Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe Playing Random Ads in Background


  • This topic is locked This topic is locked
16 replies to this topic

#1 achris03

achris03

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 12 April 2014 - 09:31 AM

Hi Bleeping Computer Community,

 

I have a really nasty bug in my system. I have run out of things to try out!

Rogue killer picks it up as a svchost.exe process and kills it...thats when the ads stop but they come back.

 

I have run:

TDSS Killer

RKILL

JRT

ESET NOD 32

MAlwareBytes

MalwareBytes Rootkit Beta

ComboFix

Spyhunter

Emsisoft

aswMBR

 

Any help would be much appreciated!

 

Attached are the logs.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16450  BrowserJavaVersion: 10.51.2
Run by Axios at 10:26:11 on 2014-04-12
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.16279.9733 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Freedom Scientific\JAWS\14.0\fsATProxy.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\ASRock\XFast LAN\spd.exe
C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
F:\Steam\SteamApps\common\Hi-Rez Studios\HiPatchService.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files (x86)\Hitachi\Hitachi Backup\HitachiBackupService.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
C:\Users\Axios\AppData\Local\Akamai\netsession_win.exe
E:\Steam\Steam.exe
C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe
C:\Program Files (x86)\Overwolf\Overwolf.exe
C:\Users\Axios\AppData\Local\Akamai\netsession_win.exe
C:\Users\Axios\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
C:\Users\Axios\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\XFastUSB\XFastUsb.exe
C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
C:\Program Files (x86)\Mindjet\MindManager 11\MmReminderService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe
C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper64.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Autodesk\AutoCAD 2013\acad.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\WSCommCntr4.exe
C:\Program Files\Autodesk\AutoCAD 2013\AdExchange\AcBrowserHost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Adobe\Adobe Illustrator CS6 (64 Bit)\Support Files\Contents\Windows\Illustrator.exe
C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Axios\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Axios\Desktop\RogueKillerX64.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
mStart Page = hxxp://www.google.com
uProxyOverride = <local>;192.168.*.*
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\OFFICE15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\OFFICE15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk"
uRun: [HLBackupScheduler] C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
uRun: [Akamai NetSession Interface] "C:\Users\Axios\AppData\Local\Akamai\netsession_win.exe"
uRun: [Steam] "E:\Steam\steam.exe" -silent
uRun: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
uRun: [Amazon Cloud Player] "C:\Users\Axios\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"
mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [NCUpdateHelper] C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
mRun: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 11\MMReminderService.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Axios\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Axios\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CODEME~1.LNK - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETWOR~1.LNK - C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\OFFICE15\ONBttnIE.dll
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - C:\Program Files (x86)\PicLensIE\cooliris.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\OFFICE15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{AD608A18-0D2E-4A15-A17B-D286841A5421} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\OFFICE15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB} - C:\Program Files (x86)\Mindjet\MindManager 11\sys\MmInternetExplorerActiveSetup.vbs
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
x64-Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
x64-Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
x64-Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - <orphaned>
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;F:\Steam\SteamApps\common\Hi-Rez Studios\HiPatchService.exe [2014-3-17 9216]
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-9-21 49760]
R0 AsrRamDisk;AsrRamDisk;C:\Windows\System32\drivers\AsrRamDisk.sys [2012-10-22 31016]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-10-22 16152]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-1-25 55856]
R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2012-10-22 17192]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-9-17 239320]
R1 FNETURPX;FNETURPX;C:\Windows\System32\drivers\FNETURPX.SYS [2012-10-22 15936]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-1-31 19232]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-3-3 1363584]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-3-3 1748608]
R2 CodeMeter.exe;CodeMeter Runtime Server;C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2013-4-2 2915704]
R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-9-7 87992]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2013-9-12 1337752]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2013-9-17 157432]
R2 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-10-23 1471352]
R2 Freedom Scientific Kernel Manager;Freedom Scientific Kernel Manager;C:\Windows\System32\fsKMgr.dll [2012-10-17 28752]
R2 HitachiBackupService;Hitachi Backup Service;C:\Program Files (x86)\Hitachi\Hitachi Backup\HitachiBackupService.exe [2010-6-6 53760]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-10-22 128280]
R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2012-2-9 133632]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-10-22 161560]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-3-12 418376]
R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;C:\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-9-15 86016]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-2-7 1593632]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-8-14 16941856]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-11-4 65657]
R2 RzKLService;RzKLService;C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [2013-10-30 106472]
R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2013-1-13 145448]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-3-12 411936]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-3-18 4915040]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-10-22 363800]
R3 fsvidmir_service;fsvidmir_service;C:\Windows\System32\drivers\fsvidmir.sys [2012-10-17 15416]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2012-2-9 25536]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2012-2-9 25536]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-10-22 331264]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2012-2-9 44992]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-10-22 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-10-22 788760]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-5-9 425000]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-3-12 25928]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2012-10-22 32344]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-2-7 39200]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\drivers\WPRO_41_2001.sys [2012-10-22 34752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-3-12 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144]
S3 cleanhlp;cleanhlp;C:\EEK\Run\cleanhlp64.sys [2014-4-7 57024]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;F:\Steam\SteamApps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [2013-12-10 25832]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 esgiguard;esgiguard;C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
S3 FNETTBOH_305;FNETTBOH_305;C:\Windows\System32\drivers\FNETTBOH_305.SYS [2012-10-22 32320]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-12-30 135584]
S3 JTVNCProxy_14.0;JTVNCProxy_14.0;C:\Program Files\Freedom Scientific\JAWS\14.0\JTVNCProxy.exe [2012-12-7 20360]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2009-7-10 31744]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2012-6-11 22016]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2012-1-25 9728]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2012-6-8 27136]
S3 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2013-6-30 99616]
S3 PowerBrl;powerBraille System Driver;C:\Windows\System32\drivers\powerbrl.sys [2012-12-7 17768]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [2013-2-21 15176]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-4-24 42184]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-11 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 XFDriver64;XFDriver64;E:\Xfire2\XFDriver64.sys [2013-4-21 17160]
S4 McNeelUpdate;McNeel Update Service 5.0;C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [2012-10-25 67752]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2014-04-12 04:54:11 5181144 ----a-w- C:\ProgramData\cisF69E.exe
2014-04-12 04:48:21 -------- d-sh--w- C:\$RECYCLE.BIN
2014-04-11 15:01:51 -------- d-s---w- C:\ComboFix
2014-04-11 13:30:43 -------- d-----w- C:\Users\Axios\AppData\Roaming\Comodo
2014-04-11 11:55:06 -------- d-----w- C:\ProgramData\SecTaskMan
2014-04-11 01:31:16 -------- d--h--w- C:\VTRoot
2014-04-11 01:26:17 -------- d-----w- C:\Users\Axios\AppData\Local\Comodo
2014-04-11 01:26:09 -------- d-----w- C:\Program Files (x86)\Comodo
2014-04-11 00:35:24 94656 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmp
2014-04-10 00:29:53 119000 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-10 00:29:53 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-10 00:29:30 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-04-10 00:09:25 98816 ----a-w- C:\Windows\sed.exe
2014-04-10 00:09:25 256000 ----a-w- C:\Windows\PEV.exe
2014-04-10 00:09:25 208896 ----a-w- C:\Windows\MBR.exe
2014-04-10 00:03:21 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2014-04-09 17:44:38 -------- d-----w- C:\Program Files\ESET
2014-04-07 13:09:23 14232 ----a-w- C:\Windows\SysWow64\sh4native.exe
2014-04-07 12:31:02 110080 ----a-r- C:\Users\Axios\AppData\Roaming\Microsoft\Installer\{0028CB34-D5D3-460F-B308-A39A095A5E01}\IconF7A21AF7.exe
2014-04-07 12:31:02 110080 ----a-r- C:\Users\Axios\AppData\Roaming\Microsoft\Installer\{0028CB34-D5D3-460F-B308-A39A095A5E01}\IconD7F16134.exe
2014-04-07 12:31:02 110080 ----a-r- C:\Users\Axios\AppData\Roaming\Microsoft\Installer\{0028CB34-D5D3-460F-B308-A39A095A5E01}\IconCF33A0CE.exe
2014-04-07 12:31:02 -------- d-----w- C:\Program Files (x86)\Enigma Software Group
2014-04-07 12:30:42 -------- d-----w- C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2014-04-07 12:12:44 -------- d-----w- C:\EEK
2014-04-07 04:11:30 -------- d-----w- C:\ProgramData\HitmanPro
2014-04-06 18:28:48 -------- d-----w- C:\ProgramData\Rosetta Stone
2014-04-06 01:10:27 -------- d-----w- C:\Users\Axios\AppData\Roaming\Unity
2014-03-27 04:25:54 -------- d-----w- C:\Program Files (x86)\SketchUp
2014-03-23 17:22:53 -------- d-----w- C:\Users\Axios\AppData\Roaming\library_dir
2014-03-23 17:22:49 -------- d-----w- C:\Users\Axios\AppData\Roaming\Raptr
2014-03-23 17:22:49 -------- d-----w- C:\Program Files (x86)\Raptr
2014-03-18 20:20:00 -------- d-----w- C:\Program Files (x86)\Common Files\Overwolf
.
==================== Find3M  ====================
.
2014-04-12 12:20:42 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys
2014-03-06 01:30:28 282296 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-03-06 01:30:28 282296 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-03-05 19:38:16 282296 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-03-05 18:24:51 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2014-03-05 04:32:15 2434856 ----a-w- C:\Windows\SysWow64\pbsvc_bc2.exe
2014-03-04 13:06:00 6714312 ----a-w- C:\Windows\System32\nvcpl.dll
2014-03-04 13:06:00 3497816 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-03-04 13:05:58 922968 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-03-04 13:05:58 64968 ----a-w- C:\Windows\System32\nvshext.dll
2014-03-04 13:05:57 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2014-03-04 13:05:53 3649185 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-03-04 11:32:59 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-02-21 17:37:41 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-05 09:31:00 1048152 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-02-05 09:30:41 1179576 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-02-03 16:20:54 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-01-27 20:44:16 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2014-01-27 20:44:16 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2014-01-27 20:44:16 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2014-01-27 20:44:16 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2014-01-23 19:41:16 32320 ----a-w- C:\Windows\System32\drivers\FNETTBOH_305.SYS
2013-05-10 21:15:04 36904370 ----a-w- C:\Program Files (x86)\mpatch_001_061_.exe
.
============= FINISH: 10:26:20.31 ===============

Attached Files


Edited by achris03, 12 April 2014 - 09:32 AM.


BC AdBot (Login to Remove)

 


m

#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:57 PM

Posted 12 April 2014 - 05:48 PM


Hello achris03

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe or e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • First Press the Scan button.
  • It will make a log (FRST.txt)
I want you to poste the FRST.txt report into your reply to me



I need to find out some more information about one of the files on the computer

Please run FRST like you did before but this time I would like you to

Type the following in the edit box after "Search:".

rpcss.dll

It then should look like:

Search: rpcss.dll

Click Search button and post the log (Search.txt) it makes to your reply.




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 achris03

achris03
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 13 April 2014 - 03:26 AM

Hi Gringo, I appreciate you helping me.

 

I downloaded frst64.exe, but I had to save to it to my other harddrive (my pc has 3) because the advanced boot options would not detect my flashdrive. Regardless I have the two logs below:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2014 01
Ran by SYSTEM on MININT-5C1R9DB on 13-04-2014 04:20:14
Running from C:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [XFast LAN] - C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1441152 2011-10-19] (cFos Software GmbH)
HKLM\...\Run: [THXCfg64] - C:\Windows\system32\THXCfg64.dll [26624 2011-05-13] (Creative Technology Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LgDeviceAgent] - C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415816 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2412616 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4725320 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1179576 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5618456 2013-09-12] (ESET)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [XFastUSB] - C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5019360 2012-10-22] (FNet Co., Ltd.)
HKLM-x32\...\Run: [THX TruStudio NB Settings] - C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-08-23] (Power Software Ltd)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [ADSK DLMSession] - C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1641368 2013-02-01] (Autodesk, Inc.)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [NCUpdateHelper] - C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [528360 2014-02-17] (NCSOFT Corporation)
HKLM-x32\...\Run: [MMReminderService] - C:\Program Files (x86)\Mindjet\MindManager 11\MMReminderService.exe [42312 2013-05-14] (Mindjet)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Axios\...\Run: [MotoCast] - C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk [2055 2012-11-04] ()
HKU\Axios\...\Run: [HLBackupScheduler] - C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe [7065224 2012-08-20] ()
HKU\Axios\...\Run: [Akamai NetSession Interface] - C:\Users\Axios\AppData\Local\Akamai\netsession_win.exe [4672920 2014-03-06] (Akamai Technologies, Inc.)
HKU\Axios\...\Run: [Steam] - "E:\Steam\steam.exe" -silent
HKU\Axios\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [37664 2014-03-05] (Overwolf LTD)
HKU\Axios\...\Run: [Amazon Cloud Player] - C:\Users\Axios\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2013-12-12] ()
HKU\Axios\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20203904 2013-12-06] (Google)
HKU\Axios\...\Run: [Raptr] - C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-04-11] (Raptr, Inc)
HKU\Axios\...\Policies\Explorer: [] 
Startup: C:\Users\Axios\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
 
