Audio Advertisements, Random Reboots, scanned with everything


  • This topic is locked This topic is locked
10 replies to this topic

#1 Capp-Ware

Capp-Ware

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 03 January 2014 - 03:40 PM

I've been doing computer clean-up for many, many years and have successfully used ComboFix dozens of times with no problems.

However.

I've been working on this computer for a couple of days. Got a little rootkit that nothing would remove. Tried malwarebytes, TDSS, Sophos, Eset, Spybot, and so on.

So combofix was the next step.

 

Windows 7 64-Bit

 

It started successfully, and as soon as it said creating system restore point, it rebooted. Whether it was the malware or combofix that rebooted it, I am not certain. But afterwards, as soon as the Windows logo would come up, it would go to a black screen as if it was loading, I could see the mouse cursor, but couldn't move it. it would never go past that.

 

booting to safe mode allowed me to move the mouse, but still the same black screen. Tried Last known config. nothing.

 

Ran Frst64 and below is the log from the scan.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2014
Ran by SYSTEM on MININT-JOPVD7H on 03-01-2014 12:25:58
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM\...\Run: [LogMeIn GUI] - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2010-09-17] (LogMeIn, Inc.)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [6330568 2013-03-21] (ESET)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2273056 2013-11-29] (NVIDIA Corporation)
HKLM\...\Run: [combofix] - C:\ComboFix\CF15587.3XE [344576 2009-07-13] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Display] - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe [271736 2010-09-14] (American Power Conversion Corporation)
HKLM-x32\...\Run: [AgentUiRunKey] - C:\Program Files (x86)\Remote Data Backups\Agent.exe [287744 2011-09-21] (Autonomy Corporation plc)
HKLM\...\RunOnce: [combofix] - C:\ComboFix\CF15587.3XE /c C:\ComboFixCombobatch.bat [344576 2009-07-13] (Microsoft Corporation)
HKLM\...\runonceex: [flags] - 8
IFEO\ehshell.exe: [Debugger] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect

==================== Services (Whitelisted) =================

S2 AgentService; C:\Program Files (x86)\Remote Data Backups\AgentService.exe [7632288 2011-09-21] (Autonomy Corporation plc)
S2 APC Data Service; C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe [21880 2010-09-14] (American Power Conversion Corporation)
S2 APC UPS Service; C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe [705912 2010-09-14] (American Power Conversion Corporation)
S3 CrossLoopService; C:\Users\Andy\AppData\Local\CrossLoop\CrossLoopService.exe [560880 2011-04-07] (CrossLoop Inc)
S2 Diskeeper; C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe [2721656 2012-06-29] (Condusiv Technologies)
S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1341664 2013-03-21] (ESET)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2013-12-17] (LogMeIn, Inc.)
S2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2013-12-17] (LogMeIn, Inc.)
S2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2010-11-08] (LogMeIn, Inc.)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912 2013-11-29] (NVIDIA Corporation)
S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15128352 2013-11-29] (NVIDIA Corporation)
S3 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-30] ()
S3 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [214392 2013-12-12] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S3 SophosVirusRemovalTool; C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [151848 2013-11-06] (Sophos Limited)
S3 tvnserver; C:\Users\Andy\AppData\Local\CrossLoop\tvnserver.exe [814080 2010-07-21] (GlavSoft LLC.)
S2 DcomLaunch; %SystemRoot%\system32\rpcss.dll [x]
S2 RpcSs; %SystemRoot%\system32\rpcss.dll [x]

==================== Drivers (Whitelisted) ====================

S3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [52048 2012-06-18] (Condusiv Technologies)
S0 DKTLFSMF; C:\Windows\System32\drivers\DKTLFSMF.sys [106832 2012-06-07] (Condusiv Technologies)
S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-08-29] (UB658)
S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [139768 2013-01-10] (ESET)
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2013-07-11] (Echobit, LLC)
S3 evserial; C:\Windows\System32\DRIVERS\evserial.sys [67072 2008-05-19] (ELTIMA Software)
S3 hcwhdpvr; C:\Windows\System32\DRIVERS\hcwhdpvr.sys [192072 2012-09-12] (Hauppauge, Inc.)
S2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-27] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
S2 LV_Tracker; C:\Windows\System32\DRIVERS\LV_Tracker64.sys [54824 2010-04-22] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-10-30] (NVIDIA Corporation)
S3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [46648 2011-10-29] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [45624 2011-10-29] (Printing Communications Assoc., Inc. (PCAUSA))
S3 VSBC; C:\Windows\System32\DRIVERS\evsbc.sys [32768 2008-05-19] (ELTIMA Software)
S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-03 12:19 - 2014-01-03 12:19 - 00000000 ____D C:\FRST
2014-01-03 12:09 - 2014-01-03 12:09 - 00001070 _____ C:\Windows\PFRO.log
2014-01-03 11:57 - 2014-01-03 11:57 - 00003290 _____ C:\Users\Andy\Desktop\Rkill.txt
2014-01-03 11:32 - 2014-01-03 11:38 - 00000000 ___SD C:\ComboFix
2014-01-03 11:32 - 2014-01-03 11:32 - 00000000 ____D C:\Qoobox
2014-01-03 11:32 - 2011-06-26 00:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-03 11:32 - 2010-11-07 11:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-03 11:32 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-03 11:32 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-03 11:32 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-03 11:32 - 2000-08-30 18:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-03 11:32 - 2000-08-30 18:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-03 11:32 - 2000-08-30 18:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-03 11:31 - 2014-01-03 11:38 - 00000000 ____D C:\Windows\erdnt
2014-01-03 11:30 - 2014-01-03 11:30 - 02991832 _____ (ESET) C:\Users\Andy\Downloads\ERARemover_x64.exe
2014-01-03 11:06 - 2009-06-10 15:00 - 00000824 _____ C:\Windows\System32\Drivers\etc\hosts.20140103-110636.backup
2014-01-03 11:04 - 2014-01-03 11:19 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-03 11:04 - 2014-01-03 11:05 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2014-01-03 11:03 - 2014-01-03 11:04 - 16409960 _____ (Safer Networking Limited                                    ) C:\Users\Andy\Downloads\spybotsd162.exe
2014-01-03 10:09 - 2014-01-03 11:22 - 00000112 _____ C:\Windows\setupact.log
2014-01-03 10:09 - 2014-01-03 10:09 - 00000000 _____ C:\Windows\setuperr.log
2014-01-03 09:22 - 2014-01-03 09:22 - 01059064 _____ (Bleeping Computer, LLC) C:\Users\Andy\Downloads\rkill64.exe
2014-01-03 08:29 - 2014-01-03 12:04 - 00000000 ____D C:\AdwCleaner
2014-01-03 08:26 - 2014-01-03 11:26 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-01-03 08:24 - 2014-01-03 08:24 - 05160282 ____R (Swearware) C:\Users\Andy\Downloads\ComboFix.exe
2014-01-03 08:23 - 2014-01-03 08:23 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Andy\Downloads\rkill.exe
2014-01-03 08:23 - 2014-01-03 08:23 - 01233962 _____ C:\Users\Andy\Downloads\AdwCleaner.exe
2014-01-03 08:20 - 2014-01-03 08:23 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Andy\Downloads\tdsskiller.exe
2014-01-02 23:20 - 2014-01-02 23:20 - 00481487 _____ C:\Users\Andy\SysInspector-ANDYPC-140102-2318.zip
2014-01-02 22:48 - 2014-01-02 22:48 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Wireshark
2014-01-02 22:43 - 2014-01-02 22:43 - 00000000 ____D C:\Program Files\Wireshark
2014-01-02 22:41 - 2014-01-02 22:41 - 27981224 _____ (Wireshark development team) C:\Users\Andy\Downloads\Wireshark-win64-1.10.5.exe
2014-01-02 20:15 - 2014-01-02 22:38 - 00000000 ____D C:\Program Files (x86)\Cain
2014-01-02 20:12 - 2014-01-02 20:15 - 08049726 _____ C:\Users\Andy\Downloads\CaneAble.exe
2014-01-02 19:06 - 2014-01-02 19:06 - 00000000 ____D C:\ProgramData\Sophos
2014-01-02 19:06 - 2014-01-02 19:06 - 00000000 ____D C:\Program Files (x86)\Sophos
2014-01-02 19:03 - 2014-01-03 10:13 - 00020167 _____ C:\Windows\WindowsUpdate.log
2014-01-02 18:47 - 2014-01-02 18:47 - 00002066 _____ C:\Users\Andy\TWC.txt
2014-01-02 00:32 - 2014-01-02 00:44 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-02 00:32 - 2014-01-02 00:32 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-01-01 23:44 - 2014-01-01 23:44 - 00037376 _____ C:\Windows\System32\qxkm.fev
2014-01-01 23:34 - 2014-01-03 11:53 - 00000087 _____ C:\Windows\System32\aiadorc.zbd
2014-01-01 23:33 - 2014-01-01 23:44 - 00000095 _____ C:\Windows\System32\sbeyw.wvw
2014-01-01 23:33 - 2014-01-01 23:33 - 00000064 _____ C:\Windows\System32\ddpb.aay
2014-01-01 23:18 - 2014-01-01 23:18 - 00219314 ____S C:\Windows\System32\rsvm.blx
2013-12-30 19:05 - 2013-12-30 19:05 - 00001466 _____ C:\Users\Andy\Downloads\sg_backup_2013-12-30-1905.spg
2013-12-24 23:18 - 2013-12-24 23:18 - 00007252 _____ C:\Users\Andy\.recently-used.xbel
2013-12-21 15:28 - 2013-12-21 15:28 - 00312744 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-12-21 15:28 - 2013-12-21 15:28 - 00189352 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-12-21 15:28 - 2013-12-21 15:28 - 00189352 _____ (Oracle Corporation) C:\Windows\System32\java.exe
2013-12-21 15:28 - 2013-12-21 15:28 - 00108968 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-12-21 14:43 - 2013-12-21 14:43 - 00120832 _____ (Remote Data Backups) C:\Users\Andy\DBrefresh.exe
2013-12-21 14:34 - 2013-12-21 14:34 - 04095448 _____ (BrightFort LLC                                              ) C:\Users\Andy\Downloads\spywareblastersetup50.exe
2013-12-21 14:34 - 2013-12-21 14:34 - 00000000 ____D C:\ProgramData\Licenses
2013-12-19 22:15 - 2013-12-19 22:15 - 00203160 _____ C:\Users\Andy\Documents\Track 1 - 7.sfk
2013-12-19 22:10 - 2013-12-19 22:15 - 51995614 _____ C:\Users\Andy\Documents\Track 1 - 7.wav
2013-12-19 22:10 - 2013-12-19 22:10 - 00004024 _____ C:\Users\Andy\Documents\Track 1 - 6.sfk
2013-12-19 22:09 - 2013-12-19 22:10 - 01015062 _____ C:\Users\Andy\Documents\Track 1 - 6.wav
2013-12-10 22:13 - 2013-12-10 22:13 - 01759094 _____ C:\Users\Andy\Documents\Track 3 - 19.wav
2013-12-10 22:13 - 2013-12-10 22:13 - 00006928 _____ C:\Users\Andy\Documents\Track 3 - 19.sfk
2013-12-10 22:03 - 2013-12-10 22:03 - 03326890 _____ C:\Users\Andy\Documents\Track 3 - 17.wav
2013-12-10 22:03 - 2013-12-10 22:03 - 01972430 _____ C:\Users\Andy\Documents\Track 3 - 18.wav
2013-12-10 22:03 - 2013-12-10 22:03 - 00016704 _____ C:\Users\Andy\Documents\Track 3 - 16.sfk
2013-12-10 22:03 - 2013-12-10 22:03 - 00013048 _____ C:\Users\Andy\Documents\Track 3 - 17.sfk
2013-12-10 22:03 - 2013-12-10 22:03 - 00007760 _____ C:\Users\Andy\Documents\Track 3 - 18.sfk
2013-12-10 22:02 - 2013-12-10 22:03 - 04261538 _____ C:\Users\Andy\Documents\Track 3 - 16.wav
2013-12-10 22:02 - 2013-12-10 22:02 - 02455286 _____ C:\Users\Andy\Documents\Track 3 - 15.wav
2013-12-10 22:02 - 2013-12-10 22:02 - 00009648 _____ C:\Users\Andy\Documents\Track 3 - 15.sfk
2013-12-10 22:02 - 2013-12-10 22:02 - 00003640 _____ C:\Users\Andy\Documents\Track 3 - 14.sfk
2013-12-10 22:01 - 2013-12-10 22:02 - 00917686 _____ C:\Users\Andy\Documents\Track 3 - 14.wav
2013-12-10 22:01 - 2013-12-10 22:01 - 02340062 _____ C:\Users\Andy\Documents\Track 3 - 13.wav
2013-12-10 22:01 - 2013-12-10 22:01 - 00027568 _____ C:\Users\Andy\Documents\Track 3 - 12.sfk
2013-12-10 22:01 - 2013-12-10 22:01 - 00009200 _____ C:\Users\Andy\Documents\Track 3 - 13.sfk
2013-12-10 22:00 - 2013-12-10 22:01 - 07042346 _____ C:\Users\Andy\Documents\Track 3 - 12.wav
2013-12-10 22:00 - 2013-12-10 22:00 - 00014176 _____ C:\Users\Andy\Documents\Track 3 - 11.sfk
2013-12-10 21:59 - 2013-12-10 22:00 - 03614866 _____ C:\Users\Andy\Documents\Track 3 - 11.wav
2013-12-10 21:59 - 2013-12-10 21:59 - 00007264 _____ C:\Users\Andy\Documents\Track 3 - 10.sfk
2013-12-10 21:58 - 2013-12-10 21:59 - 01846310 _____ C:\Users\Andy\Documents\Track 3 - 10.wav
2013-12-10 21:58 - 2013-12-10 21:58 - 00012376 _____ C:\Users\Andy\Documents\Track 3 - 9.sfk
2013-12-10 21:57 - 2013-12-10 21:58 - 03153490 _____ C:\Users\Andy\Documents\Track 3 - 9.wav
2013-12-09 08:29 - 2013-10-30 11:03 - 00039200 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad64v.sys
2013-12-09 08:29 - 2013-10-30 11:02 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-12-07 16:34 - 2013-12-07 16:34 - 00000192 _____ C:\Windows\SysWOW64\PowerChute Technical Data.txt