==================== Services (Whitelisted) =================
 
S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
S2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-10-19] (cFos Software GmbH)
S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET)
S2 HitachiBackupService; C:\Program Files (x86)\Hitachi\Hitachi Backup\HitachiBackupService.exe [53760 2010-06-06] (Hitachi GST)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
S2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
S3 JTVNCProxy_14.0; C:\Program Files\Freedom Scientific\JAWS\14.0\JTVNCProxy.exe [20360 2012-12-07] (Freedom Scientific BLV Group LLC)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 McNeelUpdate; C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [67752 2012-10-24] (Robert McNeel & Associates)
S2 mi-raysat_3dsmax2013_64; C:\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe [86016 2011-09-14] ()
S2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-23] ()
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [99616 2014-03-05] (Overwolf LTD)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-05] ()
S2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [106472 2013-09-18] (Razer Inc.)
S3 DAUpdaterSvc; F:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [X]
S2 HiPatchService; F:\Steam\SteamApps\common\Hi-Rez Studios\HiPatchService.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
S0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
S0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2014-04-06] (Emsisoft GmbH)
S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
S5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
S3 esgiguard; C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-01-23] (FNet Co., Ltd.)
S1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2012-10-22] (FNet Co., Ltd.)
S2 Freedom Scientific Kernel Manager; C:\Windows\System32\fsKMgr.dll [28752 2012-10-17] (Freedom Scientific, Inc.)
S3 fsvidmir_service; C:\Windows\System32\DRIVERS\fsvidmir.sys [15416 2012-10-17] (Freedom Scientific, Inc.)
S3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
S3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 PowerBrl; C:\Windows\system32\Drivers\powerbrl.sys [17768 2012-12-07] (Freedom Scientific BLV Group, LLC.)
S3 RTCore64; C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [15176 2013-02-21] ()
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-10] (MCCI Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
S2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [105160 2012-12-19] (WIBU-SYSTEMS AG)
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-04-13] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MFE_RR; \??\C:\Users\Axios\AppData\Local\Temp\mfe_rr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
S3 XFDriver64; \??\E:\Xfire2\XFDriver64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-13 04:20 - 2014-04-13 04:20 - 00000000 _____ () C:\FRST.txt
2014-04-13 04:19 - 2014-04-13 04:20 - 00000000 ____D () C:\FRST
2014-04-12 23:34 - 2014-04-12 23:39 - 00000000 ___DC () C:\Users\Axios\AppData\Local\MigWiz
2014-04-12 23:34 - 2014-04-12 23:34 - 00000762 _____ () C:\Windows\comsetup.log
2014-04-12 14:34 - 2014-04-12 14:34 - 00000000 ____D () C:\Users\Axios\AppData\Local\ESET
2014-04-12 07:08 - 2014-04-12 07:08 - 08835072 _____ () C:\Windows\System32\Drivers\nvlddmkm.sys.bak
2014-04-12 07:08 - 2014-04-12 07:08 - 00028672 _____ () C:\Windows\System32\Drivers\winusb.sys.bak
2014-04-12 07:08 - 2014-04-12 07:08 - 00012288 _____ () C:\Windows\System32\Drivers\winhv.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000512 _____ () C:\Windows\System32\Drivers\wfplwf.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000512 _____ () C:\Windows\System32\Drivers\tape.sys.bak
2014-04-12 07:08 - 2014-04-12 07:08 - 00000512 _____ () C:\Windows\System32\Drivers\smclib.sys.bak
2014-04-12 07:08 - 2014-04-12 07:08 - 00000512 _____ () C:\Windows\System32\Drivers\sfloppy.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000512 _____ () C:\Windows\System32\Drivers\rdpvideominiport.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000512 _____ () C:\Windows\System32\Drivers\pacer.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000384 _____ () C:\Windows\System32\Drivers\pci.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000208 _____ () C:\Windows\System32\Drivers\swenum.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000080 _____ () C:\Windows\System32\Drivers\stexstor.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000080 _____ () C:\Windows\System32\Drivers\NV_AGP.SYS.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000064 _____ () C:\Windows\System32\Drivers\pciide.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000005 _____ () C:\Users\Axios\Desktop\RKreport[0]_S_04122014_110844.txt
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 ____D () C:\Windows\snack
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\WmBEnum.sys.bak
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\wimmount.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\Wibukey2_64.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\WdfLdr.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\volsnap.sys.bak
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\volmgrx.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\volmgr.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\vmstorfl.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\vms3cap.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\VMBusHID.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\vmbus.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\videoprt.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\viaide.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\TsUsbFlt.sys.bak
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\tssecsrv.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\Synth3dVsc.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\stream.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\storvsc.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\storport.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\sscdwhnt.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\sscdwh.sys.bak
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\smb.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\sisraid4.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\sisraid2.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\sffp_sd.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\sffp_mmc.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\sffdisk.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\rdpwd.sys.bak
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\RDPREFMP.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\RDPENCDD.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\rdpdr.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\RDPCDD.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\pcw.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\pcmcia.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\pciidex.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\partmgr.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\parport.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\ohci1394.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\nwifi.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\nvvad64v.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\nvstor.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\nvraid.sys.dump
2014-04-12 06:26 - 2014-04-12 06:26 - 00031412 _____ () C:\Users\Axios\Desktop\dds.txt
2014-04-12 06:26 - 2014-04-12 06:26 - 00016958 _____ () C:\Users\Axios\Desktop\attach.txt
2014-04-12 06:25 - 2014-04-12 06:25 - 00688992 ____R (Swearware) C:\Users\Axios\Desktop\dds.com
2014-04-11 21:08 - 2014-04-11 21:08 - 00003134 _____ () C:\Windows\System32\Tasks\{FB128AAF-6D41-4633-A179-65BA7782482A}
2014-04-11 20:57 - 2014-04-11 20:57 - 00087360 _____ () C:\Users\Axios\Desktop\gmer.wmv
2014-04-11 20:54 - 2014-04-11 20:54 - 00380416 _____ () C:\Users\Axios\Desktop\r6r50rxk.exe
2014-04-11 20:15 - 2014-04-11 20:15 - 04118280 _____ () C:\Users\Axios\Desktop\tdsskiller (1).zip
2014-04-11 20:15 - 2014-04-11 20:15 - 00000000 ____D () C:\Users\Axios\Desktop\tdsskiller (1)
2014-04-11 07:11 - 2014-04-13 00:16 - 00001512 _____ () C:\Windows\setupact.log
2014-04-11 07:11 - 2014-04-13 00:14 - 00002784 _____ () C:\Windows\PFRO.log
2014-04-11 07:11 - 2014-04-11 07:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-11 07:01 - 2014-04-11 07:01 - 00000000 ___SD () C:\ComboFix
2014-04-11 05:30 - 2014-04-11 05:31 - 00000000 ____D () C:\Users\Axios\AppData\Roaming\Comodo
2014-04-11 03:55 - 2014-04-11 04:00 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-04-10 18:21 - 2014-04-10 18:21 - 00003580 _____ () C:\Users\Axios\Desktop\RKreport[0]_D_04102014_222143.txt
2014-04-10 18:21 - 2014-04-10 18:21 - 00001180 _____ () C:\Users\Axios\Desktop\RKreport[0]_H_04102014_222152.txt
2014-04-10 18:20 - 2014-04-10 18:20 - 00003443 _____ () C:\Users\Axios\Desktop\RKreport[0]_S_04102014_222054.txt
2014-04-10 17:31 - 2014-04-10 17:31 - 00000000 ___HD () C:\VTRoot
2014-04-10 17:26 - 2014-04-11 20:53 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-04-10 17:26 - 2014-04-10 17:26 - 00000000 ____D () C:\Users\Axios\AppData\Local\Comodo
2014-04-10 16:55 - 2014-04-10 16:55 - 00001736 _____ () C:\Users\Axios\Desktop\PeerBlock.lnk
2014-04-10 16:54 - 2014-04-10 16:54 - 02374320 _____ (PeerBlock, LLC ) C:\Users\Axios\Desktop\PeerBlock-Setup_v1.2_r693.exe
2014-04-10 16:48 - 2014-04-10 16:48 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Axios\Desktop\mbar-1.07.0.1009.exe
2014-04-10 16:35 - 2014-04-13 00:16 - 00094656 _____ (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp
2014-04-10 16:33 - 2014-04-07 03:40 - 04139872 _____ (Kaspersky Lab ZAO) C:\Users\Axios\Desktop\TDSSKiller.exe
2014-04-10 16:32 - 2014-04-10 16:32 - 04745728 _____ (AVAST Software) C:\Users\Axios\Desktop\aswMBR.exe
2014-04-10 16:29 - 2014-04-10 16:29 - 00048139 _____ () C:\ComboFix.txt
2014-04-10 16:11 - 2014-04-09 16:08 - 05196025 ____R (Swearware) C:\Users\Axios\Desktop\ComboFix.exe
2014-04-10 16:07 - 2014-04-10 16:07 - 00002495 _____ () C:\Users\Axios\Desktop\RKreport[0]_S_04102014_200720.txt
2014-04-10 15:57 - 2014-04-10 15:57 - 00003303 _____ () C:\Users\Axios\Desktop\RKreport[0]_D_04102014_195708.txt
2014-04-10 15:54 - 2014-04-10 15:54 - 00003176 _____ () C:\Users\Axios\Desktop\RKreport[0]_S_04102014_195410.txt
2014-04-10 15:46 - 2014-04-10 15:46 - 00000310 _____ () C:\Users\Axios\Downloads\RootkitRemover_20140410_194632.log
2014-04-10 15:45 - 2014-04-10 15:45 - 00783632 _____ (McAfee, Inc.) C:\Users\Axios\Downloads\rootkitremover.exe
2014-04-10 15:45 - 2014-04-10 15:45 - 00000310 _____ () C:\Users\Axios\Downloads\RootkitRemover_20140410_194537.log
2014-04-09 19:10 - 2012-01-22 13:02 - 01147011 _____ () C:\Users\Axios\Desktop\cypressridge.pat
2014-04-09 19:08 - 2014-04-09 19:08 - 00000000 ____D () C:\Users\Axios\Desktop\mediaupload-12-02-21-Eldorado_Stone_Hatch_Patterns
2014-04-09 16:29 - 2014-04-11 20:15 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-09 16:29 - 2014-04-10 17:25 - 00000000 ____D () C:\Users\Axios\Desktop\mbar
2014-04-09 16:29 - 2014-04-10 17:25 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-09 16:09 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-09 16:09 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-09 16:09 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-09 16:09 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-09 16:09 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-09 16:09 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-09 16:09 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-09 16:09 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-09 16:08 - 2014-04-11 05:50 - 00000000 ____D () C:\Qoobox
2014-04-09 16:08 - 2014-04-09 16:26 - 00000000 ____D () C:\Windows\erdnt
2014-04-09 16:08 - 2014-04-09 16:08 - 05196025 ____R (Swearware) C:\Users\Axios\Downloads\ComboFix.exe
2014-04-09 16:03 - 2014-04-09 16:03 - 00012872 _____ (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2014-04-09 15:41 - 2014-04-09 15:41 - 04118841 _____ () C:\Users\Axios\Downloads\tdsskiller.zip
2014-04-09 10:11 - 2014-04-09 10:11 - 00304440 _____ () C:\Users\Axios\Desktop\cc_20140409_141103.reg
2014-04-09 09:44 - 2014-04-09 09:44 - 00000000 ____D () C:\ProgramData\ESET
2014-04-09 09:44 - 2014-04-09 09:44 - 00000000 ____D () C:\Program Files\ESET
2014-04-08 02:34 - 2014-04-08 03:11 - 00000000 ____D () C:\Users\Axios\Downloads\elevator cad drawings
2014-04-08 02:34 - 2014-04-08 02:34 - 01239177 _____ () C:\Users\Axios\Downloads\elevator cad drawings.rar
2014-04-07 17:11 - 2014-04-07 17:11 - 05577663 _____ () C:\Users\Axios\Downloads\Melamine-wood-patterns-PIXEDEN.zip
2014-04-07 17:11 - 2014-04-07 17:11 - 00000000 ____D () C:\Users\Axios\Downloads\Melamine-wood-patterns-PIXEDEN
2014-04-07 05:09 - 2014-04-07 05:09 - 00022587 _____ () C:\spyhunter.fix
2014-04-07 05:09 - 2010-05-13 14:34 - 00014232 _____ () C:\Windows\SysWOW64\sh4native.exe
2014-04-07 04:31 - 2014-04-07 04:31 - 00002288 _____ () C:\Users\Axios\Desktop\SpyHunter.lnk
2014-04-07 04:31 - 2014-04-07 04:31 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2014-04-07 04:31 - 2014-04-07 04:31 - 00000000 _____ () C:\autoexec.bat
2014-04-07 04:30 - 2014-04-07 04:32 - 00000000 ____D () C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2014-04-07 04:29 - 2014-04-07 04:29 - 00014740 _____ () C:\Users\Axios\Downloads\[kickass.to]spyhunter.4.16.5.4290.patch.torrent
2014-04-07 04:25 - 2014-04-07 04:25 - 00187464 _____ (Webroot) C:\Users\Axios\Downloads\antizeroaccess.exe
2014-04-07 04:12 - 2014-04-07 04:12 - 225822512 _____ () C:\Users\Axios\Downloads\EmsisoftEmergencyKit.exe
2014-04-07 04:12 - 2014-04-07 04:12 - 00000546 _____ () C:\Users\Axios\Desktop\Emsisoft Emergency Kit.lnk
2014-04-07 04:12 - 2014-04-07 04:12 - 00000000 ____D () C:\EEK
2014-04-06 21:15 - 2014-04-12 23:45 - 00000000 ____D () C:\Users\Axios\Desktop\RK_Quarantine
2014-04-06 21:15 - 2014-04-06 21:15 - 04527616 _____ () C:\Users\Axios\Desktop\RogueKillerX64.exe
2014-04-06 21:08 - 2014-04-06 21:08 - 01016261 _____ (Thisisu) C:\Users\Axios\Downloads\JRT (1).exe
2014-04-06 21:06 - 2014-04-06 21:06 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Axios\Downloads\iExplore.exe
2014-04-06 20:52 - 2014-04-06 20:52 - 01426178 _____ () C:\Users\Axios\Downloads\adwcleaner.exe
2014-04-06 20:49 - 2014-04-09 15:41 - 00000000 ____D () C:\Users\Axios\Downloads\tdsskiller
2014-04-06 20:49 - 2014-04-06 20:49 - 04135264 _____ (Kaspersky Lab ZAO) C:\Users\Axios\Downloads\tdsskiller.exe
2014-04-06 20:18 - 2014-04-06 20:18 - 00010832 _____ () C:\Windows\System32\.crusader
2014-04-06 20:12 - 2014-04-12 23:30 - 00000082 _____ () C:\Windows\System32\exlcidt.kcw
2014-04-06 20:11 - 2014-04-06 20:19 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-06 20:09 - 2014-04-06 20:10 - 10971424 _____ (SurfRight B.V.) C:\Users\Axios\Downloads\HitmanPro_x64.exe
2014-04-06 20:02 - 2014-04-06 20:02 - 00000064 _____ () C:\Windows\System32\vvygu.dek
2014-04-06 20:02 - 2014-04-06 20:02 - 00000000 _____ () C:\Windows\System32\wjvux.sid
2014-04-06 19:47 - 2014-04-06 19:47 - 00305834 ____S () C:\Windows\System32\ylskvoi.cnq
2014-04-06 17:34 - 2014-04-06 17:34 - 00013563 _____ () C:\Users\Axios\Downloads\[kickass.to]goat.simulator.2014.2014.pc.eng.coffee.stain.studios.torrent
2014-04-06 17:03 - 2014-04-06 17:03 - 00004047 _____ () C:\Users\Axios\Desktop\COOL STYLE.style
2014-04-06 15:07 - 2014-04-06 15:07 - 02177423 _____ () C:\Users\Axios\Downloads\wading river adoutttlineee.ai
2014-04-06 10:28 - 2014-04-06 10:37 - 00000000 ____D () C:\ProgramData\Rosetta Stone
2014-04-06 10:13 - 2014-04-06 10:13 - 00048309 _____ () C:\Users\Axios\Downloads\[kickass.to]rosetta.stone.v3.greek.l1.l2.l3.iso.torrent
2014-04-05 17:10 - 2014-04-05 17:10 - 00000000 ____D () C:\Users\Axios\AppData\Roaming\Unity
2014-04-02 17:43 - 2014-04-02 17:43 - 52664155 _____ () C:\Users\Axios\Desktop\Home2O-A.dwg
2014-04-01 18:02 - 2014-04-01 18:02 - 00000000 _____ () C:\Users\Axios\Desktop\letter roadmap, sheet size, tumbnails.txt
2014-03-31 13:43 - 2014-03-31 13:43 - 00000527 _____ () C:\Users\Public\Desktop\Age of Wonders III.lnk
2014-03-31 11:13 - 2014-03-31 11:13 - 00157457 _____ () C:\Users\Axios\Downloads\Office Dividers.dwg
2014-03-31 11:13 - 2014-03-31 11:13 - 00124752 _____ () C:\Users\Axios\Downloads\Office Furnishings.dwg
2014-03-31 11:13 - 2014-03-31 11:13 - 00091378 _____ () C:\Users\Axios\Downloads\Miscellaneous Office Objects.dwg
2014-03-31 11:12 - 2014-03-31 11:12 - 00141806 _____ () C:\Users\Axios\Downloads\Office Fixtures.dwg
2014-03-31 10:54 - 2014-03-31 10:54 - 00292849 _____ () C:\Users\Axios\Downloads\Bathroom Stalls.dwg
2014-03-31 10:53 - 2014-03-31 10:53 - 00142725 _____ () C:\Users\Axios\Downloads\Toilets and Urinals.dwg
2014-03-31 08:59 - 2014-03-31 08:59 - 00030128 _____ () C:\Users\Axios\Desktop\awesome.pptx
2014-03-31 08:17 - 2014-03-31 08:17 - 00022310 _____ () C:\Users\Axios\Desktop\Project1-FloorPlan-Level1.pcp
2014-03-31 08:17 - 2014-03-31 08:17 - 00017032 _____ () C:\Users\Axios\Desktop\Project1-FloorPlan-Level1.dwg
2014-03-30 18:12 - 2014-03-30 18:31 - 00000000 ____D () C:\Users\Axios\Documents\Settlers7
2014-03-29 14:21 - 2014-03-29 14:21 - 00001075 _____ () C:\Users\Public\Desktop\Smite.lnk
2014-03-29 14:21 - 2014-03-29 14:21 - 00001066 _____ () C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
2014-03-27 14:34 - 2014-03-27 14:34 - 01684324 _____ () C:\Users\Axios\Downloads\senior girl sDASDASDASDASDA.ai
2014-03-27 14:26 - 2014-03-27 14:57 - 01693304 _____ () C:\Users\Axios\Downloads\senior girl shirtgud.ai
2014-03-26 20:25 - 2014-03-26 20:25 - 00002188 _____ () C:\Users\Public\Desktop\Style Builder 2014.lnk
2014-03-26 20:25 - 2014-03-26 20:25 - 00002102 _____ () C:\Users\Public\Desktop\LayOut 2014.lnk
2014-03-26 20:25 - 2014-03-26 20:25 - 00002017 _____ () C:\Users\Public\Desktop\SketchUp 2014.lnk
2014-03-26 20:25 - 2014-03-26 20:25 - 00000000 ____D () C:\Program Files (x86)\SketchUp
2014-03-26 20:23 - 2014-03-26 20:23 - 00018435 _____ () C:\Users\Axios\Desktop\[kickass.to]sketchup.pro.2014.14.0.4900.cracked.files.chingliu.torrent
2014-03-26 20:22 - 2014-03-26 20:22 - 00052052 _____ () C:\Users\Axios\Desktop\new block.dwg
2014-03-26 19:08 - 2014-03-26 19:08 - 00857954 _____ () C:\Users\Axios\Desktop\Fable - The Lost Chapters (Vibrant).rar
2014-03-25 04:00 - 2014-03-25 04:00 - 00082363 _____ () C:\Users\Axios\Desktop\pallet.dwg
2014-03-25 03:41 - 2014-03-25 03:41 - 00000201 ____H () C:\Users\Axios\Desktop\2014_03_03 Pallet Parts.dwl2
2014-03-25 03:41 - 2014-03-25 03:41 - 00000051 ____H () C:\Users\Axios\Desktop\2014_03_03 Pallet Parts.dwl
2014-03-24 11:25 - 2014-03-24 11:25 - 00030208 _____ () C:\Users\Axios\Downloads\activityform (1) (3).xls
2014-03-24 11:10 - 2014-03-24 11:10 - 00029696 _____ () C:\Users\Axios\Downloads\activityform (1).xls
2014-03-23 09:24 - 2014-03-23 09:24 - 30817780 _____ () C:\Users\Axios\Desktop\RhinoCrashDump.3dm
2014-03-23 09:22 - 2014-04-13 00:16 - 00000000 ____D () C:\Users\Axios\AppData\Roaming\Raptr
2014-03-23 09:22 - 2014-04-12 04:20 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-03-23 09:22 - 2014-03-23 09:22 - 00071576 _____ () C:\Users\Axios\Downloads\raptr_installer.exe
2014-03-23 09:22 - 2014-03-23 09:22 - 00000000 ____D () C:\Users\Axios\AppData\Roaming\library_dir
2014-03-22 12:58 - 2014-03-22 12:58 - 00016142 _____ () C:\Users\Axios\Desktop\2014_03_03 Pallet Parts.dwg
2014-03-22 09:15 - 2014-03-22 09:17 - 10175897 _____ () C:\Users\Axios\Desktop\chair.psd
2014-03-22 05:14 - 2014-03-22 05:14 - 03820787 _____ () C:\Users\Axios\Downloads\lounge chair.skp
2014-03-20 18:47 - 2014-03-20 18:47 - 01086647 _____ () C:\Users\Axios\Desktop\t-shirt designs for seniors.ai
2014-03-20 18:47 - 2014-03-20 18:47 - 01086647 _____ () C:\Users\Axios\Desktop\t-shirt designs for seniors (1).ai
2014-03-20 18:15 - 2014-03-20 18:15 - 04704719 _____ () C:\Users\Axios\Desktop\splatter_drips_vector_set_by_fudgegraphics.zip
2014-03-20 12:09 - 2014-03-20 12:09 - 01232519 _____ () C:\Users\Axios\Downloads\t-shirt designs for seniors.ai
2014-03-18 16:40 - 2014-03-23 05:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-18 14:21 - 2014-03-18 14:21 - 00193576 _____ () C:\Users\Axios\Desktop\WER-43711-0.sysdata.xml
2014-03-17 09:21 - 2014-03-17 09:21 - 00001079 _____ () C:\Users\Public\Desktop\Tribes Ascend.lnk
2014-03-17 08:12 - 2014-03-17 08:16 - 00030103 _____ () C:\Users\Axios\Desktop\hell1o.pptx
2014-03-16 13:59 - 2014-03-16 13:59 - 00000000 ____D () C:\Users\Axios\Downloads\Brush_Pack_Professional_volume_4_-_Classic_Art
2014-03-16 13:17 - 2014-03-16 13:18 - 00000000 ____D () C:\Users\Axios\Downloads\lazy_brush_set_by_vesner-d5rrzrl
2014-03-16 13:14 - 2014-03-16 13:34 - 89592231 _____ () C:\Users\Axios\Downloads\Brush_Pack_Professional_volume_4_-_Classic_Art.rar
 