==================== One Month Modified Files and Folders =======

2014-01-03 12:32 - 2011-08-06 14:18 - 00000000 ____D C:\Program Files (x86)\Remote Data Backups
2014-01-03 12:19 - 2014-01-03 12:19 - 00000000 ____D C:\FRST
2014-01-03 12:09 - 2014-01-03 12:09 - 00001070 _____ C:\Windows\PFRO.log
2014-01-03 12:04 - 2014-01-03 08:29 - 00000000 ____D C:\AdwCleaner
2014-01-03 11:57 - 2014-01-03 11:57 - 00003290 _____ C:\Users\Andy\Desktop\Rkill.txt
2014-01-03 11:53 - 2014-01-01 23:34 - 00000087 _____ C:\Windows\System32\aiadorc.zbd
2014-01-03 11:38 - 2014-01-03 11:32 - 00000000 ___SD C:\ComboFix
2014-01-03 11:38 - 2014-01-03 11:31 - 00000000 ____D C:\Windows\erdnt
2014-01-03 11:32 - 2014-01-03 11:32 - 00000000 ____D C:\Qoobox
2014-01-03 11:31 - 2013-05-15 17:26 - 00000000 ____D C:\ProgramData\ESET
2014-01-03 11:30 - 2014-01-03 11:30 - 02991832 _____ (ESET) C:\Users\Andy\Downloads\ERARemover_x64.exe
2014-01-03 11:30 - 2009-07-13 22:45 - 00014016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-03 11:30 - 2009-07-13 22:45 - 00014016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-03 11:27 - 2012-03-31 00:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-03 11:27 - 2009-07-13 23:13 - 00780236 _____ C:\Windows\System32\PerfStringBackup.INI
2014-01-03 11:26 - 2014-01-03 08:26 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-01-03 11:22 - 2014-01-03 10:09 - 00000112 _____ C:\Windows\setupact.log
2014-01-03 11:22 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-03 11:19 - 2014-01-03 11:04 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-03 11:05 - 2014-01-03 11:04 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2014-01-03 11:04 - 2014-01-03 11:03 - 16409960 _____ (Safer Networking Limited                                    ) C:\Users\Andy\Downloads\spybotsd162.exe
2014-01-03 10:13 - 2014-01-02 19:03 - 00020167 _____ C:\Windows\WindowsUpdate.log
2014-01-03 10:09 - 2014-01-03 10:09 - 00000000 _____ C:\Windows\setuperr.log
2014-01-03 10:09 - 2013-05-21 12:16 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-01-03 09:56 - 2011-05-30 13:49 - 00000000 ____D C:\ProgramData\LogMeIn
2014-01-03 09:22 - 2014-01-03 09:22 - 01059064 _____ (Bleeping Computer, LLC) C:\Users\Andy\Downloads\rkill64.exe
2014-01-03 08:24 - 2014-01-03 08:24 - 05160282 ____R (Swearware) C:\Users\Andy\Downloads\ComboFix.exe
2014-01-03 08:23 - 2014-01-03 08:23 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Andy\Downloads\rkill.exe
2014-01-03 08:23 - 2014-01-03 08:23 - 01233962 _____ C:\Users\Andy\Downloads\AdwCleaner.exe
2014-01-03 08:23 - 2014-01-03 08:20 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Andy\Downloads\tdsskiller.exe
2014-01-03 00:14 - 2011-08-28 09:28 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Skype
2014-01-02 23:20 - 2014-01-02 23:20 - 00481487 _____ C:\Users\Andy\SysInspector-ANDYPC-140102-2318.zip
2014-01-02 23:20 - 2011-05-28 20:04 - 00000000 ____D C:\users\Andy
2014-01-02 22:48 - 2014-01-02 22:48 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Wireshark
2014-01-02 22:43 - 2014-01-02 22:43 - 00000000 ____D C:\Program Files\Wireshark
2014-01-02 22:41 - 2014-01-02 22:41 - 27981224 _____ (Wireshark development team) C:\Users\Andy\Downloads\Wireshark-win64-1.10.5.exe
2014-01-02 22:38 - 2014-01-02 20:15 - 00000000 ____D C:\Program Files (x86)\Cain
2014-01-02 20:16 - 2011-09-23 19:31 - 00000000 ____D C:\Program Files (x86)\WinPcap
2014-01-02 20:15 - 2014-01-02 20:12 - 08049726 _____ C:\Users\Andy\Downloads\CaneAble.exe
2014-01-02 19:17 - 2012-10-09 21:08 - 00219648 ___SH C:\Users\Andy\Thumbs.db
2014-01-02 19:06 - 2014-01-02 19:06 - 00000000 ____D C:\ProgramData\Sophos
2014-01-02 19:06 - 2014-01-02 19:06 - 00000000 ____D C:\Program Files (x86)\Sophos
2014-01-02 19:01 - 2013-03-01 12:09 - 00000000 ____D C:\Windows\pss
2014-01-02 18:47 - 2014-01-02 18:47 - 00002066 _____ C:\Users\Andy\TWC.txt
2014-01-02 00:44 - 2014-01-02 00:32 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-02 00:32 - 2014-01-02 00:32 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-01-02 00:16 - 2012-10-06 10:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-01 23:44 - 2014-01-01 23:44 - 00037376 _____ C:\Windows\System32\qxkm.fev
2014-01-01 23:44 - 2014-01-01 23:33 - 00000095 _____ C:\Windows\System32\sbeyw.wvw
2014-01-01 23:33 - 2014-01-01 23:33 - 00000064 _____ C:\Windows\System32\ddpb.aay
2014-01-01 23:18 - 2014-01-01 23:18 - 00219314 ____S C:\Windows\System32\rsvm.blx
2013-12-30 19:05 - 2013-12-30 19:05 - 00001466 _____ C:\Users\Andy\Downloads\sg_backup_2013-12-30-1905.spg
2013-12-28 21:34 - 2012-10-28 21:52 - 00000000 ____D C:\Users\Andy\Documents\Sony
2013-12-28 20:56 - 2012-04-25 21:34 - 00000000 ____D C:\Users\Andy\AppData\Roaming\.minecraft
2013-12-28 20:43 - 2012-10-22 21:13 - 00000000 ____D C:\Fraps
2013-12-26 23:38 - 2013-08-21 21:38 - 00000000 ____D C:\Users\Andy\Documents\Ubisoft
2013-12-24 23:18 - 2013-12-24 23:18 - 00007252 _____ C:\Users\Andy\.recently-used.xbel
2013-12-24 23:18 - 2012-01-08 00:46 - 00000000 ____D C:\Users\Andy\AppData\Roaming\gtk-2.0
2013-12-24 23:18 - 2012-01-08 00:45 - 00000000 ____D C:\Users\Andy\.gimp-2.6
2013-12-21 23:19 - 2013-03-29 16:02 - 00000000 ___RD C:\Users\Andy\Desktop\Brett
2013-12-21 15:28 - 2013-12-21 15:28 - 00312744 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-12-21 15:28 - 2013-12-21 15:28 - 00189352 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-12-21 15:28 - 2013-12-21 15:28 - 00189352 _____ (Oracle Corporation) C:\Windows\System32\java.exe
2013-12-21 15:28 - 2013-12-21 15:28 - 00108968 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-12-21 15:28 - 2013-10-16 17:15 - 00000000 ____D C:\ProgramData\Oracle
2013-12-21 15:28 - 2011-05-17 17:18 - 00000000 ____D C:\Program Files\Java
2013-12-21 14:43 - 2013-12-21 14:43 - 00120832 _____ (Remote Data Backups) C:\Users\Andy\DBrefresh.exe
2013-12-21 14:39 - 2012-09-27 19:00 - 00001136 _____ C:\Users\Public\Desktop\Game Capture HD.lnk
2013-12-21 14:39 - 2012-09-27 19:00 - 00001136 _____ C:\ProgramData\Desktop\Game Capture HD.lnk
2013-12-21 14:35 - 2012-01-21 12:33 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-12-21 14:34 - 2013-12-21 14:34 - 04095448 _____ (BrightFort LLC                                              ) C:\Users\Andy\Downloads\spywareblastersetup50.exe
2013-12-21 14:34 - 2013-12-21 14:34 - 00000000 ____D C:\ProgramData\Licenses
2013-12-19 22:25 - 2013-03-06 18:16 - 00000000 ____D C:\Program Files (x86)\Origin
2013-12-19 22:15 - 2013-12-19 22:15 - 00203160 _____ C:\Users\Andy\Documents\Track 1 - 7.sfk
2013-12-19 22:15 - 2013-12-19 22:10 - 51995614 _____ C:\Users\Andy\Documents\Track 1 - 7.wav
2013-12-19 22:10 - 2013-12-19 22:10 - 00004024 _____ C:\Users\Andy\Documents\Track 1 - 6.sfk
2013-12-19 22:10 - 2013-12-19 22:09 - 01015062 _____ C:\Users\Andy\Documents\Track 1 - 6.wav
2013-12-17 00:19 - 2011-05-30 13:49 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2013-12-17 00:19 - 2011-05-30 13:49 - 00092488 _____ (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2013-12-17 00:19 - 2011-05-30 13:49 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2013-12-17 00:19 - 2011-05-30 13:49 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2013-12-15 00:32 - 2013-10-04 11:51 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-12-13 10:04 - 2013-05-21 12:16 - 00000000 ____D C:\Program Files\My Dell
2013-12-13 10:04 - 2011-05-30 10:00 - 00000000 ____D C:\ProgramData\PCDr
2013-12-12 23:57 - 2013-10-04 11:51 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-12-12 22:56 - 2013-10-04 11:51 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-12-10 23:27 - 2012-03-31 00:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-10 23:27 - 2012-03-31 00:00 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-10 23:27 - 2011-05-30 13:47 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-10 22:13 - 2013-12-10 22:13 - 01759094 _____ C:\Users\Andy\Documents\Track 3 - 19.wav
2013-12-10 22:13 - 2013-12-10 22:13 - 00006928 _____ C:\Users\Andy\Documents\Track 3 - 19.sfk
2013-12-10 22:03 - 2013-12-10 22:03 - 03326890 _____ C:\Users\Andy\Documents\Track 3 - 17.wav
2013-12-10 22:03 - 2013-12-10 22:03 - 01972430 _____ C:\Users\Andy\Documents\Track 3 - 18.wav
2013-12-10 22:03 - 2013-12-10 22:03 - 00016704 _____ C:\Users\Andy\Documents\Track 3 - 16.sfk
2013-12-10 22:03 - 2013-12-10 22:03 - 00013048 _____ C:\Users\Andy\Documents\Track 3 - 17.sfk
2013-12-10 22:03 - 2013-12-10 22:03 - 00007760 _____ C:\Users\Andy\Documents\Track 3 - 18.sfk
2013-12-10 22:03 - 2013-12-10 22:02 - 04261538 _____ C:\Users\Andy\Documents\Track 3 - 16.wav
2013-12-10 22:02 - 2013-12-10 22:02 - 02455286 _____ C:\Users\Andy\Documents\Track 3 - 15.wav
2013-12-10 22:02 - 2013-12-10 22:02 - 00009648 _____ C:\Users\Andy\Documents\Track 3 - 15.sfk
2013-12-10 22:02 - 2013-12-10 22:02 - 00003640 _____ C:\Users\Andy\Documents\Track 3 - 14.sfk
2013-12-10 22:02 - 2013-12-10 22:01 - 00917686 _____ C:\Users\Andy\Documents\Track 3 - 14.wav
2013-12-10 22:01 - 2013-12-10 22:01 - 02340062 _____ C:\Users\Andy\Documents\Track 3 - 13.wav
2013-12-10 22:01 - 2013-12-10 22:01 - 00027568 _____ C:\Users\Andy\Documents\Track 3 - 12.sfk
2013-12-10 22:01 - 2013-12-10 22:01 - 00009200 _____ C:\Users\Andy\Documents\Track 3 - 13.sfk
2013-12-10 22:01 - 2013-12-10 22:00 - 07042346 _____ C:\Users\Andy\Documents\Track 3 - 12.wav
2013-12-10 22:00 - 2013-12-10 22:00 - 00014176 _____ C:\Users\Andy\Documents\Track 3 - 11.sfk
2013-12-10 22:00 - 2013-12-10 21:59 - 03614866 _____ C:\Users\Andy\Documents\Track 3 - 11.wav
2013-12-10 21:59 - 2013-12-10 21:59 - 00007264 _____ C:\Users\Andy\Documents\Track 3 - 10.sfk
2013-12-10 21:59 - 2013-12-10 21:58 - 01846310 _____ C:\Users\Andy\Documents\Track 3 - 10.wav
2013-12-10 21:58 - 2013-12-10 21:58 - 00012376 _____ C:\Users\Andy\Documents\Track 3 - 9.sfk
2013-12-10 21:58 - 2013-12-10 21:57 - 03153490 _____ C:\Users\Andy\Documents\Track 3 - 9.wav
2013-12-10 00:05 - 2012-04-01 17:59 - 00000000 ____D C:\Users\Andy\Desktop\Minecraft
2013-12-09 08:31 - 2013-06-02 23:25 - 00000000 ____D C:\Users\Andy\AppData\Local\NVIDIA
2013-12-09 08:30 - 2013-11-21 22:12 - 00000000 ____D C:\Users\Andy\AppData\Local\NVIDIA Corporation
2013-12-09 08:30 - 2013-06-02 23:08 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-12-09 08:30 - 2013-06-02 23:08 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-09 08:30 - 2013-06-02 23:08 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-12-09 08:30 - 2013-06-02 23:07 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-12-07 16:34 - 2013-12-07 16:34 - 00000192 _____ C:\Windows\SysWOW64\PowerChute Technical Data.txt