==================== One Month Modified Files and Folders =======
 
2014-04-13 04:20 - 2014-04-13 04:20 - 00000000 _____ () C:\FRST.txt
2014-04-13 04:20 - 2014-04-13 04:19 - 00000000 ____D () C:\FRST
2014-04-13 00:17 - 2009-07-13 20:45 - 00021280 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-13 00:17 - 2009-07-13 20:45 - 00021280 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-13 00:16 - 2014-04-11 07:11 - 00001512 _____ () C:\Windows\setupact.log
2014-04-13 00:16 - 2014-04-10 16:35 - 00094656 _____ (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp
2014-04-13 00:16 - 2014-03-23 09:22 - 00000000 ____D () C:\Users\Axios\AppData\Roaming\Raptr
2014-04-13 00:16 - 2013-08-11 17:50 - 02866176 ___SH () C:\Users\Axios\Desktop\Thumbs.db
2014-04-13 00:16 - 2013-06-30 12:44 - 00000000 ____D () C:\Users\Axios\AppData\Local\Overwolf
2014-04-13 00:16 - 2013-02-03 10:59 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-13 00:16 - 2012-12-09 15:25 - 00000000 ____D () C:\Users\Axios\AppData\Roaming\Dropbox
2014-04-13 00:16 - 2012-11-04 17:11 - 00000000 ____D () C:\Users\Axios\.gstreamer-0.10
2014-04-13 00:16 - 2012-11-04 17:10 - 00000000 ____D () C:\Users\Axios\AppData\Roaming\MotoCast
2014-04-13 00:16 - 2012-10-22 18:26 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-13 00:16 - 2012-10-22 18:16 - 00034752 _____ () C:\Windows\System32\Drivers\WPRO_41_2001.sys
2014-04-13 00:16 - 2012-10-22 18:14 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-04-13 00:16 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-13 00:14 - 2014-04-11 07:11 - 00002784 _____ () C:\Windows\PFRO.log
2014-04-13 00:11 - 2014-01-09 06:57 - 01937054 _____ () C:\Windows\WindowsUpdate.log
2014-04-13 00:00 - 2012-10-22 18:19 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3410182921-3306759744-3640942804-1000UA.job
2014-04-12 23:45 - 2014-04-06 21:15 - 00000000 ____D () C:\Users\Axios\Desktop\RK_Quarantine
2014-04-12 23:43 - 2009-07-13 21:13 - 00006398 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-04-12 23:39 - 2014-04-12 23:34 - 00000000 ___DC () C:\Users\Axios\AppData\Local\MigWiz
2014-04-12 23:39 - 2013-02-03 10:59 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-12 23:34 - 2014-04-12 23:34 - 00000762 _____ () C:\Windows\comsetup.log
2014-04-12 23:34 - 2013-08-28 17:48 - 00016896 ___SH () C:\Users\Axios\Thumbs.db
2014-04-12 23:34 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-04-12 23:30 - 2014-04-06 20:12 - 00000082 _____ () C:\Windows\System32\exlcidt.kcw
2014-04-12 19:03 - 2012-10-22 18:19 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3410182921-3306759744-3640942804-1000Core.job
2014-04-12 14:34 - 2014-04-12 14:34 - 00000000 ____D () C:\Users\Axios\AppData\Local\ESET
2014-04-12 10:34 - 2012-10-22 18:14 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-04-12 07:08 - 2014-04-12 07:08 - 08835072 _____ () C:\Windows\System32\Drivers\nvlddmkm.sys.bak
2014-04-12 07:08 - 2014-04-12 07:08 - 00028672 _____ () C:\Windows\System32\Drivers\winusb.sys.bak
2014-04-12 07:08 - 2014-04-12 07:08 - 00012288 _____ () C:\Windows\System32\Drivers\winhv.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000512 _____ () C:\Windows\System32\Drivers\wfplwf.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000512 _____ () C:\Windows\System32\Drivers\tape.sys.bak
2014-04-12 07:08 - 2014-04-12 07:08 - 00000512 _____ () C:\Windows\System32\Drivers\smclib.sys.bak
2014-04-12 07:08 - 2014-04-12 07:08 - 00000512 _____ () C:\Windows\System32\Drivers\sfloppy.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000512 _____ () C:\Windows\System32\Drivers\rdpvideominiport.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000512 _____ () C:\Windows\System32\Drivers\pacer.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000384 _____ () C:\Windows\System32\Drivers\pci.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000208 _____ () C:\Windows\System32\Drivers\swenum.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000080 _____ () C:\Windows\System32\Drivers\stexstor.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000080 _____ () C:\Windows\System32\Drivers\NV_AGP.SYS.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000064 _____ () C:\Windows\System32\Drivers\pciide.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000005 _____ () C:\Users\Axios\Desktop\RKreport[0]_S_04122014_110844.txt
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 ____D () C:\Windows\snack
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\WmBEnum.sys.bak
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\wimmount.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\Wibukey2_64.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\WdfLdr.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\volsnap.sys.bak
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\volmgrx.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\volmgr.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\vmstorfl.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\vms3cap.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\VMBusHID.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\vmbus.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\videoprt.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\viaide.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\TsUsbFlt.sys.bak
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\tssecsrv.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\Synth3dVsc.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\stream.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\storvsc.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\storport.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\sscdwhnt.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\sscdwh.sys.bak
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\smb.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\sisraid4.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\sisraid2.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\sffp_sd.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\sffp_mmc.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\sffdisk.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\rdpwd.sys.bak
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\RDPREFMP.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\RDPENCDD.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\rdpdr.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\RDPCDD.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\pcw.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\pcmcia.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\pciidex.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\partmgr.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\parport.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\ohci1394.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\nwifi.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\nvvad64v.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\nvstor.sys.dump
2014-04-12 07:08 - 2014-04-12 07:08 - 00000000 _____ () C:\Windows\System32\Drivers\nvraid.sys.dump
2014-04-12 06:26 - 2014-04-12 06:26 - 00031412 _____ () C:\Users\Axios\Desktop\dds.txt
2014-04-12 06:26 - 2014-04-12 06:26 - 00016958 _____ () C:\Users\Axios\Desktop\attach.txt
2014-04-12 06:25 - 2014-04-12 06:25 - 00688992 ____R (Swearware) C:\Users\Axios\Desktop\dds.com
2014-04-12 06:22 - 2014-03-09 18:08 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-04-12 06:00 - 2013-08-20 08:29 - 00223744 ___SH () C:\Users\Axios\Documents\Thumbs.db
2014-04-12 04:20 - 2014-03-23 09:22 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-04-11 21:19 - 2012-10-22 19:43 - 00000000 ____D () C:\Users\Axios\AppData\Local\CrashDumps
2014-04-11 21:08 - 2014-04-11 21:08 - 00003134 _____ () C:\Windows\System32\Tasks\{FB128AAF-6D41-4633-A179-65BA7782482A}
2014-04-11 20:57 - 2014-04-11 20:57 - 00087360 _____ () C:\Users\Axios\Desktop\gmer.wmv
2014-04-11 20:54 - 2014-04-11 20:54 - 00380416 _____ () C:\Users\Axios\Desktop\r6r50rxk.exe
2014-04-11 20:53 - 2014-04-10 17:26 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-04-11 20:40 - 2012-10-23 15:36 - 00000000 ____D () C:\Program Files\PeerBlock
2014-04-11 20:15 - 2014-04-11 20:15 - 04118280 _____ () C:\Users\Axios\Desktop\tdsskiller (1).zip
2014-04-11 20:15 - 2014-04-11 20:15 - 00000000 ____D () C:\Users\Axios\Desktop\tdsskiller (1)
2014-04-11 20:15 - 2014-04-09 16:29 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-11 07:11 - 2014-04-11 07:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-11 07:01 - 2014-04-11 07:01 - 00000000 ___SD () C:\ComboFix
2014-04-11 05:50 - 2014-04-09 16:08 - 00000000 ____D () C:\Qoobox
2014-04-11 05:31 - 2014-04-11 05:30 - 00000000 ____D () C:\Users\Axios\AppData\Roaming\Comodo
2014-04-11 04:00 - 2014-04-11 03:55 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-04-10 19:37 - 2012-11-17 04:23 - 00000132 _____ () C:\Users\Axios\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-04-10 19:36 - 2013-11-17 09:44 - 00000000 ____D () C:\Users\Axios\AppData\Roaming\uTorrent
2014-04-10 18:21 - 2014-04-10 18:21 - 00003580 _____ () C:\Users\Axios\Desktop\RKreport[0]_D_04102014_222143.txt
2014-04-10 18:21 - 2014-04-10 18:21 - 00001180 _____ () C:\Users\Axios\Desktop\RKreport[0]_H_04102014_222152.txt
2014-04-10 18:20 - 2014-04-10 18:20 - 00003443 _____ () C:\Users\Axios\Desktop\RKreport[0]_S_04102014_222054.txt
2014-04-10 17:49 - 2012-10-25 11:37 - 00055535 _____ () C:\Users\Axios\Documents\plot.log
2014-04-10 17:31 - 2014-04-10 17:31 - 00000000 ___HD () C:\VTRoot
2014-04-10 17:27 - 2013-05-11 07:43 - 00000000 ____D () C:\users\hedev
2014-04-10 17:26 - 2014-04-10 17:26 - 00000000 ____D () C:\Users\Axios\AppData\Local\Comodo
2014-04-10 17:25 - 2014-04-09 16:29 - 00000000 ____D () C:\Users\Axios\Desktop\mbar
2014-04-10 17:25 - 2014-04-09 16:29 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-10 16:55 - 2014-04-10 16:55 - 00001736 _____ () C:\Users\Axios\Desktop\PeerBlock.lnk
2014-04-10 16:54 - 2014-04-10 16:54 - 02374320 _____ (PeerBlock, LLC ) C:\Users\Axios\Desktop\PeerBlock-Setup_v1.2_r693.exe
2014-04-10 16:48 - 2014-04-10 16:48 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Axios\Desktop\mbar-1.07.0.1009.exe
2014-04-10 16:32 - 2014-04-10 16:32 - 04745728 _____ (AVAST Software) C:\Users\Axios\Desktop\aswMBR.exe
2014-04-10 16:29 - 2014-04-10 16:29 - 00048139 _____ () C:\ComboFix.txt
2014-04-10 16:28 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-10 16:07 - 2014-04-10 16:07 - 00002495 _____ () C:\Users\Axios\Desktop\RKreport[0]_S_04102014_200720.txt
2014-04-10 15:57 - 2014-04-10 15:57 - 00003303 _____ () C:\Users\Axios\Desktop\RKreport[0]_D_04102014_195708.txt
2014-04-10 15:54 - 2014-04-10 15:54 - 00003176 _____ () C:\Users\Axios\Desktop\RKreport[0]_S_04102014_195410.txt
2014-04-10 15:46 - 2014-04-10 15:46 - 00000310 _____ () C:\Users\Axios\Downloads\RootkitRemover_20140410_194632.log
2014-04-10 15:45 - 2014-04-10 15:45 - 00783632 _____ (McAfee, Inc.) C:\Users\Axios\Downloads\rootkitremover.exe
2014-04-10 15:45 - 2014-04-10 15:45 - 00000310 _____ () C:\Users\Axios\Downloads\RootkitRemover_20140410_194537.log
2014-04-10 15:41 - 2009-07-13 21:08 - 00032546 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-09 20:17 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\System32\FxsTmp
2014-04-09 19:08 - 2014-04-09 19:08 - 00000000 ____D () C:\Users\Axios\Desktop\mediaupload-12-02-21-Eldorado_Stone_Hatch_Patterns
2014-04-09 16:27 - 2009-07-13 19:20 - 00000000 __RHD () C:\users\Default
2014-04-09 16:26 - 2014-04-09 16:08 - 00000000 ____D () C:\Windows\erdnt
2014-04-09 16:24 - 2013-09-05 07:34 - 00000000 ____D () C:\Users\Axios\AppData\Roaming\miner
2014-04-09 16:08 - 2014-04-10 16:11 - 05196025 ____R (Swearware) C:\Users\Axios\Desktop\ComboFix.exe