Files to move or delete:
====================
C:\Users\Andy\DBrefresh.exe
C:\Users\Andy\vegaspro12.0.367.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 8%
Total physical RAM: 16366.45 MB
Available physical RAM: 15045.43 MB
Total Pagefile: 16364.59 MB
Available Pagefile: 15148.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:809.49 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:465.76 GB) (Free:333.6 GB) NTFS
Drive f: (RECOVERY) (Fixed) (Total:12.25 GB) (Free:5.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:0.24 GB) (Free:0.2 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 3866C7CB)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=919 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 53AB4096)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 244 MB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=244 MB) - (Type=0E)


LastRegBack: 2013-12-30 01:03

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


#2 Capp-Ware

Capp-Ware
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 03 January 2014 - 03:48 PM

Sorry, 1 quick addendum I forgot to mention. After the initial reboot that was forced by whatever, it made it to the desktop, but all the icons were missing. If I hit the "show desktop" button in the lower right corner, they would appear and I could click them just fine. But as soon as I would open anything, the icons on the desktop would be gone again. I could run programs, double-click documents, surf the internet, etc.. no problems. Just couldn't get the icons to stay put. Checked to make sure combofix wasn't running in the background, nor anything else of importance, and did a manual reboot, to which I found the problem listed above.

 

Thank you.



#3 Capp-Ware

Capp-Ware
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 03 January 2014 - 04:30 PM

Update.

 

I have managed to get the computer to boot properly. While running TDSS, it flagged a DLL as a potential rootkit. To isolate it without deleting it, I renamed it for testing purposes. this DLL apparently was only actually an "unsigned" DLL, so it flagged it without it being a threat. I was able to rename the file back to the original name via command prompt in recovery mode.

 

I was then able to get the system to finish booting to safe mode and combofix completed it's scan and generated the log file. Didn't find anything malicious either.

 

Can this thread be marked as /solved?


Edited by Orange Blossom, 05 January 2014 - 11:42 PM.
Merged new topic to this one instead of closing. Added second topic title to title of original. ~ OB


#4 Capp-Ware

Capp-Ware
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 04 January 2014 - 02:47 PM

I've searched and read so many different threads of people having the same problem. I believe I know the solution, but wanted to reassurance before replacing system files.

 

I too have the random commercials playing via audio on my system that I cannot get to stop, along with random reboots stating DCOM/PnP failures.

 

Before getting here, I scanned with Eset NOD32, MalwareBytes, MBAM-Rootkit, TDSSKiller, Rkill, AdwCleaner, ERA-Remover, Sophos-virus remover, Kaspersky virus remover, and as a last resort, even ran combofix. None of them found a single thing other than an unsigned dll.

Preface, I've been doing malware clean-ups professionally for years so I feel comfortable using combofix.

 

Seeing other threads, I believe it's the rpscc.dll that will need to be replaced, but I am attaching all the info anyway, to get some help.

 