2014-04-09 16:08 - 2014-04-09 16:08 - 05196025 ____R (Swearware) C:\Users\Axios\Downloads\ComboFix.exe
2014-04-09 16:03 - 2014-04-09 16:03 - 00012872 _____ (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2014-04-09 15:41 - 2014-04-09 15:41 - 04118841 _____ () C:\Users\Axios\Downloads\tdsskiller.zip
2014-04-09 15:41 - 2014-04-06 20:49 - 00000000 ____D () C:\Users\Axios\Downloads\tdsskiller
2014-04-09 10:11 - 2014-04-09 10:11 - 00304440 _____ () C:\Users\Axios\Desktop\cc_20140409_141103.reg
2014-04-09 09:44 - 2014-04-09 09:44 - 00000000 ____D () C:\ProgramData\ESET
2014-04-09 09:44 - 2014-04-09 09:44 - 00000000 ____D () C:\Program Files\ESET
2014-04-08 13:42 - 2012-10-28 12:42 - 00000000 ____D () C:\Users\Axios\Documents\Misc
2014-04-08 03:11 - 2014-04-08 02:34 - 00000000 ____D () C:\Users\Axios\Downloads\elevator cad drawings
2014-04-08 02:34 - 2014-04-08 02:34 - 01239177 _____ () C:\Users\Axios\Downloads\elevator cad drawings.rar
2014-04-07 17:11 - 2014-04-07 17:11 - 05577663 _____ () C:\Users\Axios\Downloads\Melamine-wood-patterns-PIXEDEN.zip
2014-04-07 17:11 - 2014-04-07 17:11 - 00000000 ____D () C:\Users\Axios\Downloads\Melamine-wood-patterns-PIXEDEN
2014-04-07 16:23 - 2012-10-23 17:12 - 00000000 ____D () C:\Users\Axios\AppData\Local\cache
2014-04-07 05:17 - 2014-02-07 07:23 - 00000000 ____D () C:\AdwCleaner
2014-04-07 05:09 - 2014-04-07 05:09 - 00022587 _____ () C:\spyhunter.fix
2014-04-07 04:32 - 2014-04-07 04:30 - 00000000 ____D () C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2014-04-07 04:31 - 2014-04-07 04:31 - 00002288 _____ () C:\Users\Axios\Desktop\SpyHunter.lnk
2014-04-07 04:31 - 2014-04-07 04:31 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2014-04-07 04:31 - 2014-04-07 04:31 - 00000000 _____ () C:\autoexec.bat
2014-04-07 04:29 - 2014-04-07 04:29 - 00014740 _____ () C:\Users\Axios\Downloads\[kickass.to]spyhunter.4.16.5.4290.patch.torrent
2014-04-07 04:25 - 2014-04-07 04:25 - 00187464 _____ (Webroot) C:\Users\Axios\Downloads\antizeroaccess.exe
2014-04-07 04:12 - 2014-04-07 04:12 - 225822512 _____ () C:\Users\Axios\Downloads\EmsisoftEmergencyKit.exe
2014-04-07 04:12 - 2014-04-07 04:12 - 00000546 _____ () C:\Users\Axios\Desktop\Emsisoft Emergency Kit.lnk
2014-04-07 04:12 - 2014-04-07 04:12 - 00000000 ____D () C:\EEK
2014-04-07 04:07 - 2012-10-22 18:07 - 00000000 ____D () C:\Users\Axios\AppData\Local\VirtualStore
2014-04-07 03:40 - 2014-04-10 16:33 - 04139872 _____ (Kaspersky Lab ZAO) C:\Users\Axios\Desktop\TDSSKiller.exe
2014-04-06 21:20 - 2012-10-22 18:36 - 00000000 ____D () C:\Users\Axios\AppData\Local\LifeStudio
2014-04-06 21:15 - 2014-04-06 21:15 - 04527616 _____ () C:\Users\Axios\Desktop\RogueKillerX64.exe
2014-04-06 21:08 - 2014-04-06 21:08 - 01016261 _____ (Thisisu) C:\Users\Axios\Downloads\JRT (1).exe
2014-04-06 21:06 - 2014-04-06 21:06 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Axios\Downloads\iExplore.exe
2014-04-06 20:57 - 2013-01-14 15:04 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-04-06 20:52 - 2014-04-06 20:52 - 01426178 _____ () C:\Users\Axios\Downloads\adwcleaner.exe
2014-04-06 20:49 - 2014-04-06 20:49 - 04135264 _____ (Kaspersky Lab ZAO) C:\Users\Axios\Downloads\tdsskiller.exe
2014-04-06 20:19 - 2014-04-06 20:11 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-06 20:18 - 2014-04-06 20:18 - 00010832 _____ () C:\Windows\System32\.crusader
2014-04-06 20:18 - 2013-12-31 22:00 - 00000000 ____D () C:\ProgramData\WebPlat
2014-04-06 20:10 - 2014-04-06 20:09 - 10971424 _____ (SurfRight B.V.) C:\Users\Axios\Downloads\HitmanPro_x64.exe
2014-04-06 20:02 - 2014-04-06 20:02 - 00000064 _____ () C:\Windows\System32\vvygu.dek
2014-04-06 20:02 - 2014-04-06 20:02 - 00000000 _____ () C:\Windows\System32\wjvux.sid
2014-04-06 19:47 - 2014-04-06 19:47 - 00305834 ____S () C:\Windows\System32\ylskvoi.cnq
2014-04-06 17:38 - 2012-10-22 18:51 - 00000000 ____D () C:\Users\Axios\Documents\My Games
2014-04-06 17:34 - 2014-04-06 17:34 - 00013563 _____ () C:\Users\Axios\Downloads\[kickass.to]goat.simulator.2014.2014.pc.eng.coffee.stain.studios.torrent
2014-04-06 17:03 - 2014-04-06 17:03 - 00004047 _____ () C:\Users\Axios\Desktop\COOL STYLE.style
2014-04-06 15:07 - 2014-04-06 15:07 - 02177423 _____ () C:\Users\Axios\Downloads\wading river adoutttlineee.ai
2014-04-06 10:37 - 2014-04-06 10:28 - 00000000 ____D () C:\ProgramData\Rosetta Stone
2014-04-06 10:29 - 2012-10-23 17:09 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-04-06 10:13 - 2014-04-06 10:13 - 00048309 _____ () C:\Users\Axios\Downloads\[kickass.to]rosetta.stone.v3.greek.l1.l2.l3.iso.torrent
2014-04-05 17:10 - 2014-04-05 17:10 - 00000000 ____D () C:\Users\Axios\AppData\Roaming\Unity
2014-04-03 10:24 - 2013-04-05 18:50 - 00000000 ____D () C:\Users\Axios\AppData\Local\Akamai
2014-04-02 17:43 - 2014-04-02 17:43 - 52664155 _____ () C:\Users\Axios\Desktop\Home2O-A.dwg
2014-04-02 13:28 - 2012-10-22 19:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-02 10:47 - 2014-03-13 14:54 - 03779028 _____ () C:\Users\Axios\Downloads\wading river ad.ai
2014-04-01 18:02 - 2014-04-01 18:02 - 00000000 _____ () C:\Users\Axios\Desktop\letter roadmap, sheet size, tumbnails.txt
2014-03-31 16:05 - 2014-03-08 05:39 - 00000000 ____D () C:\Users\Axios\Desktop\craps 2014_03_08
2014-03-31 13:43 - 2014-03-31 13:43 - 00000527 _____ () C:\Users\Public\Desktop\Age of Wonders III.lnk
2014-03-31 11:13 - 2014-03-31 11:13 - 00157457 _____ () C:\Users\Axios\Downloads\Office Dividers.dwg
2014-03-31 11:13 - 2014-03-31 11:13 - 00124752 _____ () C:\Users\Axios\Downloads\Office Furnishings.dwg
2014-03-31 11:13 - 2014-03-31 11:13 - 00091378 _____ () C:\Users\Axios\Downloads\Miscellaneous Office Objects.dwg
2014-03-31 11:12 - 2014-03-31 11:12 - 00141806 _____ () C:\Users\Axios\Downloads\Office Fixtures.dwg
2014-03-31 10:54 - 2014-03-31 10:54 - 00292849 _____ () C:\Users\Axios\Downloads\Bathroom Stalls.dwg
2014-03-31 10:53 - 2014-03-31 10:53 - 00142725 _____ () C:\Users\Axios\Downloads\Toilets and Urinals.dwg
2014-03-31 08:59 - 2014-03-31 08:59 - 00030128 _____ () C:\Users\Axios\Desktop\awesome.pptx
2014-03-31 08:17 - 2014-03-31 08:17 - 00022310 _____ () C:\Users\Axios\Desktop\Project1-FloorPlan-Level1.pcp
2014-03-31 08:17 - 2014-03-31 08:17 - 00017032 _____ () C:\Users\Axios\Desktop\Project1-FloorPlan-Level1.dwg
2014-03-30 18:31 - 2014-03-30 18:12 - 00000000 ____D () C:\Users\Axios\Documents\Settlers7
2014-03-30 18:02 - 2012-10-22 18:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-29 14:21 - 2014-03-29 14:21 - 00001075 _____ () C:\Users\Public\Desktop\Smite.lnk
2014-03-29 14:21 - 2014-03-29 14:21 - 00001066 _____ () C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
2014-03-27 14:57 - 2014-03-27 14:26 - 01693304 _____ () C:\Users\Axios\Downloads\senior girl shirtgud.ai
2014-03-27 14:57 - 2013-09-28 12:51 - 00000000 ____D () C:\Users\Axios\Documents\fotissssssss
2014-03-27 14:34 - 2014-03-27 14:34 - 01684324 _____ () C:\Users\Axios\Downloads\senior girl sDASDASDASDASDA.ai
2014-03-26 20:28 - 2013-09-22 12:36 - 00000000 ____D () C:\Users\Axios\AppData\Roaming\SketchUp
2014-03-26 20:25 - 2014-03-26 20:25 - 00002188 _____ () C:\Users\Public\Desktop\Style Builder 2014.lnk
2014-03-26 20:25 - 2014-03-26 20:25 - 00002102 _____ () C:\Users\Public\Desktop\LayOut 2014.lnk
2014-03-26 20:25 - 2014-03-26 20:25 - 00002017 _____ () C:\Users\Public\Desktop\SketchUp 2014.lnk
2014-03-26 20:25 - 2014-03-26 20:25 - 00000000 ____D () C:\Program Files (x86)\SketchUp
2014-03-26 20:25 - 2014-01-22 17:58 - 00000000 ____D () C:\ProgramData\SketchUp
2014-03-26 20:23 - 2014-03-26 20:23 - 00018435 _____ () C:\Users\Axios\Desktop\[kickass.to]sketchup.pro.2014.14.0.4900.cracked.files.chingliu.torrent
2014-03-26 20:22 - 2014-03-26 20:22 - 00052052 _____ () C:\Users\Axios\Desktop\new block.dwg
2014-03-26 19:08 - 2014-03-26 19:08 - 00857954 _____ () C:\Users\Axios\Desktop\Fable - The Lost Chapters (Vibrant).rar
2014-03-25 04:00 - 2014-03-25 04:00 - 00082363 _____ () C:\Users\Axios\Desktop\pallet.dwg
2014-03-25 03:41 - 2014-03-25 03:41 - 00000201 ____H () C:\Users\Axios\Desktop\2014_03_03 Pallet Parts.dwl2
2014-03-25 03:41 - 2014-03-25 03:41 - 00000051 ____H () C:\Users\Axios\Desktop\2014_03_03 Pallet Parts.dwl
2014-03-24 16:17 - 2013-11-17 11:00 - 00000000 ____D () C:\Users\Axios\Documents\Assassin's Creed IV Black Flag
2014-03-24 14:53 - 2013-03-03 18:40 - 00000000 ____D () C:\Users\Axios\Documents\fotis
2014-03-24 11:25 - 2014-03-24 11:25 - 00030208 _____ () C:\Users\Axios\Downloads\activityform (1) (3).xls
2014-03-24 11:10 - 2014-03-24 11:10 - 00029696 _____ () C:\Users\Axios\Downloads\activityform (1).xls
2014-03-23 15:37 - 2013-10-20 08:36 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-23 15:37 - 2013-10-20 08:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-23 15:37 - 2013-09-05 08:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-23 09:24 - 2014-03-23 09:24 - 30817780 _____ () C:\Users\Axios\Desktop\RhinoCrashDump.3dm
2014-03-23 09:22 - 2014-03-23 09:22 - 00071576 _____ () C:\Users\Axios\Downloads\raptr_installer.exe
2014-03-23 09:22 - 2014-03-23 09:22 - 00000000 ____D () C:\Users\Axios\AppData\Roaming\library_dir
2014-03-23 05:16 - 2014-03-18 16:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-22 12:58 - 2014-03-22 12:58 - 00016142 _____ () C:\Users\Axios\Desktop\2014_03_03 Pallet Parts.dwg
2014-03-22 09:17 - 2014-03-22 09:15 - 10175897 _____ () C:\Users\Axios\Desktop\chair.psd
2014-03-22 05:14 - 2014-03-22 05:14 - 03820787 _____ () C:\Users\Axios\Downloads\lounge chair.skp
2014-03-20 18:47 - 2014-03-20 18:47 - 01086647 _____ () C:\Users\Axios\Desktop\t-shirt designs for seniors.ai
2014-03-20 18:47 - 2014-03-20 18:47 - 01086647 _____ () C:\Users\Axios\Desktop\t-shirt designs for seniors (1).ai
2014-03-20 18:15 - 2014-03-20 18:15 - 04704719 _____ () C:\Users\Axios\Desktop\splatter_drips_vector_set_by_fudgegraphics.zip
2014-03-20 13:53 - 2013-08-04 12:16 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-20 12:09 - 2014-03-20 12:09 - 01232519 _____ () C:\Users\Axios\Downloads\t-shirt designs for seniors.ai
2014-03-19 10:16 - 2012-10-22 18:17 - 00183440 _____ () C:\Users\Axios\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-19 10:16 - 2009-07-13 20:45 - 09884368 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-03-18 16:19 - 2013-01-27 15:06 - 00000000 ____D () C:\Users\Axios\AppData\Roaming\TeamViewer
2014-03-18 16:18 - 2012-10-23 18:23 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-03-18 15:45 - 2012-04-02 21:04 - 00338302 _____ () C:\Users\Axios\Desktop\031814-17581-01.dmp
2014-03-18 14:21 - 2014-03-18 14:21 - 00193576 _____ () C:\Users\Axios\Desktop\WER-43711-0.sysdata.xml
2014-03-18 14:21 - 2012-04-02 21:04 - 00338302 _____ () C:\Users\Axios\Desktop\031814-17331-01.dmp
2014-03-18 12:53 - 2012-12-08 11:18 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-03-18 12:20 - 2013-06-30 12:45 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2014-03-17 09:23 - 2013-10-26 08:37 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-03-17 09:21 - 2014-03-17 09:21 - 00001079 _____ () C:\Users\Public\Desktop\Tribes Ascend.lnk
2014-03-17 09:20 - 2013-11-01 11:17 - 00000003 _____ () C:\Windows\System32\HRUPPROG.TXT
2014-03-17 08:16 - 2014-03-17 08:12 - 00030103 _____ () C:\Users\Axios\Desktop\hell1o.pptx
2014-03-16 13:59 - 2014-03-16 13:59 - 00000000 ____D () C:\Users\Axios\Downloads\Brush_Pack_Professional_volume_4_-_Classic_Art
2014-03-16 13:34 - 2014-03-16 13:14 - 89592231 _____ () C:\Users\Axios\Downloads\Brush_Pack_Professional_volume_4_-_Classic_Art.rar
2014-03-16 13:18 - 2014-03-16 13:17 - 00000000 ____D () C:\Users\Axios\Downloads\lazy_brush_set_by_vesner-d5rrzrl
2014-03-15 10:23 - 2014-03-05 09:16 - 00000000 ____D () C:\Users\Axios\Graphisoft
2014-03-15 09:57 - 2014-03-05 09:16 - 00000000 ____D () C:\Users\Axios\Documents\BIMx
2014-03-15 05:38 - 2013-11-01 07:13 - 00000000 ____D () C:\Users\Axios\Documents\Max Payne Savegames
 
Some content of TEMP:
====================
C:\Users\Axios\AppData\Local\Temp\jna8782956407442556977.dll
C:\Users\Axios\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Axios\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2010-11-20 19:24] - [2010-11-20 19:24] - 0520192 ____A (Microsoft Corporation) 2E960CEDFD00BD79D1973B64EBD0B06E
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 7%
Total physical RAM: 16279.08 MB
Available physical RAM: 15076.85 MB
Total Pagefile: 16277.28 MB
Available Pagefile: 15086.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.69 GB) (Free:0.62 GB) NTFS
Drive d: (BARRACOOODA) (Fixed) (Total:931.51 GB) (Free:378.63 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (DUOCOOODA) (Fixed) (Total:1863.01 GB) (Free:785.52 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: F4A3DBED)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 486FBB7C)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 6018BD85)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
 
 
LastRegBack: 2013-11-18 16:07
 
==================== End Of Log ============================
 
 
 

Farbar Recovery Scan Tool (x64) Version: 12-04-2014 01
Ran by SYSTEM at 2014-04-13 04:20:55
Running from C:\
Boot Mode: Recovery
 
================== Search: "rpcss.dll" ===================
 
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2010-11-20 19:24] - [2010-11-20 19:24] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123
 
C:\Windows\System32\rpcss.dll
[2010-11-20 19:24] - [2010-11-20 19:24] - 0520192 ____A (Microsoft Corporation) 2E960CEDFD00BD79D1973B64EBD0B06E
 
X:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2010-11-20 02:36] - [2010-11-20 05:27] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123
 
X:\Windows\System32\rpcss.dll
[2010-11-20 02:36] - [2010-11-20 05:27] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123
 
====== End Of Search ======
 
thanks again!


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:57 PM

Posted 13 April 2014 - 07:39 AM



Hello achris03



Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

 
2014-04-06 20:02 - 2014-04-06 20:02 - 00000064 _____ () C:\Windows\System32\vvygu.dek
2014-04-06 20:02 - 2014-04-06 20:02 - 00000000 _____ () C:\Windows\System32\wjvux.sid
2014-04-06 19:47 - 2014-04-06 19:47 - 00305834 ____S () C:\Windows\System32\ylskvoi.cnq
Replace: X:\Windows\System32\rpcss.dll  C:\Windows\System32\rpcss.dll
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 achris03

achris03
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 13 April 2014 - 09:08 AM

Attached is the log, I ran RogueKiller and did the prescan it DID NOT pickup and kill svchost.exe.
I have not heard any ads yet since it plays at random times, but will keep you posted.
Thanks again.
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-04-2014 01
Ran by SYSTEM at 2014-04-13 10:04:15 Run:1
Running from Y:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
2014-04-06 20:02 - 2014-04-06 20:02 - 00000064 _____ () C:\Windows\System32\vvygu.dek
2014-04-06 20:02 - 2014-04-06 20:02 - 00000000 _____ () C:\Windows\System32\wjvux.sid
2014-04-06 19:47 - 2014-04-06 19:47 - 00305834 ____S () C:\Windows\System32\ylskvoi.cnq
Replace: X:\Windows\System32\rpcss.dll  C:\Windows\System32\rpcss.dll
*****************
 
C:\Windows\System32\vvygu.dek => Moved successfully.
C:\Windows\System32\wjvux.sid => Moved successfully.
C:\Windows\System32\ylskvoi.cnq => Moved successfully.
C:\Windows\System32\rpcss.dll => Moved successfully.
X:\Windows\System32\rpcss.dll  copied successfully to C:\Windows\System32\rpcss.dll
 
==== End of Fixlog ====


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:57 PM

Posted 13 April 2014 - 11:54 AM


Hello achris03

I would like you to download an updated version of combofix.

update combofix
  • Delete the version of combofix you have now on your desktop and download a new one from here**Note: It is important that it is saved directly to your desktop**

    1. Close any open browsers.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Double click on combofix.exe & follow the prompts.
    When finished, it will produce a report for you.

    Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

    Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 achris03

achris03
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 13 April 2014 - 02:10 PM

Gringo,

 

Everything is running perfectly....NO ADS!!!!

 

THANKS!

 

here is the log for your review :

 