Here are the various logs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.17267  BrowserJavaVersion: 10.45.2
Run by Andy at 13:39:27 on 2014-01-04
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.16366.12555 [GMT -6:00]
.
AV: ESET NOD32 Antivirus 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Remote Data Backups\AgentService.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Remote Data Backups\Agent.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Display] C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe
mRun: [AgentUiRunKey] "C:\Program Files (x86)\Remote Data Backups\Agent.exe" -ni -sss -e http://localhost:16386/
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:3
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{4B5E87D4-6272-48E4-91E2-0417DC1A991D} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\2kdfqp3y.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-11-04 22:25; {dc572301-7619-498c-a57d-39143191b318}; C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\2kdfqp3y.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 DKTLFSMF;Telemetry File System Mini Filter Driver;C:\Windows\System32\drivers\DKTLFSMF.sys [2012-12-11 106832]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-5-17 55856]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-2-20 213416]
R2 AgentService;AgentService;C:\Program Files (x86)\Remote Data Backups\AgentService.exe [2011-9-21 7632288]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-5-17 203776]
R2 APC Data Service;APC Data Service;C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe [2010-9-14 21880]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2013-3-21 1341664]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2013-1-10 139768]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-17 13336]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2011-5-30 72216]
R2 LV_Tracker;LV_Tracker;C:\Windows\System32\drivers\LV_Tracker64.sys [2010-4-22 54824]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-9 1494304]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R3 DKRtWrt;DKRtWrt;C:\Windows\System32\drivers\DKRtWrt.sys [2012-1-22 52048]
R3 ElgatoGC658Y;Elgato Game Capture;C:\Windows\System32\drivers\ElgatoGC658.sys [2012-9-27 50288]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-5-17 317440]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-5-17 406056]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-1-3 39200]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2009-12-2 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2009-12-2 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);C:\Windows\System32\drivers\evsbc.sys [2013-1-12 32768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-5-17 116752]
S3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-1-18 25632]
S3 CrossLoopService;CrossLoop Service;C:\Users\Andy\AppData\Local\CrossLoop\CrossLoopService.exe [2011-6-6 560880]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-1-6 99384]
S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;C:\Windows\System32\drivers\evolve.sys [2013-7-11 21656]
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);C:\Windows\System32\drivers\evserial.sys [2013-1-12 67072]
S3 hcwhdpvr;Hauppauge HD PVR Capture Service;C:\Windows\System32\drivers\hcwhdpvr.sys [2012-3-26 192072]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-5-17 158976]
S3 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech HD Webcam C525(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
S3 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-9-8 15129376]
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCAMp50a64.sys [2011-10-29 46648]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCASp50a64.sys [2011-10-29 45624]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-5-17 689472]
S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-1-6 203320]
S3 tvnserver;TightVNC Server;C:\Users\Andy\AppData\Local\CrossLoop\tvnserver.exe [2011-6-6 814080]
S3 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-01-04 07:06:42    117464    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-01-04 06:53:45    --------    d-----w-    C:\$RECYCLE.BIN
2014-01-04 06:36:41    --------    d-----w-    C:\Users\Andy\AppData\Local\ESET
2014-01-04 02:14:23    --------    d-----w-    C:\ProgramData\Kaspersky Lab
2014-01-04 00:27:13    39200    ----a-w-    C:\Windows\System32\drivers\nvvad64v.sys
2014-01-04 00:27:13    32544    ----a-w-    C:\Windows\SysWow64\nvaudcap32v.dll
2014-01-03 18:28:50    10315576    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D6473719-257A-43C8-96E5-123FC694CDD6}\mpengine.dll
2014-01-03 18:19:55    --------    d-----w-    C:\FRST
2014-01-03 17:32:50    98816    ----a-w-    C:\Windows\sed.exe
2014-01-03 17:32:50    256000    ----a-w-    C:\Windows\PEV.exe
2014-01-03 17:32:50    208896    ----a-w-    C:\Windows\MBR.exe
2014-01-03 17:04:58    --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2014-01-03 17:04:58    --------    d-----w-    C:\Program Files (x86)\Spybot - Search & Destroy
2014-01-03 14:29:56    --------    d-----w-    C:\AdwCleaner
2014-01-03 14:26:31    --------    d-----w-    C:\TDSSKiller_Quarantine
2014-01-03 04:48:29    --------    d-----w-    C:\Users\Andy\AppData\Roaming\Wireshark
2014-01-03 04:43:19    --------    d-----w-    C:\Program Files\Wireshark
2014-01-03 02:15:52    --------    d-----w-    C:\Program Files (x86)\Cain
2014-01-03 01:06:31    --------    d-----w-    C:\ProgramData\Sophos
2014-01-03 01:06:26    73728    ----a-r-    C:\Users\Andy\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-01-03 01:06:26    73728    ----a-r-    C:\Users\Andy\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-01-03 01:06:26    73728    ----a-r-    C:\Users\Andy\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2014-01-03 01:06:19    --------    d-----w-    C:\Program Files (x86)\Sophos
2014-01-02 06:32:54    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-02 06:32:37    89304    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2013-12-21 21:28:16    108968    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2013-12-21 20:34:53    --------    d-----w-    C:\ProgramData\Licenses
.
==================== Find3M  ====================
.
2013-12-17 06:19:33    107368    ----a-w-    C:\Windows\System32\LMIRfsClientNP.dll
2013-12-17 06:19:31    92488    ----a-w-    C:\Windows\System32\LMIinit.dll
2013-12-17 06:19:31    35656    ----a-w-    C:\Windows\System32\LMIport.dll
2013-12-13 05:57:51    214392    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2013-12-13 04:56:43    214392    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2013-12-11 05:27:08    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 05:27:08    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-10 02:13:11    982232    ----a-w-    C:\Windows\SysWow64\nvspcap.dll
2013-12-10 02:13:01    1100248    ----a-w-    C:\Windows\System32\nvspcap64.dll
2013-12-05 08:42:26    35104    ----a-w-    C:\Windows\System32\nvaudcap64v.dll
2013-11-26 18:25:52    267936    ------w-    C:\Windows\System32\MpSigStub.exe
2013-11-11 15:02:02    6674208    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-11-11 15:02:02    3490080    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-11-11 15:01:59    922912    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-11-11 15:01:59    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-11-11 15:01:59    219424    ----a-w-    C:\Windows\System32\nvmctray.dll
2013-11-11 15:01:58    3467927    ----a-w-    C:\Windows\System32\nvcoproc.bin
2013-10-30 17:07:54    76888    ----a-w-    C:\Windows\SysWow64\PnkBstrA.exe
2013-10-24 00:01:18    107368    ----a-w-    C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2013-10-23 10:30:23    1884448    ----a-w-    C:\Windows\System32\nvdispco6433165.dll
2013-10-23 10:30:23    1511712    ----a-w-    C:\Windows\System32\nvdispgenco6433165.dll
2013-10-16 00:48:05    1884448    ----a-w-    C:\Windows\System32\nvdispco6433158.dll
2013-10-16 00:48:05    1511712    ----a-w-    C:\Windows\System32\nvdispgenco6433158.dll
2013-10-08 12:51:05    873384    ----a-w-    C:\Windows\SysWow64\npdeployJava1.dll
2013-10-08 12:51:00    796072    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-10-08 12:50:37    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH: 13:39:40.91 ===============
 

 

FRST64 FRST.TXT:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2014
Ran by Andy (administrator) on ANDYPC on 04-01-2014 13:24:44
Running from C:\Users\Andy\Desktop
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Autonomy Corporation plc) C:\Program Files (x86)\Remote Data Backups\AgentService.exe
(American Power Conversion Corporation) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(American Power Conversion Corporation) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Autonomy Corporation plc) C:\Program Files (x86)\Remote Data Backups\Agent.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM\...\Run: [LogMeIn GUI] - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [6330568 2013-03-21] (ESET)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Display] - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe [271736 2010-09-14] (American Power Conversion Corporation)
HKLM-x32\...\Run: [AgentUiRunKey] - C:\Program Files (x86)\Remote Data Backups\Agent.exe [287744 2011-09-21] (Autonomy Corporation plc)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\2kdfqp3y.default
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: DownloadHelper - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\2kdfqp3y.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: Tabbrowser Preferences - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\2kdfqp3y.default\Extensions\{9b9d2aaa-ae26-4447-a7a1-633a32b19ddd}.xpi
FF Extension: Adblock Plus - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\2kdfqp3y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Tab Mix Plus - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\2kdfqp3y.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AgentService; C:\Program Files (x86)\Remote Data Backups\AgentService.exe [7632288 2011-09-21] (Autonomy Corporation plc)
R2 APC Data Service; C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe [21880 2010-09-14] (American Power Conversion Corporation)
R2 APC UPS Service; C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe [705912 2010-09-14] (American Power Conversion Corporation)
S3 CrossLoopService; C:\Users\Andy\AppData\Local\CrossLoop\CrossLoopService.exe [560880 2011-04-07] (CrossLoop Inc)
R2 Diskeeper; C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe [2721656 2012-06-29] (Condusiv Technologies)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1341664 2013-03-21] (ESET)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
S3 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-30] ()
S3 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [214392 2013-12-12] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S3 tvnserver; C:\Users\Andy\AppData\Local\CrossLoop\tvnserver.exe [814080 2010-07-21] (GlavSoft LLC.)

==================== Drivers (Whitelisted) ====================

R3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [52048 2012-06-18] (Condusiv Technologies)
R0 DKTLFSMF; C:\Windows\System32\drivers\DKTLFSMF.sys [106832 2012-06-07] (Condusiv Technologies)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-08-29] (UB658)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [139768 2013-01-10] (ESET)
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2013-07-11] (Echobit, LLC)
S3 evserial; C:\Windows\System32\DRIVERS\evserial.sys [67072 2008-05-19] (ELTIMA Software)
S3 hcwhdpvr; C:\Windows\System32\DRIVERS\hcwhdpvr.sys [192072 2012-09-12] (Hauppauge, Inc.)
S4 LMIRfsClientNP; No ImagePath
R2 LV_Tracker; C:\Windows\System32\DRIVERS\LV_Tracker64.sys [54824 2010-04-22] ()
R3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [46648 2011-10-29] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [45624 2011-10-29] (Printing Communications Assoc., Inc. (PCAUSA))
R3 VSBC; C:\Windows\System32\DRIVERS\evsbc.sys [32768 2008-05-19] (ELTIMA Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [x]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-04 13:24 - 2014-01-04 13:25 - 00016702 _____ C:\Users\Andy\Desktop\FRST.txt
2014-01-04 13:24 - 2014-01-04 13:24 - 01931368 _____ (Farbar) C:\Users\Andy\Desktop\FRST64.exe
2014-01-04 13:16 - 2014-01-04 13:16 - 00000000 ____D C:\Program Files (x86)\Adobe
2014-01-04 13:13 - 2014-01-04 13:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-04 12:56 - 2014-01-04 13:06 - 00018728 _____ C:\Windows\WindowsUpdate.log
2014-01-04 12:55 - 2014-01-04 13:09 - 00000336 _____ C:\Windows\setupact.log
2014-01-04 12:55 - 2014-01-04 12:55 - 00000000 _____ C:\Windows\setuperr.log
2014-01-04 01:06 - 2014-01-04 01:06 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-04 01:04 - 2014-01-04 01:04 - 04101441 _____ C:\Users\Andy\Downloads\tdsskiller.zip
2014-01-04 00:58 - 2014-01-04 00:58 - 00027810 _____ C:\ComboFix.txt
2014-01-04 00:36 - 2014-01-04 00:36 - 00000000 ____D C:\Users\Andy\AppData\Local\ESET
2014-01-03 20:14 - 2014-01-03 20:14 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2014-01-03 20:12 - 2014-01-03 20:13 - 130603904 _____ C:\Users\Andy\Downloads\KavVirusRemover.exe
2014-01-03 20:01 - 2014-01-03 20:01 - 00000011 _____ C:\Users\Andy\Desktop\Dont.bat
2014-01-03 19:20 - 2014-01-03 19:20 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Andy\Downloads\mbar-1.07.0.1008.exe
2014-01-03 18:27 - 2013-12-05 02:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-01-03 18:27 - 2013-12-05 02:42 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-01-03 12:22 - 2014-01-03 12:22 - 04645232 _____ (Piriform Ltd) C:\Users\Andy\Downloads\ccsetup409.exe
2014-01-03 12:19 - 2014-01-03 12:19 - 00000000 ____D C:\FRST
2014-01-03 11:32 - 2014-01-04 00:58 - 00000000 ____D C:\Qoobox
2014-01-03 11:32 - 2011-06-26 00:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-03 11:32 - 2010-11-07 11:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-03 11:32 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-03 11:32 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-03 11:32 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-03 11:32 - 2000-08-30 18:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-03 11:32 - 2000-08-30 18:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-03 11:32 - 2000-08-30 18:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-03 11:31 - 2014-01-03 12:06 - 00000000 ____D C:\Windows\erdnt
2014-01-03 11:30 - 2014-01-03 11:30 - 02991832 _____ (ESET) C:\Users\Andy\Downloads\ERARemover_x64.exe
2014-01-03 11:06 - 2009-06-10 15:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20140103-110636.backup
2014-01-03 11:04 - 2014-01-03 12:23 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-03 11:04 - 2014-01-03 11:05 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2014-01-03 09:22 - 2014-01-03 09:22 - 01059064 _____ (Bleeping Computer, LLC) C:\Users\Andy\Downloads\rkill64.exe
2014-01-03 08:29 - 2014-01-03 12:04 - 00000000 ____D C:\AdwCleaner
2014-01-03 08:26 - 2014-01-03 11:26 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-01-03 08:24 - 2014-01-04 00:35 - 05160001 ____R (Swearware) C:\Users\Andy\Downloads\ComboFix.exe
2014-01-03 08:23 - 2014-01-03 08:23 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Andy\Downloads\rkill.exe
2014-01-03 08:23 - 2014-01-03 08:23 - 01233962 _____ C:\Users\Andy\Downloads\AdwCleaner.exe
2014-01-02 23:20 - 2014-01-02 23:20 - 00481487 _____ C:\Users\Andy\SysInspector-ANDYPC-140102-2318.zip
2014-01-02 22:48 - 2014-01-02 22:48 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Wireshark
2014-01-02 22:43 - 2014-01-02 22:43 - 00000000 ____D C:\Program Files\Wireshark
2014-01-02 20:15 - 2014-01-02 22:38 - 00000000 ____D C:\Program Files (x86)\Cain
2014-01-02 20:12 - 2014-01-02 20:15 - 08049726 _____ C:\Users\Andy\Downloads\CaneAble.exe
2014-01-02 19:06 - 2014-01-02 19:06 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-01-02 19:06 - 2014-01-02 19:06 - 00000000 ____D C:\ProgramData\Sophos
2014-01-02 19:06 - 2014-01-02 19:06 - 00000000 ____D C:\Program Files (x86)\Sophos
2014-01-02 18:47 - 2014-01-02 18:47 - 00002066 _____ C:\Users\Andy\TWC.txt
2014-01-02 00:32 - 2014-01-04 01:09 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-02 00:32 - 2014-01-04 01:06 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-01 23:44 - 2014-01-01 23:44 - 00037376 _____ C:\Windows\system32\qxkm.fev
2014-01-01 23:34 - 2014-01-04 12:57 - 00000081 _____ C:\Windows\system32\aiadorc.zbd
2014-01-01 23:33 - 2014-01-01 23:44 - 00000095 _____ C:\Windows\system32\sbeyw.wvw
2014-01-01 23:33 - 2014-01-01 23:33 - 00000064 _____ C:\Windows\system32\ddpb.aay
2014-01-01 23:18 - 2014-01-01 23:18 - 00219314 ____S C:\Windows\system32\rsvm.blx
2013-12-30 19:05 - 2013-12-30 19:05 - 00001466 _____ C:\Users\Andy\Downloads\sg_backup_2013-12-30-1905.spg
2013-12-24 23:18 - 2013-12-24 23:18 - 00007252 _____ C:\Users\Andy\.recently-used.xbel
2013-12-21 15:28 - 2013-12-21 15:28 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-21 15:28 - 2013-12-21 15:28 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-21 15:28 - 2013-12-21 15:28 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-21 15:28 - 2013-12-21 15:28 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-21 14:34 - 2013-12-21 14:34 - 00000000 ____D C:\ProgramData\Licenses
2013-12-19 22:15 - 2013-12-19 22:15 - 00203160 _____ C:\Users\Andy\Documents\Track 1 - 7.sfk
2013-12-19 22:10 - 2013-12-19 22:15 - 51995614 _____ C:\Users\Andy\Documents\Track 1 - 7.wav
2013-12-19 22:10 - 2013-12-19 22:10 - 00004024 _____ C:\Users\Andy\Documents\Track 1 - 6.sfk
2013-12-19 22:09 - 2013-12-19 22:10 - 01015062 _____ C:\Users\Andy\Documents\Track 1 - 6.wav
2013-12-10 22:13 - 2013-12-10 22:13 - 01759094 _____ C:\Users\Andy\Documents\Track 3 - 19.wav
2013-12-10 22:13 - 2013-12-10 22:13 - 00006928 _____ C:\Users\Andy\Documents\Track 3 - 19.sfk
2013-12-10 22:03 - 2013-12-10 22:03 - 03326890 _____ C:\Users\Andy\Documents\Track 3 - 17.wav
2013-12-10 22:03 - 2013-12-10 22:03 - 01972430 _____ C:\Users\Andy\Documents\Track 3 - 18.wav
2013-12-10 22:03 - 2013-12-10 22:03 - 00016704 _____ C:\Users\Andy\Documents\Track 3 - 16.sfk
2013-12-10 22:03 - 2013-12-10 22:03 - 00013048 _____ C:\Users\Andy\Documents\Track 3 - 17.sfk
2013-12-10 22:03 - 2013-12-10 22:03 - 00007760 _____ C:\Users\Andy\Documents\Track 3 - 18.sfk
2013-12-10 22:02 - 2013-12-10 22:03 - 04261538 _____ C:\Users\Andy\Documents\Track 3 - 16.wav
2013-12-10 22:02 - 2013-12-10 22:02 - 02455286 _____ C:\Users\Andy\Documents\Track 3 - 15.wav
2013-12-10 22:02 - 2013-12-10 22:02 - 00009648 _____ C:\Users\Andy\Documents\Track 3 - 15.sfk
2013-12-10 22:02 - 2013-12-10 22:02 - 00003640 _____ C:\Users\Andy\Documents\Track 3 - 14.sfk
2013-12-10 22:01 - 2013-12-10 22:02 - 00917686 _____ C:\Users\Andy\Documents\Track 3 - 14.wav
2013-12-10 22:01 - 2013-12-10 22:01 - 02340062 _____ C:\Users\Andy\Documents\Track 3 - 13.wav
2013-12-10 22:01 - 2013-12-10 22:01 - 00027568 _____ C:\Users\Andy\Documents\Track 3 - 12.sfk
2013-12-10 22:01 - 2013-12-10 22:01 - 00009200 _____ C:\Users\Andy\Documents\Track 3 - 13.sfk
2013-12-10 22:00 - 2013-12-10 22:01 - 07042346 _____ C:\Users\Andy\Documents\Track 3 - 12.wav
2013-12-10 22:00 - 2013-12-10 22:00 - 00014176 _____ C:\Users\Andy\Documents\Track 3 - 11.sfk
2013-12-10 21:59 - 2013-12-10 22:00 - 03614866 _____ C:\Users\Andy\Documents\Track 3 - 11.wav
2013-12-10 21:59 - 2013-12-10 21:59 - 00007264 _____ C:\Users\Andy\Documents\Track 3 - 10.sfk
2013-12-10 21:58 - 2013-12-10 21:59 - 01846310 _____ C:\Users\Andy\Documents\Track 3 - 10.wav
2013-12-10 21:58 - 2013-12-10 21:58 - 00012376 _____ C:\Users\Andy\Documents\Track 3 - 9.sfk
2013-12-10 21:57 - 2013-12-10 21:58 - 03153490 _____ C:\Users\Andy\Documents\Track 3 - 9.wav
2013-12-07 16:34 - 2013-12-07 16:34 - 00000192 _____ C:\Windows\SysWOW64\PowerChute Technical Data.txt