ComboFix 14-04-12.01 - Axios 04/13/2014  14:47:16.3.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.16279.12665 [GMT -4:00]
Running from: c:\users\Axios\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Axios\AppData\Local\Temp\_MEI40842\_ctypes.pyd
c:\users\Axios\AppData\Local\Temp\_MEI40842\_elementtree.pyd
c:\users\Axios\AppData\Local\Temp\_MEI40842\_hashlib.pyd
c:\users\Axios\AppData\Local\Temp\_MEI40842\_multiprocessing.pyd
c:\users\Axios\AppData\Local\Temp\_MEI40842\_socket.pyd
c:\users\Axios\AppData\Local\Temp\_MEI40842\_ssl.pyd
c:\users\Axios\AppData\Local\Temp\_MEI40842\pyexpat.pyd
c:\users\Axios\AppData\Local\Temp\_MEI40842\pysqlite2._sqlite.pyd
c:\users\Axios\AppData\Local\Temp\_MEI40842\python27.dll
c:\users\Axios\AppData\Local\Temp\_MEI40842\pythoncom27.dll
c:\users\Axios\AppData\Local\Temp\_MEI40842\PyWinTypes27.dll
c:\users\Axios\AppData\Local\Temp\_MEI40842\select.pyd
c:\users\Axios\AppData\Local\Temp\_MEI40842\unicodedata.pyd
c:\users\Axios\AppData\Local\Temp\_MEI40842\win32api.pyd
c:\users\Axios\AppData\Local\Temp\_MEI40842\win32com.shell.shell.pyd
c:\users\Axios\AppData\Local\Temp\_MEI40842\win32crypt.pyd
c:\users\Axios\AppData\Local\Temp\_MEI40842\win32event.pyd
c:\users\Axios\AppData\Local\Temp\_MEI40842\win32file.pyd
c:\users\Axios\AppData\Local\Temp\_MEI40842\win32inet.pyd
c:\users\Axios\AppData\Local\Temp\_MEI40842\win32pdh.pyd
c:\users\Axios\AppData\Local\Temp\_MEI40842\win32pipe.pyd
c:\users\Axios\AppData\Local\Temp\_MEI40842\win32process.pyd
c:\users\Axios\AppData\Local\Temp\_MEI40842\win32profile.pyd
c:\users\Axios\AppData\Local\Temp\_MEI40842\win32security.pyd
c:\users\Axios\AppData\Local\Temp\_MEI40842\win32ts.pyd
c:\users\Axios\AppData\Local\Temp\_MEI40842\windows._lib_cacheinvalidation.pyd
c:\users\Axios\AppData\Local\Temp\_MEI40842\wx._controls_.pyd
c:\users\Axios\AppData\Local\Temp\_MEI40842\wx._core_.pyd
c:\users\Axios\AppData\Local\Temp\_MEI40842\wx._gdi_.pyd
c:\users\Axios\AppData\Local\Temp\_MEI40842\wx._html2.pyd
c:\users\Axios\AppData\Local\Temp\_MEI40842\wx._misc_.pyd
c:\users\Axios\AppData\Local\Temp\_MEI40842\wx._windows_.pyd
c:\users\Axios\AppData\Local\Temp\_MEI40842\wx._wizard.pyd
c:\users\Axios\AppData\Local\Temp\_MEI40842\wxbase294u_net_vc90.dll
c:\users\Axios\AppData\Local\Temp\_MEI40842\wxbase294u_vc90.dll
c:\users\Axios\AppData\Local\Temp\_MEI40842\wxmsw294u_adv_vc90.dll
c:\users\Axios\AppData\Local\Temp\_MEI40842\wxmsw294u_core_vc90.dll
c:\users\Axios\AppData\Local\Temp\_MEI40842\wxmsw294u_html_vc90.dll
c:\users\Axios\AppData\Local\Temp\_MEI40842\wxmsw294u_webview_vc90.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-13 to 2014-04-13  )))))))))))))))))))))))))))))))
.
.
2014-04-13 18:59 . 2014-04-13 18:59 -------- d-----w- c:\users\hedev\AppData\Local\temp
2014-04-13 18:59 . 2014-04-13 18:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-13 15:09 . 2014-04-13 15:09 -------- d-----w- c:\windows\Migration
2014-04-13 15:03 . 2014-04-13 15:03 -------- d-----w- c:\users\Axios\AppData\Local\Ubisoft
2014-04-13 12:19 . 2014-04-13 18:04 -------- d-----w- C:\FRST
2014-04-13 07:34 . 2014-04-13 07:39 -------- dc----w- c:\users\Axios\AppData\Local\MigWiz
2014-04-13 03:04 . 2014-04-13 03:04 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AAC31454-0E2C-4B01-88E7-E01FEDB3A22B}\offreg.dll
2014-04-12 22:34 . 2014-04-12 22:34 -------- d-----w- c:\users\Axios\AppData\Local\ESET
2014-04-12 15:08 . 2014-04-12 15:08 28672 ----a-w- c:\windows\system32\drivers\winusb.sys.bak
2014-04-12 15:08 . 2014-04-12 15:08 -------- d-----w- c:\windows\snack
2014-04-12 15:08 . 2014-04-12 15:08 8835072 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys.bak
2014-04-11 13:30 . 2014-04-11 13:31 -------- d-----w- c:\users\Axios\AppData\Roaming\Comodo
2014-04-11 11:55 . 2014-04-11 12:00 -------- d-----w- c:\programdata\SecTaskMan
2014-04-11 01:31 . 2014-04-11 01:31 -------- d-----w- C:\VTRoot
2014-04-11 01:26 . 2014-04-11 01:26 -------- d-----w- c:\users\Axios\AppData\Local\Comodo
2014-04-11 01:26 . 2014-04-12 04:53 -------- d-----w- c:\program files (x86)\Comodo
2014-04-11 00:35 . 2014-04-13 19:00 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp
2014-04-10 00:29 . 2014-04-11 01:25 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-04-10 00:29 . 2014-04-12 04:15 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-10 00:03 . 2014-04-10 00:03 12872 ----a-w- c:\windows\system32\bootdelete.exe
2014-04-09 17:44 . 2014-04-09 17:44 -------- d-----w- c:\program files\ESET
2014-04-07 13:09 . 2010-05-13 22:34 14232 ----a-w- c:\windows\SysWow64\sh4native.exe
2014-04-07 12:31 . 2014-04-07 12:31 110080 ----a-r- c:\users\Axios\AppData\Roaming\Microsoft\Installer\{0028CB34-D5D3-460F-B308-A39A095A5E01}\IconF7A21AF7.exe
2014-04-07 12:31 . 2014-04-07 12:31 110080 ----a-r- c:\users\Axios\AppData\Roaming\Microsoft\Installer\{0028CB34-D5D3-460F-B308-A39A095A5E01}\IconD7F16134.exe
2014-04-07 12:31 . 2014-04-07 12:31 110080 ----a-r- c:\users\Axios\AppData\Roaming\Microsoft\Installer\{0028CB34-D5D3-460F-B308-A39A095A5E01}\IconCF33A0CE.exe
2014-04-07 12:31 . 2014-04-07 12:31 -------- d-----w- c:\program files (x86)\Enigma Software Group
2014-04-07 12:30 . 2014-04-07 12:32 -------- d-----w- c:\windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2014-04-07 12:12 . 2014-04-07 12:12 -------- d-----w- C:\EEK
2014-04-07 04:11 . 2014-04-07 04:19 -------- d-----w- c:\programdata\HitmanPro
2014-04-06 18:28 . 2014-04-06 18:37 -------- d-----w- c:\programdata\Rosetta Stone
2014-04-06 01:10 . 2014-04-06 01:10 -------- d-----w- c:\users\Axios\AppData\Roaming\Unity
2014-03-27 04:25 . 2014-03-27 04:25 -------- d-----w- c:\program files (x86)\SketchUp
2014-03-23 17:22 . 2014-03-23 17:22 -------- d-----w- c:\users\Axios\AppData\Roaming\library_dir
2014-03-23 17:22 . 2014-04-13 19:01 -------- d-----w- c:\users\Axios\AppData\Roaming\Raptr
2014-03-23 17:22 . 2014-04-12 12:20 -------- d-----w- c:\program files (x86)\Raptr
2014-03-19 00:40 . 2014-03-23 13:16 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2014-03-18 20:20 . 2014-03-18 20:20 -------- d-----w- c:\program files (x86)\Common Files\Overwolf
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-13 19:00 . 2012-10-23 02:16 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
2014-03-06 01:30 . 2014-03-05 04:29 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-03-06 01:30 . 2012-12-19 03:46 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-03-05 19:38 . 2012-12-19 03:41 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-03-05 18:24 . 2014-03-05 04:29 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-03-05 04:32 . 2014-03-05 04:29 2434856 ----a-w- c:\windows\SysWow64\pbsvc_bc2.exe
2014-03-04 14:35 . 2014-03-12 20:54 9728064 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-03-04 14:35 . 2014-03-12 20:54 9690424 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-03-04 14:35 . 2014-03-12 20:54 892704 ----a-w- c:\windows\system32\NvIFR64.dll
2014-03-04 14:35 . 2014-03-12 20:54 877856 ----a-w- c:\windows\system32\NvFBC64.dll
2014-03-04 14:35 . 2014-03-12 20:54 863064 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-03-04 14:35 . 2014-03-12 20:54 846168 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-03-04 14:35 . 2014-03-12 20:54 832936 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-03-04 14:35 . 2014-03-12 20:54 484296 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2014-03-04 14:35 . 2014-03-12 20:54 409544 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2014-03-04 14:35 . 2014-03-12 20:54 377688 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2014-03-04 14:35 . 2014-03-12 20:54 353504 ----a-w- c:\windows\system32\nvoglshim64.dll
2014-03-04 14:35 . 2014-03-12 20:54 333600 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2014-03-04 14:35 . 2014-03-12 20:54 31474976 ----a-w- c:\windows\system32\nvoglv64.dll
2014-03-04 14:35 . 2014-03-12 20:54 3143456 ----a-w- c:\windows\system32\nvcuvid.dll
2014-03-04 14:35 . 2014-03-12 20:54 305600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2014-03-04 14:35 . 2014-03-12 20:54 2958792 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-03-04 14:35 . 2014-03-12 20:54 2783008 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-03-04 14:35 . 2014-03-12 20:54 25255256 ----a-w- c:\windows\system32\nvcompiler.dll
2014-03-04 14:35 . 2014-03-12 20:54 2411976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2014-03-04 14:35 . 2014-03-12 20:54 23716640 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-03-04 14:35 . 2014-03-12 20:54 1885472 ----a-w- c:\windows\system32\nvdispco6433523.dll
2014-03-04 14:35 . 2014-03-12 20:54 17755424 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-03-04 14:35 . 2014-03-12 20:54 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-03-04 14:35 . 2014-03-12 20:54 15783992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-03-04 14:35 . 2014-03-12 20:54 1516488 ----a-w- c:\windows\system32\nvdispgenco6433523.dll
2014-03-04 14:35 . 2014-03-12 20:54 12708128 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-03-04 14:35 . 2014-03-12 20:54 11636176 ----a-w- c:\windows\system32\nvcuda.dll
2014-03-04 14:35 . 2014-03-12 20:54 11589272 ----a-w- c:\windows\system32\nvopencl.dll
2014-03-04 14:35 . 2013-09-11 17:33 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-03-04 14:35 . 2013-09-11 17:33 174296 ----a-w- c:\windows\system32\nvinitx.dll
2014-03-04 14:35 . 2013-09-11 17:33 148016 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-03-04 14:35 . 2012-10-23 02:26 947808 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-03-04 14:35 . 2012-10-23 02:26 3093280 ----a-w- c:\windows\system32\nvapi64.dll
2014-03-04 14:35 . 2012-10-23 02:26 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-03-04 14:35 . 2012-10-23 02:26 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-03-04 13:06 . 2012-10-23 02:26 6714312 ----a-w- c:\windows\system32\nvcpl.dll
2014-03-04 13:06 . 2012-10-23 02:26 3497816 ----a-w- c:\windows\system32\nvsvc64.dll
2014-03-04 13:05 . 2012-10-23 02:26 922968 ----a-w- c:\windows\system32\nvvsvc.exe
2014-03-04 13:05 . 2012-10-23 02:26 64968 ----a-w- c:\windows\system32\nvshext.dll
2014-03-04 13:05 . 2012-10-23 02:26 386336 ----a-w- c:\windows\system32\nvmctray.dll
2014-03-04 13:05 . 2012-10-23 02:26 3649185 ----a-w- c:\windows\system32\nvcoproc.bin
2014-03-04 11:32 . 2014-03-12 20:55 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-02-21 17:37 . 2014-02-21 17:37 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-17 05:32 . 2014-03-10 02:03 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AAC31454-0E2C-4B01-88E7-E01FEDB3A22B}\mpengine.dll
2014-02-07 15:23 . 2014-02-07 15:23 119808 ----a-r- c:\users\Axios\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2014-02-05 09:31 . 2013-10-29 14:22 1048152 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-02-05 09:30 . 2013-10-29 14:22 1179576 ----a-w- c:\windows\system32\nvspcap64.dll
2014-02-03 16:20 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-01-27 20:44 . 2013-11-06 20:55 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2014-01-27 20:44 . 2013-11-06 20:55 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2014-01-27 20:44 . 2013-11-06 20:55 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2014-01-27 20:44 . 2013-11-06 20:55 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2014-01-23 19:41 . 2012-10-23 02:36 32320 ----a-w- c:\windows\system32\drivers\FNETTBOH_305.SYS
2013-05-10 21:15 . 2013-05-10 21:14 36904370 ----a-w- c:\program files (x86)\mpatch_001_061_.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-02 01:33 1720976 ----a-w- c:\progra~2\MICROS~2\OFFICE15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-02 01:33 1720976 ----a-w- c:\progra~2\MICROS~2\OFFICE15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-02 01:33 1720976 ----a-w- c:\progra~2\MICROS~2\OFFICE15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Axios\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Axios\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Axios\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Axios\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MotoCast"="c:\program files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-11-05 2055]
"HLBackupScheduler"="c:\program files\Backup Assistant Plus\V CAST Backup Scheduler.exe" [2012-08-20 7065224]
"Akamai NetSession Interface"="c:\users\Axios\AppData\Local\Akamai\netsession_win.exe" [2014-03-06 4672920]
"Steam"="e:\steam\steam.exe" [2014-02-25 1821888]
"Overwolf"="c:\program files (x86)\Overwolf\Overwolf.exe" [2014-03-05 37664]
"Amazon Cloud Player"="c:\users\Axios\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2013-12-12 3145536]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-12-06 20203904]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2014-04-11 55360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-26 291608]
"XFastUSB"="c:\program files (x86)\XFastUSB\XFastUsb.exe" [2012-10-23 5019360]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-05-19 909824]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-08-24 336992]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"ADSK DLMSession"="c:\program files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe" [2013-02-01 1641368]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"NCUpdateHelper"="c:\program files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe" [2014-02-18 528360]
"MMReminderService"="c:\program files (x86)\Mindjet\MindManager 11\MMReminderService.exe" [2013-05-14 42312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Axios\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Axios\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodeMeter Control Center.lnk - c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe [2013-4-2 8486776]
Network Server.lnk - c:\program files (x86)\WIBUKEY\Server\WkSvMgr.exe [2014-3-5 6567424]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
2;2 HitachiBackupService;Hitachi Backup Service;c:\program files (x86)\Hitachi\Hitachi Backup\HitachiBackupService.exe;c:\program files (x86)\Hitachi\Hitachi Backup\HitachiBackupService.exe [x]
3;2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp64.sys;c:\eek\Run\cleanhlp64.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;f:\steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe;f:\steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 esgiguard;esgiguard;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 JTVNCProxy_14.0;JTVNCProxy_14.0;c:\program files\Freedom Scientific\JAWS\14.0\JTVNCProxy.exe;c:\program files\Freedom Scientific\JAWS\14.0\JTVNCProxy.exe [x]
R3 MFE_RR;MFE_RR;c:\users\Axios\AppData\Local\Temp\mfe_rr.sys;c:\users\Axios\AppData\Local\Temp\mfe_rr.sys [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys;c:\windows\SYSNATIVE\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R3 PowerBrl;powerBraille System Driver;c:\windows\system32\Drivers\powerbrl.sys;c:\windows\SYSNATIVE\Drivers\powerbrl.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision X\RTCore64.sys;c:\program files (x86)\EVGA Precision X\RTCore64.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
R3 XFDriver64;XFDriver64;e:\xfire2\XFDriver64.sys;e:\xfire2\XFDriver64.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
R4 McNeelUpdate;McNeel Update Service 5.0;c:\program files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe;c:\program files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys;c:\windows\SYSNATIVE\DRIVERS\AsrRamDisk.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS;c:\windows\SYSNATIVE\drivers\FNETURPX.SYS [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [x]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
S2 Freedom Scientific Kernel Manager;Freedom Scientific Kernel Manager;c:\windows\system32\fsKMgr.dll;c:\windows\SYSNATIVE\fsKMgr.dll [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;c:\autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe;c:\autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe [x]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS;c:\windows\SYSNATIVE\drivers\FNETTBOH_305.SYS [x]
S3 fsvidmir_service;fsvidmir_service;c:\windows\system32\DRIVERS\fsvidmir.sys;c:\windows\SYSNATIVE\DRIVERS\fsvidmir.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-31 01:34 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB}]
2013-05-09 15:52 1409 ----a-r- c:\program files (x86)\Mindjet\MindManager 11\sys\MmInternetExplorerActiveSetup.vbs
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-03 02:24]
.
2014-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-03 02:24]
.
2014-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3410182921-3306759744-3640942804-1000Core.job
- c:\users\Axios\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-23 02:19]
.
2014-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3410182921-3306759744-3640942804-1000UA.job
- c:\users\Axios\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-23 02:19]
.
2014-04-13 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 17:41]
.
2014-04-13 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 17:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-02 01:47 2322576 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-02 01:47 2322576 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-02 01:47 2322576 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Axios\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Axios\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Axios\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Axios\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-24 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-24 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-24 440128]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824]
"XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2011-10-19 1441152]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-02-05 1179576]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5618456]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>;192.168.*.*
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-67503114.sys
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{3e661da} - c:\progra~3\WINFIL~1\WINFIL~1.DLL
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{6ea8c3d5} - c:\progra~3\Prowebi\Prowebi.dll
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{8b68ee33} - c:\progra~3\ACCELE~1\ACCELE~1.DLL
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{976137e5} - c:\progra~3\WebPlat\WebPlat.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3410182921-3306759744-3640942804-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96A7FC04-6231-4DAB-055F-3D08CC181BAE}*]
"iapcmeaklfagjponkk"=hex:69,61,61,65,65,67,6f,6b,63,68,67,69,6d,6a,70,6d,70,64,
   00,00
"hajbgfjbhoomnhna"=hex:69,61,61,65,65,67,6f,6b,63,68,67,69,6d,6a,70,6d,70,64,
   00,00
.
[HKEY_USERS\S-1-5-21-3410182921-3306759744-3640942804-1000\Software\SecuROM\License information*]
"datasecu"=hex:3f,3b,bb,fe,33,57,39,1a,a5,13,8f,2c,99,9e,fb,3a,51,98,aa,85,55,
   e8,48,6f,ca,a6,de,fe,01,4a,42,cc,55,70,d1,c1,91,28,80,14,e6,81,db,38,fb,a9,\
"rkeysecu"=hex:f1,d0,87,17,3b,86,f2,75,87,b1,85,bf,df,42,3f,89
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{96A7FC04-6231-4DAB-055F-3D08CC181BAE}\InProcServer32*]
"jafclfadbonmnkpndcob"=hex:69,61,61,65,65,67,6f,6b,63,68,67,69,6d,6a,70,6d,70,
   64,00,00
"iafcnfcijcpgchbopk"=hex:69,61,61,65,65,67,6f,6b,63,68,67,69,6d,6a,70,6d,70,64,
   00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
c:\program files (x86)\Motorola Mobility\MotoCast\MotoCast.exe
c:\users\Axios\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
c:\progra~2\Raptr\raptr.exe
c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\progra~2\Raptr\raptr_im.exe
c:\program files (x86)\Common Files\Overwolf\OverwolfHelper.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
c:\program files (x86)\Overwolf\OverwolfCrashHandler.exe
.
**************************************************************************
.
Completion time: 2014-04-13  15:02:30 - machine was rebooted
ComboFix-quarantined-files.txt  2014-04-13 19:02
ComboFix2.txt  2014-04-11 00:29
ComboFix3.txt  2014-04-10 00:27
.
Pre-Run: 4,437,458,944 bytes free
Post-Run: 4,738,637,824 bytes free
.
- - End Of File - - 19EA71B0EA9BA6A3D4C2A59CFCC43CB1
A36C5E4F47E84449FF07ED3517B43A31


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:57 PM

Posted 13 April 2014 - 08:52 PM


Hello achris03

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

RegNull::
[HKEY_USERS\S-1-5-21-3410182921-3306759744-3640942804-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96A7FC04-6231-4DAB-055F-3D08CC181BAE}*]

 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 achris03

achris03
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 13 April 2014 - 09:17 PM

Everything is running great, no ads!

 

ComboFix 14-04-12.01 - Axios 04/13/2014  21:58:16.4.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.16279.11613 [GMT -4:00]
Running from: C:\Users\Axios\Desktop\ComboFix.exe
Command switches used :: C:\Users\Axios\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
 
 
C:\Users\Axios\AppData\Local\Temp\_MEI52322\_ctypes.pyd
C:\Users\Axios\AppData\Local\Temp\_MEI52322\_elementtree.pyd
C:\Users\Axios\AppData\Local\Temp\_MEI52322\_hashlib.pyd
C:\Users\Axios\AppData\Local\Temp\_MEI52322\_multiprocessing.pyd
C:\Users\Axios\AppData\Local\Temp\_MEI52322\_socket.pyd
C:\Users\Axios\AppData\Local\Temp\_MEI52322\_ssl.pyd
C:\Users\Axios\AppData\Local\Temp\_MEI52322\pyexpat.pyd
C:\Users\Axios\AppData\Local\Temp\_MEI52322\pysqlite2._sqlite.pyd
C:\Users\Axios\AppData\Local\Temp\_MEI52322\python27.dll
C:\Users\Axios\AppData\Local\Temp\_MEI52322\pythoncom27.dll
C:\Users\Axios\AppData\Local\Temp\_MEI52322\PyWinTypes27.dll
C:\Users\Axios\AppData\Local\Temp\_MEI52322\select.pyd
C:\Users\Axios\AppData\Local\Temp\_MEI52322\unicodedata.pyd
C:\Users\Axios\AppData\Local\Temp\_MEI52322\win32api.pyd
C:\Users\Axios\AppData\Local\Temp\_MEI52322\win32com.shell.shell.pyd
C:\Users\Axios\AppData\Local\Temp\_MEI52322\win32crypt.pyd
C:\Users\Axios\AppData\Local\Temp\_MEI52322\win32event.pyd
C:\Users\Axios\AppData\Local\Temp\_MEI52322\win32file.pyd
C:\Users\Axios\AppData\Local\Temp\_MEI52322\win32inet.pyd
C:\Users\Axios\AppData\Local\Temp\_MEI52322\win32pdh.pyd
C:\Users\Axios\AppData\Local\Temp\_MEI52322\win32pipe.pyd
C:\Users\Axios\AppData\Local\Temp\_MEI52322\win32process.pyd
C:\Users\Axios\AppData\Local\Temp\_MEI52322\win32profile.pyd
C:\Users\Axios\AppData\Local\Temp\_MEI52322\win32security.pyd
C:\Users\Axios\AppData\Local\Temp\_MEI52322\win32ts.pyd
C:\Users\Axios\AppData\Local\Temp\_MEI52322\windows._lib_cacheinvalidation.pyd
C:\Users\Axios\AppData\Local\Temp\_MEI52322\wx._controls_.pyd
C:\Users\Axios\AppData\Local\Temp\_MEI52322\wx._core_.pyd
C:\Users\Axios\AppData\Local\Temp\_MEI52322\wx._gdi_.pyd
C:\Users\Axios\AppData\Local\Temp\_MEI52322\wx._html2.pyd
C:\Users\Axios\AppData\Local\Temp\_MEI52322\wx._misc_.pyd
C:\Users\Axios\AppData\Local\Temp\_MEI52322\wx._windows_.pyd
C:\Users\Axios\AppData\Local\Temp\_MEI52322\wx._wizard.pyd
C:\Users\Axios\AppData\Local\Temp\_MEI52322\wxbase294u_net_vc90.dll
C:\Users\Axios\AppData\Local\Temp\_MEI52322\wxbase294u_vc90.dll
C:\Users\Axios\AppData\Local\Temp\_MEI52322\wxmsw294u_adv_vc90.dll
C:\Users\Axios\AppData\Local\Temp\_MEI52322\wxmsw294u_core_vc90.dll
C:\Users\Axios\AppData\Local\Temp\_MEI52322\wxmsw294u_html_vc90.dll
C:\Users\Axios\AppData\Local\Temp\_MEI52322\wxmsw294u_webview_vc90.dll
 
 
(((((((((((((((((((((((((   Files Created from 2014-03-14 to 2014-04-14  )))))))))))))))))))))))))))))))
 
 
2014-04-14 02:11:18 . 2014-04-14 02:11:18 -------- d-----w- C:\Users\hedev\AppData\Local\temp
2014-04-14 02:11:18 . 2014-04-14 02:11:18 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-04-13 15:09:32 . 2014-04-13 15:09:32 -------- d-----w- C:\Windows\Migration
2014-04-13 15:03:48 . 2014-04-13 15:03:48 -------- d-----w- C:\Users\Axios\AppData\Local\Ubisoft
2014-04-13 12:19:55 . 2014-04-13 18:04:15 -------- d-----w- C:\FRST
2014-04-13 07:34:02 . 2014-04-13 07:39:43 -------- dc----w- C:\Users\Axios\AppData\Local\MigWiz
2014-04-13 03:04:01 . 2014-04-13 03:04:02 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AAC31454-0E2C-4B01-88E7-E01FEDB3A22B}\offreg.dll
2014-04-12 22:34:04 . 2014-04-12 22:34:04 -------- d-----w- C:\Users\Axios\AppData\Local\ESET
2014-04-12 15:08:39 . 2014-04-12 15:08:39 28672 ----a-w- C:\Windows\system32\drivers\winusb.sys.bak
2014-04-12 15:08:32 . 2014-04-12 15:08:32 -------- d-----w- C:\Windows\snack
2014-04-12 15:08:31 . 2014-04-12 15:08:32 8835072 ----a-w- C:\Windows\system32\drivers\nvlddmkm.sys.bak
2014-04-11 13:30:43 . 2014-04-11 13:31:54 -------- d-----w- C:\Users\Axios\AppData\Roaming\Comodo
2014-04-11 11:55:06 . 2014-04-11 12:00:21 -------- d-----w- C:\ProgramData\SecTaskMan
2014-04-11 01:31:16 . 2014-04-11 01:31:16 -------- d-----w- C:\VTRoot
2014-04-11 01:26:17 . 2014-04-11 01:26:17 -------- d-----w- C:\Users\Axios\AppData\Local\Comodo
2014-04-11 01:26:09 . 2014-04-12 04:53:20 -------- d-----w- C:\Program Files (x86)\Comodo
2014-04-11 00:35:24 . 2014-04-14 02:12:32 94656 ----a-w- C:\Windows\system32\WPRO_41_2001woem.tmp
2014-04-10 00:29:53 . 2014-04-11 01:25:02 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-10 00:29:30 . 2014-04-12 04:15:20 91352 ----a-w- C:\Windows\system32\drivers\mbamchameleon.sys
2014-04-10 00:03:21 . 2014-04-10 00:03:21 12872 ----a-w- C:\Windows\system32\bootdelete.exe
2014-04-09 17:44:38 . 2014-04-09 17:44:38 -------- d-----w- C:\Program Files\ESET
2014-04-07 13:09:23 . 2010-05-13 22:34:58 14232 ----a-w- C:\Windows\SysWow64\sh4native.exe
2014-04-07 12:31:02 . 2014-04-07 12:31:02 110080 ----a-r- C:\Users\Axios\AppData\Roaming\Microsoft\Installer\{0028CB34-D5D3-460F-B308-A39A095A5E01}\IconF7A21AF7.exe
2014-04-07 12:31:02 . 2014-04-07 12:31:02 110080 ----a-r- C:\Users\Axios\AppData\Roaming\Microsoft\Installer\{0028CB34-D5D3-460F-B308-A39A095A5E01}\IconD7F16134.exe
2014-04-07 12:31:02 . 2014-04-07 12:31:02 110080 ----a-r- C:\Users\Axios\AppData\Roaming\Microsoft\Installer\{0028CB34-D5D3-460F-B308-A39A095A5E01}\IconCF33A0CE.exe
2014-04-07 12:31:02 . 2014-04-07 12:31:02 -------- d-----w- C:\Program Files (x86)\Enigma Software Group
2014-04-07 12:30:42 . 2014-04-07 12:32:28 -------- d-----w- C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2014-04-07 12:12:44 . 2014-04-07 12:12:51 -------- d-----w- C:\EEK
2014-04-07 04:11:30 . 2014-04-07 04:19:10 -------- d-----w- C:\ProgramData\HitmanPro
2014-04-06 18:28:48 . 2014-04-06 18:37:48 -------- d-----w- C:\ProgramData\Rosetta Stone
2014-04-06 01:10:27 . 2014-04-06 01:10:27 -------- d-----w- C:\Users\Axios\AppData\Roaming\Unity
2014-03-27 04:25:54 . 2014-03-27 04:25:54 -------- d-----w- C:\Program Files (x86)\SketchUp
2014-03-23 17:22:53 . 2014-03-23 17:22:53 -------- d-----w- C:\Users\Axios\AppData\Roaming\library_dir
2014-03-23 17:22:49 . 2014-04-14 02:12:38 -------- d-----w- C:\Users\Axios\AppData\Roaming\Raptr
2014-03-23 17:22:49 . 2014-04-12 12:20:58 -------- d-----w- C:\Program Files (x86)\Raptr
2014-03-19 00:40:12 . 2014-03-23 13:16:51 -------- d-----w- C:\Program Files (x86)\Mozilla Thunderbird
2014-03-18 20:20:00 . 2014-03-18 20:20:00 -------- d-----w- C:\Program Files (x86)\Common Files\Overwolf
.
 
 
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
 
2014-04-14 02:12:32 . 2012-10-23 02:16:48 34752 ----a-w- C:\Windows\system32\drivers\WPRO_41_2001.sys
2014-03-06 01:30:28 . 2014-03-05 04:29:50 282296 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-03-06 01:30:28 . 2012-12-19 03:46:23 282296 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-03-05 19:38:16 . 2012-12-19 03:41:10 282296 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-03-05 18:24:51 . 2014-03-05 04:29:48 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2014-03-05 04:32:15 . 2014-03-05 04:29:48 2434856 ----a-w- C:\Windows\SysWow64\pbsvc_bc2.exe
2014-03-04 14:35:23 . 2014-03-12 20:54:34 9728064 ----a-w- C:\Windows\SysWow64\nvcuda.dll
2014-03-04 14:35:23 . 2014-03-12 20:54:34 9690424 ----a-w- C:\Windows\SysWow64\nvopencl.dll
2014-03-04 14:35:23 . 2014-03-12 20:54:34 892704 ----a-w- C:\Windows\system32\NvIFR64.dll
2014-03-04 14:35:23 . 2014-03-12 20:54:34 877856 ----a-w- C:\Windows\system32\NvFBC64.dll
2014-03-04 14:35:23 . 2014-03-12 20:54:34 863064 ----a-w- C:\Windows\SysWow64\NvIFR.dll
2014-03-04 14:35:23 . 2014-03-12 20:54:34 846168 ----a-w- C:\Windows\SysWow64\NvFBC.dll
2014-03-04 14:35:23 . 2014-03-12 20:54:34 832936 ----a-w- C:\Windows\SysWow64\nvumdshim.dll
2014-03-04 14:35:23 . 2014-03-12 20:54:34 484296 ----a-w- C:\Windows\system32\nvEncodeAPI64.dll
2014-03-04 14:35:23 . 2014-03-12 20:54:34 409544 ----a-w- C:\Windows\SysWow64\nvEncodeAPI.dll
2014-03-04 14:35:23 . 2014-03-12 20:54:34 377688 ----a-w- C:\Windows\system32\NvIFROpenGL.dll
2014-03-04 14:35:23 . 2014-03-12 20:54:34 353504 ----a-w- C:\Windows\system32\nvoglshim64.dll
2014-03-04 14:35:23 . 2014-03-12 20:54:34 333600 ----a-w- C:\Windows\SysWow64\NvIFROpenGL.dll
2014-03-04 14:35:23 . 2014-03-12 20:54:34 31474976 ----a-w- C:\Windows\system32\nvoglv64.dll
2014-03-04 14:35:23 . 2014-03-12 20:54:34 3143456 ----a-w- C:\Windows\system32\nvcuvid.dll
2014-03-04 14:35:23 . 2014-03-12 20:54:34 305600 ----a-w- C:\Windows\SysWow64\nvoglshim32.dll
2014-03-04 14:35:23 . 2014-03-12 20:54:34 2958792 ----a-w- C:\Windows\SysWow64\nvcuvid.dll
2014-03-04 14:35:23 . 2014-03-12 20:54:34 2783008 ----a-w- C:\Windows\system32\nvcuvenc.dll
2014-03-04 14:35:23 . 2014-03-12 20:54:34 25255256 ----a-w- C:\Windows\system32\nvcompiler.dll
2014-03-04 14:35:23 . 2014-03-12 20:54:34 2411976 ----a-w- C:\Windows\SysWow64\nvcuvenc.dll
2014-03-04 14:35:23 . 2014-03-12 20:54:34 23716640 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2014-03-04 14:35:23 . 2014-03-12 20:54:34 1885472 ----a-w- C:\Windows\system32\nvdispco6433523.dll
2014-03-04 14:35:23 . 2014-03-12 20:54:34 17755424 ----a-w- C:\Windows\system32\nvd3dumx.dll
2014-03-04 14:35:23 . 2014-03-12 20:54:34 17561544 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2014-03-04 14:35:23 . 2014-03-12 20:54:34 15783992 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2014-03-04 14:35:23 . 2014-03-12 20:54:34 1516488 ----a-w- C:\Windows\system32\nvdispgenco6433523.dll
2014-03-04 14:35:23 . 2014-03-12 20:54:34 12708128 ----a-w- C:\Windows\system32\drivers\nvlddmkm.sys
2014-03-04 14:35:23 . 2014-03-12 20:54:34 11636176 ----a-w- C:\Windows\system32\nvcuda.dll
2014-03-04 14:35:23 . 2014-03-12 20:54:34 11589272 ----a-w- C:\Windows\system32\nvopencl.dll
2014-03-04 14:35:23 . 2013-09-11 17:33:10 18302384 ----a-w- C:\Windows\system32\nvwgf2umx.dll
2014-03-04 14:35:23 . 2013-09-11 17:33:10 174296 ----a-w- C:\Windows\system32\nvinitx.dll
2014-03-04 14:35:23 . 2013-09-11 17:33:10 148016 ----a-w- C:\Windows\SysWow64\nvinit.dll
2014-03-04 14:35:23 . 2012-10-23 02:26:11 947808 ----a-w- C:\Windows\system32\nvumdshimx.dll
2014-03-04 14:35:23 . 2012-10-23 02:26:11 3093280 ----a-w- C:\Windows\system32\nvapi64.dll
2014-03-04 14:35:23 . 2012-10-23 02:26:11 2715264 ----a-w- C:\Windows\SysWow64\nvapi.dll
2014-03-04 14:35:23 . 2012-10-23 02:26:11 14709720 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2014-03-04 13:06:00 . 2012-10-23 02:26:39 6714312 ----a-w- C:\Windows\system32\nvcpl.dll
2014-03-04 13:06:00 . 2012-10-23 02:26:39 3497816 ----a-w- C:\Windows\system32\nvsvc64.dll
2014-03-04 13:05:58 . 2012-10-23 02:26:39 922968 ----a-w- C:\Windows\system32\nvvsvc.exe
2014-03-04 13:05:58 . 2012-10-23 02:26:39 64968 ----a-w- C:\Windows\system32\nvshext.dll
2014-03-04 13:05:57 . 2012-10-23 02:26:39 386336 ----a-w- C:\Windows\system32\nvmctray.dll
2014-03-04 13:05:53 . 2012-10-23 02:26:39 3649185 ----a-w- C:\Windows\system32\nvcoproc.bin
2014-03-04 11:32:59 . 2014-03-12 20:55:33 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-02-21 17:37:41 . 2014-02-21 17:37:44 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-17 05:32:00 . 2014-03-10 02:03:34 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AAC31454-0E2C-4B01-88E7-E01FEDB3A22B}\mpengine.dll
2014-02-07 15:23:48 . 2014-02-07 15:23:48 119808 ----a-r- C:\Users\Axios\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2014-02-05 09:31:00 . 2013-10-29 14:22:19 1048152 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-02-05 09:30:41 . 2013-10-29 14:22:19 1179576 ----a-w- C:\Windows\system32\nvspcap64.dll
2014-02-03 16:20:54 . 2010-11-21 03:27:21 270496 ------w- C:\Windows\system32\MpSigStub.exe
2014-01-27 20:44:16 . 2013-11-06 20:55:25 466456 ----a-w- C:\Windows\system32\wrap_oal.dll
2014-01-27 20:44:16 . 2013-11-06 20:55:25 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2014-01-27 20:44:16 . 2013-11-06 20:55:25 122904 ----a-w- C:\Windows\system32\OpenAL32.dll
2014-01-27 20:44:16 . 2013-11-06 20:55:25 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2014-01-23 19:41:16 . 2012-10-23 02:36:02 32320 ----a-w- C:\Windows\system32\drivers\FNETTBOH_305.SYS
2013-05-10 21:15:04 . 2013-05-10 21:14:50 36904370 ----a-w- C:\Program Files (x86)\mpatch_001_061_.exe