==================== One Month Modified Files and Folders =======

2014-01-04 13:25 - 2014-01-04 13:24 - 00016702 _____ C:\Users\Andy\Desktop\FRST.txt
2014-01-04 13:24 - 2014-01-04 13:24 - 01931368 _____ (Farbar) C:\Users\Andy\Desktop\FRST64.exe
2014-01-04 13:16 - 2014-01-04 13:16 - 00000000 ____D C:\Program Files (x86)\Adobe
2014-01-04 13:16 - 2011-06-13 09:54 - 00000000 ____D C:\Users\Andy\AppData\Local\Adobe
2014-01-04 13:16 - 2011-05-17 17:21 - 00000000 ____D C:\ProgramData\Adobe
2014-01-04 13:16 - 2009-07-13 22:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-04 13:16 - 2009-07-13 22:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-04 13:14 - 2009-07-13 23:13 - 00780236 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-04 13:13 - 2014-01-04 13:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-04 13:13 - 2013-05-01 18:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-04 13:09 - 2014-01-04 12:55 - 00000336 _____ C:\Windows\setupact.log
2014-01-04 13:09 - 2011-08-06 14:18 - 00000000 ____D C:\Program Files (x86)\Remote Data Backups
2014-01-04 13:09 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-04 13:08 - 2011-05-30 13:49 - 00000000 ____D C:\ProgramData\LogMeIn
2014-01-04 13:08 - 2011-05-30 13:49 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2014-01-04 13:06 - 2014-01-04 12:56 - 00018728 _____ C:\Windows\WindowsUpdate.log
2014-01-04 12:57 - 2014-01-01 23:34 - 00000081 _____ C:\Windows\system32\aiadorc.zbd
2014-01-04 12:55 - 2014-01-04 12:55 - 00000000 _____ C:\Windows\setuperr.log
2014-01-04 12:53 - 2011-05-28 20:07 - 00000000 ___RD C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-04 01:09 - 2014-01-02 00:32 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-04 01:06 - 2014-01-04 01:06 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-04 01:06 - 2014-01-02 00:32 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-04 01:04 - 2014-01-04 01:04 - 04101441 _____ C:\Users\Andy\Downloads\tdsskiller.zip
2014-01-04 00:58 - 2014-01-04 00:58 - 00027810 _____ C:\ComboFix.txt
2014-01-04 00:58 - 2014-01-03 11:32 - 00000000 ____D C:\Qoobox
2014-01-04 00:54 - 2009-07-13 20:34 - 00000215 _____ C:\Windows\system.ini
2014-01-04 00:52 - 2011-05-28 20:04 - 00000000 ____D C:\Users\Andy
2014-01-04 00:36 - 2014-01-04 00:36 - 00000000 ____D C:\Users\Andy\AppData\Local\ESET
2014-01-04 00:35 - 2014-01-03 08:24 - 05160001 ____R (Swearware) C:\Users\Andy\Downloads\ComboFix.exe
2014-01-04 00:28 - 2012-03-31 00:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-03 20:14 - 2014-01-03 20:14 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2014-01-03 20:13 - 2014-01-03 20:12 - 130603904 _____ C:\Users\Andy\Downloads\KavVirusRemover.exe
2014-01-03 20:01 - 2014-01-03 20:01 - 00000011 _____ C:\Users\Andy\Desktop\Dont.bat
2014-01-03 19:20 - 2014-01-03 19:20 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Andy\Downloads\mbar-1.07.0.1008.exe
2014-01-03 12:23 - 2014-01-03 11:04 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-03 12:23 - 2012-10-27 21:52 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Sony
2014-01-03 12:23 - 2011-05-29 19:46 - 00000000 ____D C:\Program Files\CCleaner
2014-01-03 12:22 - 2014-01-03 12:22 - 04645232 _____ (Piriform Ltd) C:\Users\Andy\Downloads\ccsetup409.exe
2014-01-03 12:19 - 2014-01-03 12:19 - 00000000 ____D C:\FRST
2014-01-03 12:08 - 2009-07-13 21:20 - 00000000 __RHD C:\Users\Default
2014-01-03 12:06 - 2014-01-03 11:31 - 00000000 ____D C:\Windows\erdnt
2014-01-03 12:04 - 2014-01-03 08:29 - 00000000 ____D C:\AdwCleaner
2014-01-03 11:31 - 2013-05-15 17:26 - 00000000 ____D C:\ProgramData\ESET
2014-01-03 11:30 - 2014-01-03 11:30 - 02991832 _____ (ESET) C:\Users\Andy\Downloads\ERARemover_x64.exe
2014-01-03 11:26 - 2014-01-03 08:26 - 00000000 ____D C:\TDSSKiller_Quarantine
2014-01-03 11:05 - 2014-01-03 11:04 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2014-01-03 10:09 - 2013-05-21 12:16 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-01-03 09:22 - 2014-01-03 09:22 - 01059064 _____ (Bleeping Computer, LLC) C:\Users\Andy\Downloads\rkill64.exe
2014-01-03 08:23 - 2014-01-03 08:23 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Andy\Downloads\rkill.exe
2014-01-03 08:23 - 2014-01-03 08:23 - 01233962 _____ C:\Users\Andy\Downloads\AdwCleaner.exe
2014-01-03 00:14 - 2011-08-28 09:28 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Skype
2014-01-02 23:20 - 2014-01-02 23:20 - 00481487 _____ C:\Users\Andy\SysInspector-ANDYPC-140102-2318.zip
2014-01-02 22:48 - 2014-01-02 22:48 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Wireshark
2014-01-02 22:43 - 2014-01-02 22:43 - 00000000 ____D C:\Program Files\Wireshark
2014-01-02 22:38 - 2014-01-02 20:15 - 00000000 ____D C:\Program Files (x86)\Cain
2014-01-02 20:16 - 2011-09-23 19:31 - 00000000 ____D C:\Program Files (x86)\WinPcap
2014-01-02 20:15 - 2014-01-02 20:12 - 08049726 _____ C:\Users\Andy\Downloads\CaneAble.exe
2014-01-02 19:17 - 2012-10-09 21:08 - 00219648 ___SH C:\Users\Andy\Thumbs.db
2014-01-02 19:06 - 2014-01-02 19:06 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-01-02 19:06 - 2014-01-02 19:06 - 00000000 ____D C:\ProgramData\Sophos
2014-01-02 19:06 - 2014-01-02 19:06 - 00000000 ____D C:\Program Files (x86)\Sophos
2014-01-02 19:01 - 2013-03-01 12:09 - 00000000 ____D C:\Windows\pss
2014-01-02 18:47 - 2014-01-02 18:47 - 00002066 _____ C:\Users\Andy\TWC.txt
2014-01-02 00:16 - 2012-10-06 10:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-01 23:44 - 2014-01-01 23:44 - 00037376 _____ C:\Windows\system32\qxkm.fev
2014-01-01 23:44 - 2014-01-01 23:33 - 00000095 _____ C:\Windows\system32\sbeyw.wvw
2014-01-01 23:33 - 2014-01-01 23:33 - 00000064 _____ C:\Windows\system32\ddpb.aay
2014-01-01 23:18 - 2014-01-01 23:18 - 00219314 ____S C:\Windows\system32\rsvm.blx
2013-12-30 19:05 - 2013-12-30 19:05 - 00001466 _____ C:\Users\Andy\Downloads\sg_backup_2013-12-30-1905.spg
2013-12-28 21:34 - 2012-10-28 21:52 - 00000000 ____D C:\Users\Andy\Documents\Sony
2013-12-28 20:56 - 2012-04-25 21:34 - 00000000 ____D C:\Users\Andy\AppData\Roaming\.minecraft
2013-12-28 20:43 - 2012-10-22 21:13 - 00000000 ____D C:\Fraps
2013-12-26 23:38 - 2013-08-21 21:38 - 00000000 ____D C:\Users\Andy\Documents\Ubisoft
2013-12-24 23:18 - 2013-12-24 23:18 - 00007252 _____ C:\Users\Andy\.recently-used.xbel
2013-12-24 23:18 - 2012-01-08 00:46 - 00000000 ____D C:\Users\Andy\AppData\Roaming\gtk-2.0
2013-12-24 23:18 - 2012-01-08 00:45 - 00000000 ____D C:\Users\Andy\.gimp-2.6
2013-12-21 23:19 - 2013-03-29 16:02 - 00000000 ___RD C:\Users\Andy\Desktop\Brett
2013-12-21 15:28 - 2013-12-21 15:28 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-21 15:28 - 2013-12-21 15:28 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-21 15:28 - 2013-12-21 15:28 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-21 15:28 - 2013-12-21 15:28 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-21 15:28 - 2013-10-16 17:15 - 00000000 ____D C:\ProgramData\Oracle
2013-12-21 15:28 - 2011-05-17 17:18 - 00000000 ____D C:\Program Files\Java
2013-12-21 14:39 - 2012-09-27 19:00 - 00001136 _____ C:\Users\Public\Desktop\Game Capture HD.lnk
2013-12-21 14:35 - 2012-01-21 12:33 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-12-21 14:34 - 2013-12-21 14:34 - 00000000 ____D C:\ProgramData\Licenses
2013-12-19 22:25 - 2013-03-06 18:16 - 00000000 ____D C:\Program Files (x86)\Origin
2013-12-19 22:15 - 2013-12-19 22:15 - 00203160 _____ C:\Users\Andy\Documents\Track 1 - 7.sfk
2013-12-19 22:15 - 2013-12-19 22:10 - 51995614 _____ C:\Users\Andy\Documents\Track 1 - 7.wav
2013-12-19 22:10 - 2013-12-19 22:10 - 00004024 _____ C:\Users\Andy\Documents\Track 1 - 6.sfk
2013-12-19 22:10 - 2013-12-19 22:09 - 01015062 _____ C:\Users\Andy\Documents\Track 1 - 6.wav
2013-12-17 00:19 - 2011-05-30 13:49 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2013-12-17 00:19 - 2011-05-30 13:49 - 00092488 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2013-12-17 00:19 - 2011-05-30 13:49 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2013-12-15 00:32 - 2013-10-04 11:51 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-12-13 10:04 - 2013-05-21 12:16 - 00000000 ____D C:\Program Files\My Dell
2013-12-13 10:04 - 2011-05-30 10:00 - 00000000 ____D C:\ProgramData\PCDr
2013-12-12 23:57 - 2013-10-04 11:51 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-12-12 22:56 - 2013-10-04 11:51 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-12-10 23:27 - 2012-03-31 00:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-10 23:27 - 2012-03-31 00:00 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-10 23:27 - 2011-05-30 13:47 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-10 22:13 - 2013-12-10 22:13 - 01759094 _____ C:\Users\Andy\Documents\Track 3 - 19.wav
2013-12-10 22:13 - 2013-12-10 22:13 - 00006928 _____ C:\Users\Andy\Documents\Track 3 - 19.sfk
2013-12-10 22:03 - 2013-12-10 22:03 - 03326890 _____ C:\Users\Andy\Documents\Track 3 - 17.wav
2013-12-10 22:03 - 2013-12-10 22:03 - 01972430 _____ C:\Users\Andy\Documents\Track 3 - 18.wav
2013-12-10 22:03 - 2013-12-10 22:03 - 00016704 _____ C:\Users\Andy\Documents\Track 3 - 16.sfk
2013-12-10 22:03 - 2013-12-10 22:03 - 00013048 _____ C:\Users\Andy\Documents\Track 3 - 17.sfk
2013-12-10 22:03 - 2013-12-10 22:03 - 00007760 _____ C:\Users\Andy\Documents\Track 3 - 18.sfk
2013-12-10 22:03 - 2013-12-10 22:02 - 04261538 _____ C:\Users\Andy\Documents\Track 3 - 16.wav
2013-12-10 22:02 - 2013-12-10 22:02 - 02455286 _____ C:\Users\Andy\Documents\Track 3 - 15.wav
2013-12-10 22:02 - 2013-12-10 22:02 - 00009648 _____ C:\Users\Andy\Documents\Track 3 - 15.sfk
2013-12-10 22:02 - 2013-12-10 22:02 - 00003640 _____ C:\Users\Andy\Documents\Track 3 - 14.sfk
2013-12-10 22:02 - 2013-12-10 22:01 - 00917686 _____ C:\Users\Andy\Documents\Track 3 - 14.wav
2013-12-10 22:01 - 2013-12-10 22:01 - 02340062 _____ C:\Users\Andy\Documents\Track 3 - 13.wav
2013-12-10 22:01 - 2013-12-10 22:01 - 00027568 _____ C:\Users\Andy\Documents\Track 3 - 12.sfk
2013-12-10 22:01 - 2013-12-10 22:01 - 00009200 _____ C:\Users\Andy\Documents\Track 3 - 13.sfk
2013-12-10 22:01 - 2013-12-10 22:00 - 07042346 _____ C:\Users\Andy\Documents\Track 3 - 12.wav
2013-12-10 22:00 - 2013-12-10 22:00 - 00014176 _____ C:\Users\Andy\Documents\Track 3 - 11.sfk
2013-12-10 22:00 - 2013-12-10 21:59 - 03614866 _____ C:\Users\Andy\Documents\Track 3 - 11.wav
2013-12-10 21:59 - 2013-12-10 21:59 - 00007264 _____ C:\Users\Andy\Documents\Track 3 - 10.sfk
2013-12-10 21:59 - 2013-12-10 21:58 - 01846310 _____ C:\Users\Andy\Documents\Track 3 - 10.wav
2013-12-10 21:58 - 2013-12-10 21:58 - 00012376 _____ C:\Users\Andy\Documents\Track 3 - 9.sfk
2013-12-10 21:58 - 2013-12-10 21:57 - 03153490 _____ C:\Users\Andy\Documents\Track 3 - 9.wav
2013-12-10 00:05 - 2012-04-01 17:59 - 00000000 ____D C:\Users\Andy\Desktop\Minecraft
2013-12-09 20:13 - 2013-10-28 20:40 - 01100248 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-12-09 20:13 - 2013-10-28 20:40 - 00982232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-12-09 08:31 - 2013-06-02 23:25 - 00000000 ____D C:\Users\Andy\AppData\Local\NVIDIA
2013-12-09 08:30 - 2013-11-21 22:12 - 00000000 ____D C:\Users\Andy\AppData\Local\NVIDIA Corporation
2013-12-09 08:30 - 2013-06-02 23:08 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-12-09 08:30 - 2013-06-02 23:08 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-09 08:30 - 2013-06-02 23:08 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-12-09 08:30 - 2013-06-02 23:07 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-12-07 16:34 - 2013-12-07 16:34 - 00000192 _____ C:\Windows\SysWOW64\PowerChute Technical Data.txt
2013-12-05 02:42 - 2014-01-03 18:27 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-12-05 02:42 - 2014-01-03 18:27 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-12-05 02:42 - 2013-09-08 10:59 - 00035104 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll

Files to move or delete:
====================
C:\Users\Andy\vegaspro12.0.367.exe


Some content of TEMP:
====================
C:\Users\Andy\AppData\Local\Temp\i4jdel0.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-07-13 18:00] - [2009-07-13 19:41] - 0509952 ____A (Microsoft Corporation) 8C73748758219BF6E7FFFBD7008AC063

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 01:03

==================== End Of Log ============================

 

 

FRST Additon.txt Log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2014
Ran by Andy at 2014-01-04 13:25:20
Running from C:\Users\Andy\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET NOD32 Antivirus 6.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 6.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.04) (x32 Version: 11.0.04 - Adobe Systems Incorporated)
APC PowerChute Personal Edition 3.0 (x32 Version: 3.0 - American Power Conversion)
Apple Application Support (x32 Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.51110 - ATI Technologies Inc.) Hidden
ATI Catalyst Control Center (x32 Version: 2.010.1110.1531 - )
ATI Catalyst Install Manager (Version: 3.0.800.0 - ATI Technologies, Inc.)
Audacity 2.0.2 (x32 Version: 2.0.2 - Audacity Team)
Battlefield 4™ (x32 Version: 1.0.0.1 - Electronic Arts)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Cain & Abel 4.9.50 (x32 Version:  - )
Call Graph (x32 Version:  - Sedna Wireless Pvt. Ltd.)
CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden
Canon MP530 (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.1110.1532.27809 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.1110.1532.27809 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.1110.1532.27809 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.1110.1532.27809 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.1110.1531.27809 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.1110.1531.27809 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.1110.1531.27809 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.1110.1531.27809 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.1110.1531.27809 - ATI) Hidden
CCC Help English (x32 Version: 2010.1110.1531.27809 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.1110.1531.27809 - ATI) Hidden
CCC Help French (x32 Version: 2010.1110.1531.27809 - ATI) Hidden
CCC Help German (x32 Version: 2010.1110.1531.27809 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.1110.1531.27809 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.1110.1531.27809 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.1110.1531.27809 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.1110.1531.27809 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.1110.1531.27809 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.1110.1531.27809 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.1110.1531.27809 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.1110.1531.27809 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.1110.1531.27809 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.1110.1531.27809 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.1110.1531.27809 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.1110.1531.27809 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.1110.1531.27809 - ATI) Hidden
ccc-core-static (x32 Version: 2010.1110.1532.27809 - ATI) Hidden
ccc-utility64 (Version: 2010.1110.1532.27809 - ATI) Hidden
CCleaner (Version: 4.09 - Piriform)
Consumer In-Home Service Agreement (x32 Version: 2.0.0 - Dell Inc.)
Cozi (x32 Version: 1.0.4323.24051 - Cozi Group, Inc.)
CPUID HWMonitor 1.22 (Version:  - )
CrossLoop 2.75 (x32 Version: 2.75 - CrossLoop, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dead Island Riptide (x32 Version:  - Techland)
Dell DataSafe Local Backup - Support Software (x32 Version:  - Dell)
Dell DataSafe Local Backup (x32 Version: 9.4.47 - Dell)
Dell DataSafe Online (x32 Version: 2.1.19634 - Dell)
Dell Edoc Viewer (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (x32 Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (x32 Version: 1.4.162.0 - Fingertapps)
Dell PhotoStage (x32 Version: 1.5.0.30 - ArcSoft)
Dell Stage (x32 Version: 1.4.173.0 - Fingertapps)
Dell System Detect (HKCU Version: 4.0.5.6 - Dell)
Dell VideoStage (x32 Version: 1.1.1.1408 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.1.1.1408 - CyberLink Corp.) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Diskeeper 12 Professional (Version: 16.0.1016.64 - Condusiv Technologies)
DVD Shrink 3.2 (x32 Version:  - DVD Shrink)
Dxtory version 2.0.122 (x32 Version: 2.0.122 - Dxtory Software)
Elgato Game Capture HD (x32 Version: 1.42.9.524 - Elgato Systems GmbH)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET NOD32 Antivirus (Version: 6.0.316.0 - ESET, spol s r. o.)
ESN Sonar (x32 Version: 0.70.4 - ESN Social Software AB)
Far Cry® 3 (x32 Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
FileZilla Client 3.5.0 (x32 Version: 3.5.0 - )
Fraps (remove only) (x32 Version:  - )
Free FLV Converter V 7.5.0 (x32 Version: 7.5.0.0 - Koyote Soft)
Game Capture HD v2.3.3.38 (x32 Version: 2.3.3.38 - Elgato Systems)
Garry's Mod (x32 Version:  - Garry)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GIMP 2.6.11 (x32 Version: 2.6.11 - The GIMP Team)
Google Chrome (x32 Version: 28.0.1500.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.153 - Google Inc.) Hidden
Gyazo 2.0.2 (x32 Version:  - Nota Inc.)
Half-Life 2 (x32 Version:  - Valve)
Half-Life 2: Lost Coast (x32 Version:  - Valve)
HijackThis 1.99.0 (x32 Version: 1.99.0 - Soeperman Enterprises Ltd.)
ImgBurn (x32 Version: 2.5.7.0 - LIGHTNING UK!)
Intel® Rapid Storage Technology (x32 Version: 10.0.0.1046 - Intel Corporation)
iTunes (Version: 10.6.3.25 - Apple Inc.)
Java 7 Update 45 (64-bit) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
kBilling Invoicing Software (x32 Version:  - K Software)
Lagarith Lossless Codec (1.3.27) (x32 Version:  - )
Learning Lodge Navigator (x32 Version:  - VTech)
Left 4 Dead 2 (x32 Version:  - Valve)
Logitech Webcam Software (x32 Version: 2.0 - Logitech Inc.)
LWS Facebook (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.31.1044.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.30.1395.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Video Mask Maker (x32 Version: 13.30.1379.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Magic 2014  (x32 Version:  - Stainless Games)
Magicka (x32 Version:  - Arrowhead Game Studios AB)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0 - Microsoft Corporation)
Monaco (x32 Version:  - Pocketwatch Games)
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Mozilla Thunderbird (3.1.10) (x32 Version: 3.1.10 (en-US) - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower)
Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
My Dell (Version: 3.4.6422.14 - PC-Doctor, Inc.)
NETGEAR XE104 Powerline Encryption Utility (x32 Version: 2.0.0.4 - NETGEAR)
NETGEAR XE104 Powerline Encryption Utility (x32 Version: 2.0.0.4 - NETGEAR) Hidden
NexRemote (x32 Version: 1.7.18 - Celestron)
NVIDIA Control Panel 331.82 (Version: 331.82 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.1 (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.82 (Version: 331.82 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (Version: 1.2.19 - NVIDIA Corporation)
Origin (x32 Version: 9.1.10.2728 - Electronic Arts, Inc.)
PAYDAY 2 (x32 Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY: The Heist (x32 Version:  - OVERKILL Software)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Presto! PageManager 7.15.14 (x32 Version: 7.15.14E - NewSoft)
PunkBuster Services (x32 Version: 0.993 - Even Balance, Inc.)
QuickTime (x32 Version: 7.69.80.9 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Recuva (Version: 1.47 - Piriform)
Remote Data Backups Agent (x32 Version: 8.6 - Autonomy Corporation plc)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.6.0 - SAMSUNG Electronics Co., Ltd.)
ScanSoft OmniPage SE 4.0 (x32 Version: 15.00.0020 - Nuance Communications, Inc.)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
SimCity™ (x32 Version: 1.0.0.0 - Electronic Arts)
Skins (x32 Version: 2010.1110.1532.27809 - ATI) Hidden
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sophos Virus Removal Tool (x32 Version: 2.4 - Sophos Limited)
Source SDK Base 2007 (x32 Version:  - Valve)
Spybot - Search & Destroy (x32 Version: 1.6.2 - Safer Networking Limited)
SpywareBlaster 5.0 (x32 Version: 5.0.0 - BrightFort LLC)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Stellarium 0.11.4 (x32 Version: 0.11.4 - Stellarium team)
The Armadillo Software Protection System (x32 Version:  - )
TheSkyX First Light Edition (x32 Version: 10.0.2 - Software Bisque, Inc.)
THX TruStudio PC (x32 Version: 1.0 - Creative Technology Limited)
Tom Clancy's Splinter Cell Blacklist (x32 Version:  - Ubisoft Toronto)
Torchlight II (x32 Version:  - Runic Games)
Trials Evolution Gold Edition (x32 Version:  - Redlynx Ltd)
TurboTax 2011 (x32 Version:  - Intuit, Inc)
TurboTax 2011 WinPerFedFormset (x32 Version: 011.000.2999 - Intuit Inc.) Hidden
TurboTax 2011 WinPerReleaseEngine (x32 Version: 011.000.0474 - Intuit Inc.) Hidden
TurboTax 2011 WinPerTaxSupport (x32 Version: 011.000.0214 - Intuit Inc.) Hidden
TurboTax 2011 wrapper (x32 Version: 011.000.0121 - Intuit Inc.) Hidden
TurboTax 2012 (x32 Version: 2012.0 - Intuit, Inc)
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2013 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0451 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0179 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Uplay (x32 Version: 3.0 - Ubisoft)
Vegas Pro 12.0 (64-bit) (Version: 12.0.367 - Sony)
Verizon Wireless Software Utility Application for Android - Samsung (x32 Version: 2.12.0807 - Samsung Electronics Co., Ltd.)
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
Warframe (x32 Version: 1.0.0 - Digital Extremes)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinPcap 4.1.3 (x32 Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 1.10.5 (64-bit) (x32 Version: 1.10.5 - The Wireshark developer community, http://www.wireshark.org)
Worms Revolution (x32 Version:  - Team17 Digital Ltd.)

==================== Restore Points  =========================

04-01-2014 19:07:52 Removed LogMeIn

==================== Hosts content: ==========================

2009-07-13 20:34 - 2014-01-04 00:53 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {3899A0E7-B7B1-4156-B749-017DF66ACE48} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-19] (Google Inc.)
Task: {438D145B-1147-4E60-933A-EA04A6CE9702} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-09-05] (PC-Doctor, Inc.)
Task: {52DABED4-3761-4305-9A4E-B55EF6B83DC2} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-12-06] (PC-Doctor, Inc.)
Task: {58CA4DB8-F28D-4F96-9970-258B1373BDEB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-19] (Google Inc.)
Task: {76D17F47-BD6A-4510-989F-B179F31B70FF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {9F044339-F136-475B-9F4D-7D53860EDF9B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {CA89662A-64E5-44C5-A7B3-E1D90C633FD2} - System32\Tasks\{582FDB59-7214-4BD2-83F8-693BF1E1EAEE} => Firefox.exe http://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {D70A701A-1CA3-4644-B9F1-20468B2F0E88} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 08:42 - 2010-01-02 08:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-03-09 23:49 - 2013-03-09 23:49 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\d648170c5d514eef60d8a2e2f8c94689\IsdiInterop.ni.dll
2011-05-17 17:18 - 2010-09-13 17:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-01-04 13:13 - 2014-01-04 13:13 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\ProgramData\Temp:DDE29E40

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\87471669.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\87471669.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/04/2014 01:18:06 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

Error: (01/04/2014 01:16:23 PM) (Source: CVHSVC) (User: )
Description: Information only.
Too many failures while downloading ranges: 2

Error: (01/04/2014 01:05:55 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

Error: (01/04/2014 01:02:39 PM) (Source: CVHSVC) (User: )
Description: Information only.
Too many failures while downloading ranges: 2