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:57 PM

Posted 15 April 2014 - 06:15 AM


Hello achris03

I would like to see a report that combofix makes.

extra combofix report
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 achris03

achris03
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 16 April 2014 - 03:28 PM

Here ya go,

 

2013 National Building Cost Estimator
Accelesys
Acrobat.com
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Creative Suite 6 Master Collection
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Manager
Adobe Reader XI (11.0.01)
Adobe Shockwave Player 12.0
Age of Empires II: HD Edition
Age of Empires® III: Complete Collection
Age of Mythology Gold
Age of Wonders III
AGS CD-ROM Version 3.0
Aion
Akamai NetSession Interface
Amazon Cloud Player
Amazon Kindle
Anno 1404 - Dawn of Discovery version 1.3
Apple Application Support
Apple Software Update
Applian Director
Ask Toolbar
Asmedia ASM106x SATA Host Controller Driver
ASRock eXtreme Tuner v0.1.257
ASRock InstantBoot v1.29
Assassin's Creed 4.Black Flag.Deluxe Edition.v 1.01
Auditorium
Autodesk 3ds Max Design 2011 32-bit Components
Autodesk Backburner 2008.1
Autodesk Content Service
Autodesk Content Service Language Pack
Autodesk Design Review 2013
Autodesk Design Review Browser Add-on v1.2 
Autodesk Download Manager
Autodesk Ecotect Analysis 2011
Autodesk Ecotect Shared Components
Autodesk FBX Plug-in 2011.1 - 3ds Max Design 2011
Autodesk Material Library 2011
Autodesk Material Library 2011 Base Image library
Autodesk Material Library 2011 Medium Image library
Autodesk Material Library 2013
Autodesk Material Library 2014
Autodesk Material Library Base Resolution Image Library 2013
Autodesk Material Library Base Resolution Image Library 2014
Autodesk Material Library Low Resolution Image Library 2013
Autodesk Material Library Low Resolution Image Library 2014
Autodesk Material Library Medium Resolution Image Library 2013
Autodesk Material Library Medium Resolution Image Library 2014
Backup Assistant Plus
Bastion
Battlefield 3™
Battlefield: Bad Company 2
Battlelog Web Plugins
BioShock 2
Borderlands 2
Burnout Paradise: The Ultimate Box
Call of Juarez Gunslinger
CameraHelperMsi
Canon MP Navigator EX 4.0
Cities XL Platinum
Command and Conquer: Red Alert 3 - Uprising
Company of Heroes 2
Composite 2011
Counter-Strike: Global Offensive
Craftsman Software Update
Crusader Kings II
Crysis 2 Maximum Edition
Cube World
Dark Souls Prepare to Die Edition
DCS World
DDS Thumbnail Viewer
Dead Island
Dead Space
Diablo III
DiRT 3 Profile Import version 1.0
Dolphin 4.0
Dota 2
Dragon Age: Origins - Ultimate Edition
Driver Fusion Retail by FatalError
Dropbox
Dungeon Keeper Gold
Dungeon Siege
Dungeon Siege III
Endless Space
erLT
ESN Sonar
EVGA Precision X 4.0.0
Expeditions: Conquistador
Fable - The Lost Chapters
Fallout
Fallout Mod Manager 0.13.21
Fallout: New Vegas
Far Cry® 3 Blood Dragon
FARO LS 1.1.406.58
FARO LS 1.1.408.2
FARO LS 4.8.2.25521
FEZ
ffdshow [rev 2527] [2008-12-19]
FileZilla Client 3.7.3
Filter Forge 3.006
Freedom Scientific Ocr
Freedom Scientific OmniPage
Freedom Scientific Synthesizer Eloquence
FreeMind
FrostWire 5.6.8
Full Combat Rebalance 2 Hotfix version 1.1a
Futuremark SystemInfo
Gameforge Live 1.5.0 "Legend"
Garry's Mod
Gnomoria
GOG.com Downloader version 3.6.0
Google Chrome
Google Drive
Google Earth
Google Talk Plugin
Google Update Helper
Grasshopper for Rhino 5
Guild Wars 2
Half-Life
Happy Cloud Client
Hi-Rez Studios Authenticate and Update Service
Hitachi LifeStudio 1.0.0.681 & Hitachi Backup 1.0.0.31
Hitman 2: Silent Assassin
Hitman: Absolution
Hitman: Blood Money
Hitman: Codename 47
Hitman: Sniper Challenge
Insurgency
Intel® Manageability Engine Firmware Recovery Agent
Intel® Management Engine Components
Intel® OpenCL CPU Runtime
Intel® Processor Graphics
Intel® USB 3.0 eXtensible Host Controller Driver
IrfanView (remove only)
Java 7 Update 51
Java Auto Updater
Just Cause 2
Just Cause 2: Multiplayer Mod
Kerbal Space Program
Kinetic Void
Kingdoms of Amalur Reckoning
Left 4 Dead 2
LIMBO
Loadout
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Magic Bullet Suite 64-bit
Malwarebytes Anti-Malware version 1.75.0.1300
Mass Effect™ 3
Max Payne
Max Payne 2: The Fall of Max Payne
Max Payne 3
MechWarrior Online
Medieval II: Total War
Men of War: Assault Squad
Metro: Last Light © Deep Silver version 1
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2013
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft Office Word MUI (English) 2007
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Sync Framework 2.0 Core Components (x86) ENU 
Microsoft Sync Framework 2.0 Provider Services (x86) ENU 
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2008 x64 ATL Runtime 9.0.30729
Microsoft Visual C++ 2008 x64 CRT Runtime 9.0.30729
Microsoft Visual C++ 2008 x64 MFC Runtime 9.0.30729
Microsoft Visual C++ 2008 x64 OpenMP Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 8.0 Support DLLs
Microsoft Word MUI (English) 2013
Microsoft XNA Framework Redistributable 3.0
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0 Refresh
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Mindjet
Minecraft1.7.2
Mirror's Edge
MKV File Player
MotoCast
Motorola Device Manager
Motorola Device Software Update
MOTOROLA MEDIA LINK
Mozilla Maintenance Service
Mozilla Thunderbird 24.4.0 (x86 en-US)
MSXML 4.0 SP3 Parser
MSXML4 Parser
Natural Selection 2
NCSOFT Game Launcher
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
Origin
ORION: Dino Horde
Outils de vérification linguistique 2013 de Microsoft Office - Français
Overwolf
Papers, Please
PAYDAY 2
PDF Settings CS6
PlanetSide 2
PlayUp Tools
Portal 2
PowerISO
Preset Manager 2.0
Prowebi
PunkBuster Services
QuickTime
Raptr
Razer Game Booster
Really Big Sky
Realtek High Definition Audio Driver
RealUpgrade 1.1
Replay Video Capture 6
Rogue Legacy
Rome: Total War
Rosetta Stone Version 3
Saints Row 2
Saints Row IV Update and DLC pack
Scribblenauts Unlimited
SDFormatter
Section 8
Sentinel System Driver Installer 7.5.0
Shattered Horizon
Sid Meier's Civilization V
Sins of a Solar Empire: Rebellion
SketchUp 2014
SketchUp 8
SketchUp Pro 2013 13.0 build 3689
Skype Click to Call
Skype™ 6.7
Sleeping Dogs™
Space Engineers
Spec Ops The Line
Spelunky
SpyHunter
Star Wars - Battlefront II
Star Wars - Jedi Knight II: Jedi Outcast
Star Wars Jedi Knight: Dark Forces II
Star Wars Republic Commando
Star Wars Starfighter
Star Wars The Clone Wars: Republic Heroes
Star Wars: Empire at War Gold
Star Wars: Knights of the Old Republic II
Star Wars: The Force Unleashed II
StarCraft II
State of Decay
Steam
Strike Suit Zero
Stronghold HD
SU Podium V2 2.11.130
Super Castle Attack
Super Meat Boy v1.5
Supreme Commander
Supreme Commander: Forged Alliance
swMSM
Team Fortress 2
TeamViewer 9
Terraria
The Elder Scrolls V Skyrim
The First Templar
The Settlers 7 - Paths to a Kingdom
The Stanley Parable
THX TruStudio
Tom Clancy's Ghost Recon Phantoms - NA
Tomb Raider
Total War ROME II
Total War: SHOGUN 2
TowerFall Ascension
Tribes Ascend
Tribes: Ascend
Tropico 3 - Steam Special Edition
Tropico 3: Absolute Power
Two Worlds II
Unity Web Player
Uplay
V-Ray for SketchUp
Vasari Prototype CFD Visualisation Plug-in
Vasari Solar Radiation Plug-in
Vasari STL Export Plug-in
Vasari Wind Analysis Plug-in
Viking: Battle for Asgard
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177
War Thunder
Warframe
Wargame: AirLand Battle
Wargame: European Escalation
Weaverbird
WebPlat
Windows 7 USB/DVD Download Tool
WinFilter
WinRAR 4.20 (32-bit)
WizTree v1.05
X-Universe Plugin Manager 1.47
X3: Albion Prelude
XCOM: Enemy Unknown
XFastUSB
Xfire 2.0
Xfire Codec (remove only)


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:57 PM

Posted 16 April 2014 - 05:29 PM


Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. default settings are fine
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :

I see that you have MBAM installed - That is great!! and at this time I would like you to update it and run me a quick scan
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 achris03

achris03
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 19 April 2014 - 07:00 AM

Gringo, the computer is running perfectly.

Here are the logs:

 

Thanks again.

 

MBAW

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.04.19.05
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Axios :: AXIOS-PC [administrator]
 
Protection: Disabled
 
4/19/2014 7:54:04 AM
mbam-log-2014-04-19 (07-54-04).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 286913
Time elapsed: 3 minute(s), 41 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Users\Axios\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage (PUP.Optional.Incredibar.A) -> Quarantined and deleted successfully.
 
(end)
 
 
HijackThis!
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:58:56 AM, on 4/19/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
C:\Users\Axios\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe
E:\Steam\Steam.exe
C:\Program Files (x86)\Overwolf\Overwolf.exe
C:\Users\Axios\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
C:\Users\Axios\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Axios\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\XFastUSB\XFastUsb.exe
C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
C:\Program Files (x86)\Mindjet\MindManager 11\MmReminderService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Autodesk\AutoCAD 2013\AdExchange\AcBrowserHost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Axios\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Axios\Downloads\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"
O4 - HKLM\..\Run: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [NCUpdateHelper] C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 11\MMReminderService.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk"
O4 - HKCU\..\Run: [HLBackupScheduler] C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Axios\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Steam] "E:\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
O4 - HKCU\..\Run: [Amazon Cloud Player] "C:\Users\Axios\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
O4 - Startup: Dropbox.lnk = Axios\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: CodeMeter Control Center.lnk = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
O4 - Global Startup: Network Server.lnk = C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Send to Mindjet - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files (x86)\PicLensIE\cooliris.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\ASRock\XFast LAN\spd.exe
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - F:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: DeviceMonitorService - Nero AG - C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - F:\Steam\SteamApps\common\Hi-Rez Studios\HiPatchService.exe
O23 - Service: Hitachi Backup Service (HitachiBackupService) - Hitachi GST - C:\Program Files (x86)\Hitachi\Hitachi Backup\HitachiBackupService.exe
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISCT Always Updated Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: JTVNCProxy_14.0 - Freedom Scientific BLV Group LLC - C:\Program Files\Freedom Scientific\JAWS\14.0\JTVNCProxy.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit (mi-raysat_3dsmax2013_64) - Unknown owner - C:\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Unknown owner - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Overwolf Updater Service (OverwolfUpdaterService) - Overwolf LTD - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PST Service - Motorola - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RzKLService - Razer Inc. - C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Professional Service (WTabletServicePro) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
 
--
End of file - 18272 bytes
 


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:57 PM

Posted 19 April 2014 - 07:18 AM


Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.
  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"
      O4 - HKLM\..\Run: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
      O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
      O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
      O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
      O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
      O4 - HKLM\..\Run: [NCUpdateHelper] C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
      O4 - HKLM\..\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 11\MMReminderService.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk"
      O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Axios\AppData\Local\Akamai\netsession_win.exe"
      O4 - HKCU\..\Run: [Steam] "E:\Steam\steam.exe" -silent
      O4 - HKCU\..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
      O4 - HKCU\..\Run: [Amazon Cloud Player] "C:\Users\Axios\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
      O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
      O4 - Startup: Dropbox.lnk = Axios\AppData\Roaming\Dropbox\bin\Dropbox.exe
      O4 - Global Startup: CodeMeter Control Center.lnk = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe


  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.
    • NOTE**You can research each of those lines >here< and see if you want to keep them or not
      just copy the name between the brackets and paste into the search space
      O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete
  • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
    • copy and paste the report here
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 achris03

achris03
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 22 April 2014 - 05:43 PM

Here's what eset online scanner caught.

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe.vir a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\FWV7\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\FWV7\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\FWV7\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\FWV7\Source\program files\AskPartnerNetwork\Toolbar\SO.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\FWV7\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\FWV7\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\FWV7\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\FWV7\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\FWV7\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\FWV7\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\FWV7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\FWV7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\FWV7\Source\program files\VNT\vntldr.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users