Error: (01/04/2014 00:56:41 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/04/2014 00:56:41 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/04/2014 00:56:41 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/04/2014 00:56:41 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/04/2014 00:56:41 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (01/04/2014 00:56:39 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (01/04/2014 01:09:27 PM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (01/04/2014 01:09:24 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (01/04/2014 00:56:57 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (01/04/2014 00:56:57 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (01/04/2014 00:56:57 PM) (Source: DCOM) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/04/2014 00:56:41 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/04/2014 00:56:41 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (01/04/2014 00:56:02 PM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (01/04/2014 01:11:16 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/04/2014 01:11:16 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (01/04/2014 01:18:06 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (01/04/2014 01:16:23 PM) (Source: CVHSVC)(User: )
Description: Too many failures while downloading ranges: 2

Error: (01/04/2014 01:05:55 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (01/04/2014 01:02:39 PM) (Source: CVHSVC)(User: )
Description: Too many failures while downloading ranges: 2

Error: (01/04/2014 00:56:41 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (01/04/2014 00:56:41 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/04/2014 00:56:41 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/04/2014 00:56:41 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/04/2014 00:56:41 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (01/04/2014 00:56:39 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore


CodeIntegrity Errors:
===================================
  Date: 2014-01-04 00:52:28.363
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-04 00:52:28.300
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-04 00:52:28.253
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-04 00:52:28.191
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-03 11:38:18.577
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-03 11:38:18.517
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 16366.45 MB
Available physical RAM: 13047.54 MB
Total Pagefile: 32730.99 MB
Available Pagefile: 29340.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:818.49 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:465.76 GB) (Free:333.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 3866C7CB)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=919 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 53AB4096)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

FRST Search.TXT:

 

Farbar Recovery Scan Tool (x64) Version: 04-01-2014
Ran by Andy at 2014-01-04 13:26:30
Running from C:\Users\Andy\Desktop
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[2009-07-13 18:00] - [2009-07-13 19:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027

C:\Windows\System32\rpcss.dll
[2009-07-13 18:00] - [2009-07-13 19:41] - 0509952 ____A (Microsoft Corporation) 8C73748758219BF6E7FFFBD7008AC063

====== End Of Search ======

 

 

 

I have the logs for Combofix, Rkill, etc.. if those are needed as well.

 

Thanks for your assistance.

Attached Files



#5 Capp-Ware

Capp-Ware
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 04 January 2014 - 07:36 PM

Spent some time working the log files myself.

 

Created a Fixlist.txt file with the following:

 

start
2014-01-01 23:44 - 2014-01-01 23:44 - 00037376 _____ C:\Windows\system32\qxkm.fev
2014-01-01 23:34 - 2014-01-04 12:57 - 00000081 _____ C:\Windows\system32\aiadorc.zbd
2014-01-01 23:33 - 2014-01-01 23:44 - 00000095 _____ C:\Windows\system32\sbeyw.wvw
2014-01-01 23:33 - 2014-01-01 23:33 - 00000064 _____ C:\Windows\system32\ddpb.aay
2014-01-01 23:18 - 2014-01-01 23:18 - 00219314 ____S C:\Windows\system32\rsvm.blx
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll C:\Windows\System32\rpcss.dll
C:\Users\Andy\AppData\Local\Temp
end

 

 

Ran it and it rebooted, as per normal. So far, so good. No Audio ads. SVCHost is hidling at around 175k. No weird reboots. Remaining hopeful that it's finally fixed.

 

Here is the fixlog incase someone wants to doublecheck my work, and see if I missed something:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-01-2014
Ran by Andy at 2014-01-04 18:20:43 Run:1
Running from C:\Users\Andy\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
2014-01-01 23:44 - 2014-01-01 23:44 - 00037376 _____ C:\Windows\system32\qxkm.fev
2014-01-01 23:34 - 2014-01-04 12:57 - 00000081 _____ C:\Windows\system32\aiadorc.zbd
2014-01-01 23:33 - 2014-01-01 23:44 - 00000095 _____ C:\Windows\system32\sbeyw.wvw
2014-01-01 23:33 - 2014-01-01 23:33 - 00000064 _____ C:\Windows\system32\ddpb.aay
2014-01-01 23:18 - 2014-01-01 23:18 - 00219314 ____S C:\Windows\system32\rsvm.blx
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll C:\Windows\System32\rpcss.dll
C:\Users\Andy\AppData\Local\Temp
end


*****************

C:\Windows\system32\qxkm.fev => Moved successfully.
C:\Windows\system32\aiadorc.zbd => Moved successfully.
Could not move "C:\Windows\system32\sbeyw.wvw" => Scheduled to move on reboot.
C:\Windows\system32\ddpb.aay => Moved successfully.
Could not move "C:\Windows\system32\rsvm.blx" => Scheduled to move on reboot.
C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll

"C:\Users\Andy\AppData\Local\Temp" directory move:

C:\Users\Andy\AppData\Local\Temp\AdobeARM.log => Moved successfully.
C:\Users\Andy\AppData\Local\Temp\AdobeSFX.log => Moved successfully.
C:\Users\Andy\AppData\Local\Temp\Attach.txt => Moved successfully.
C:\Users\Andy\AppData\Local\Temp\DDS.txt => Moved successfully.
C:\Users\Andy\AppData\Local\Temp\e4jA1F9.tmp => Moved successfully.
C:\Users\Andy\AppData\Local\Temp\e4jA85F.tmp => Moved successfully.
C:\Users\Andy\AppData\Local\Temp\e4jB1B1.tmp => Moved successfully.
Could not move "C:\Users\Andy\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\Andy\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
C:\Users\Andy\AppData\Local\Temp\JavaDeployReg.log => Moved successfully.
C:\Users\Andy\AppData\Local\Temp\MSI63aed.LOG => Moved successfully.
C:\Users\Andy\AppData\Local\Temp\MSIb187f.LOG => Moved successfully.
C:\Users\Andy\AppData\Local\Temp\users00 => Moved successfully.
C:\Users\Andy\AppData\Local\Temp\hsperfdata_Andy\4068 => Moved successfully.
C:\Users\Andy\AppData\Local\Temp\e4jB1B1.tmp_dir\exe4jlib.jar => Moved successfully.
C:\Users\Andy\AppData\Local\Temp\e4jB1B1.tmp_dir\i4jdel.exe => Moved successfully.
C:\Users\Andy\AppData\Local\Temp\e4jA85F.tmp_dir\exe4jlib.jar => Moved successfully.
C:\Users\Andy\AppData\Local\Temp\e4jA85F.tmp_dir\i4jdel.exe => Moved successfully.
Could not move "C:\Users\Andy\AppData\Local\Temp\e4jA1F9.tmp_dir\exe4jlib.jar" => Scheduled to move on reboot.
C:\Users\Andy\AppData\Local\Temp\e4jA1F9.tmp_dir\i4jdel.exe => Moved successfully.
C:\Users\Andy\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\desktop.ini => Moved successfully.
C:\Users\Andy\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\index.dat => Moved successfully.
C:\Users\Andy\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\UWD4AG0M\desktop.ini => Moved successfully.
C:\Users\Andy\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\7UUCZBL0\desktop.ini => Moved successfully.
C:\Users\Andy\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\138W59LN\desktop.ini => Moved successfully.
C:\Users\Andy\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\08PD3PDK\desktop.ini => Moved successfully.
C:\Users\Andy\AppData\Local\Temp\acro_rd_dir\History\History.IE5\desktop.ini => Moved successfully.
C:\Users\Andy\AppData\Local\Temp\acro_rd_dir\History\History.IE5\index.dat => Moved successfully.
C:\Users\Andy\AppData\Local\Temp\acro_rd_dir\Cookies\index.dat => Moved successfully.
Could not move "C:\Users\Andy\AppData\Local\Temp" directory. => Scheduled to move on reboot.


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-04 18:22:00)<=

C:\Windows\system32\sbeyw.wvw => Is moved successfully.
C:\Windows\system32\rsvm.blx => Moved successfully.
"C:\Users\Andy\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => File could not move.
C:\Users\Andy\AppData\Local\Temp\e4jA1F9.tmp_dir\exe4jlib.jar => Moved successfully.
"C:\Users\Andy\AppData\Local\Temp" => Directory could not move.

==== End of Fixlog ====

 

 

 

 

I pride myself on how locked down I keep my system and network, so anytime I get hit with anything more than a tracking cookie, it annoys me. lol.

 

Funny, despite the multiple layers of protection I have on my system, and all the malware tools I have on hand, nothing detected it. Whatever this new piece of malware is, it spread quickly.



#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,009 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:51 PM

Posted 05 January 2014 - 09:15 PM

Does this concern the same computer as this topic: http://www.bleepingcomputer.com/forums/t/519528/windows-7-no-boot-after-combofix/ ?


Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#7 Capp-Ware

Capp-Ware
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 05 January 2014 - 11:34 PM

Does this concern the same computer as this topic: http://www.bleepingcomputer.com/forums/t/519528/windows-7-no-boot-after-combofix/ ?

 

Yes indeed it was. After doing a lot of research through the forums and seeing TDSSKiller flagging the rpcss.dll file as "questionable", I thought I would isolate the file by renaming it. Sadly, this step was done a few hours before the actual final reboot that caused my system to be become un-bootable. It just so coincidentally started the problems after the combofix reboot, so logically I thought the 2 were related. It wasn't until I started going back through my notes that I decided to try to name it back to the original file and it worked. Hence my request to have that thread closed. :)



#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,009 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:51 PM

Posted 05 January 2014 - 11:40 PM

Okay, for the sake of continuity and so you receive assistance sooner, I'm going to merge this topic to the original topic so the helpers can see everything you've done.  Please refrain from doing anything else unless a team member asks you as you can muddy the waters further by so doing.  It may be a while before you get a reply, but you will get one.  If HelpBot replies, please be sure to follow Step One so it knows you need assistance.

 

~ OB :cherry:

 

Edit, I've added the second topic title to the original topic title.  The link is now: http://www.bleepingcomputer.com/forums/t/519528/windows-7-no-boot-after-combofix-audio-advertisements-random-reboots-scanned-with-everything/

 

~ OB :cherry:


Edited by Orange Blossom, 05 January 2014 - 11:43 PM.

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#9 Capp-Ware

Capp-Ware
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 06 January 2014 - 12:12 AM

Okay, for the sake of continuity and so you receive assistance sooner, I'm going to merge this topic to the original topic so the helpers can see everything you've done.  Please refrain from doing anything else unless a team member asks you as you can muddy the waters further by so doing.  It may be a while before you get a reply, but you will get one.  If HelpBot replies, please be sure to follow Step One so it knows you need assistance.

 

~ OB :cherry:

 

Edit, I've added the second topic title to the original topic title.  The link is now: http://www.bleepingcomputer.com/forums/t/519528/windows-7-no-boot-after-combofix-audio-advertisements-random-reboots-scanned-with-everything/

 

~ OB :cherry:

Thanks OB.

 

So far so good on this. As I mentioned, I do this sort of stuff for a living, so posting here was a last result after days of working on it. Just to bounce some thoughts off others. When I began to see all the other threads about the same problem, I noticed similarities between all of them and my own.

 

Read through my own log files and noticed a pattern forming amongst all the threads. Created my own fixit file and as of now, it's all working properly.

:)



#10 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:51 PM

Posted 08 January 2014 - 03:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/519528 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#11 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:51 PM

Posted 13 January 2014 - 03:50 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users