Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit/Bootkit of unknown origin. Please assist!


  • This topic is locked This topic is locked
4 replies to this topic

#1 dmlocklear

dmlocklear

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 05 May 2014 - 09:23 PM

Hello,

My name is Devin and I have several years of tech support experience, I've done everything I can think of and I can't pin down what virus/malware/rootkit it infecting my system. I've wiped all externals with formats, I've flashed Bios as the thing came back after a reformat. I have my main system on an SSD which I secure wiped with PartedMagic. At this point, I just don't want to lose anymore of my files, I want things to work.

 

Please help, I've attached logs. I can't interpret them. I've never seen an infection like this. Everything save for GMER and DDS and HijackThis comes back clean. I'm near a breakdown as I've never been so stumped, and did this sort of thing for a livng for years in college.

 

Attached a DDS log per instructions and staggered  Hijackthis,Combofix and GMER logs in the post itself

 

As  a side note: I had though I had cleanred it, but when restoring files onto a new 2 tb drive I bought as an emergency replacement (alarmist and overkill, I know), the popups came back. Usual flash download popups. I flashed the bios again, but I doubt that will help in the long run...

I thank you for anything you can do.

Where does a rootkit in the bios lie? In the extreme do I need to chunk my mobo and get a new one altogether and/or replace my RAM? Do I need to low-level format/DBAN my drives? Only two are internal with boot sectors, both not MBR but the newer standard of GUID (which I'm sure I'm mangling as I write this)

 

Again,
Thank you,

Devin

 

----

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.55.2
Run by Devin Vertigo at 21:49:00 on 2014-05-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16351.13151 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
uRun: [Amazon Cloud Player] "C:\Users\Devin Vertigo\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\Users\DEVINV~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
StartupFolder: C:\Users\DEVINV~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
StartupFolder: C:\Users\DEVINV~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
TCP: NameServer = 199.182.166.168 199.182.166.169 209.18.47.61
TCP: Interfaces\{F486957A-DB29-4ECF-880E-050372E047DF} : DHCPNameServer = 199.182.166.168 199.182.166.169 209.18.47.61
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-5-3 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-5-3 208416]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-5-3 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-5-3 423240]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-3 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-5-3 79184]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-5-3 50344]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-5-3 1615192]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-5-3 20541216]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-5-3 411936]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-12-15 450848]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2010-11-15 121832]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2010-11-15 364520]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-5-23 77592]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-5-23 13080]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-5-3 40392]
R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2014-5-4 22600]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-5-3 85328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-5-3 111616]
S3 LVUVC64;Logitech HD Pro Webcam C920(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-12-15 4862368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-5-3 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-3 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-5-3 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-5-3 1255736]
.
=============== Created Last 30 ================
.
2014-05-06 01:44:07 -------- d-sh--w- C:\$RECYCLE.BIN
2014-05-06 01:38:34 98816 ----a-w- C:\Windows\sed.exe
2014-05-06 01:38:34 256000 ----a-w- C:\Windows\PEV.exe
2014-05-06 01:38:34 208896 ----a-w- C:\Windows\MBR.exe
2014-05-06 01:38:31 -------- d-----w- C:\ComboFix
2014-05-06 01:01:17 -------- d-----w- C:\Users\Devin Vertigo\AppData\Local\Amazon Cloud Player
2014-05-05 23:42:00 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-05 23:42:00 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-05 02:18:10 -------- d-----w- C:\Program Files\PeerBlock
2014-05-05 02:11:31 -------- d-sh--w- C:\Users\Devin Vertigo\AppData\Local\EmieUserList
2014-05-05 02:11:31 -------- d-sh--w- C:\Users\Devin Vertigo\AppData\Local\EmieSiteList
2014-05-05 00:49:01 -------- d-----w- C:\Program Files\CCleaner
2014-05-05 00:13:39 -------- d-----w- C:\Users\Devin Vertigo\AppData\Roaming\LibreOffice
2014-05-05 00:12:55 -------- d-----w- C:\Program Files (x86)\LibreOffice 4
2014-05-05 00:10:06 -------- d-----w- C:\Program Files (x86)\VST
2014-05-05 00:09:53 -------- d-----w- C:\ProgramData\Acoustica
2014-05-05 00:09:53 -------- d-----w- C:\Program Files (x86)\Acoustica Mixcraft 6
2014-05-04 22:25:11 -------- d-----w- C:\Program Files (x86)\FreeAlarmClock
2014-05-04 19:32:59 -------- d-----w- C:\Users\Devin Vertigo\AppData\Roaming\Firestorm_x64
2014-05-04 19:32:59 -------- d-----w- C:\Users\Devin Vertigo\AppData\Local\FirestormOS_x64
2014-05-04 19:27:56 -------- d-----w- C:\Program Files\Firestorm
2014-05-04 19:27:49 -------- d-----w- C:\ProgramData\Package Cache
2014-05-04 19:15:12 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-04 11:24:25 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2014-05-04 11:24:25 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2014-05-04 11:24:25 2871808 ----a-w- C:\Windows\explorer.exe
2014-05-04 11:24:25 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2014-05-04 11:24:24 6574592 ----a-w- C:\Windows\System32\mstscax.dll
2014-05-04 11:24:24 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-05-04 11:24:23 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-05-04 11:24:23 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-05-04 11:24:23 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-05-04 11:24:23 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-05-04 11:22:09 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-05-04 11:22:07 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{06B2BA0D-03B3-4BFD-ADAF-FE824C53DEBA}\mpengine.dll
2014-05-04 08:18:08 -------- d-----w- C:\Users\Devin Vertigo\AppData\Roaming\Little Inferno
2014-05-04 06:18:14 -------- d-----w- C:\Users\Devin Vertigo\AppData\Roaming\MMFApplications
2014-05-04 00:31:36 -------- d-----w- C:\Users\Devin Vertigo\AppData\Local\My Games
2014-05-04 00:07:59 520544 ----a-w- C:\Windows\System32\d3dx10_41.dll
2014-05-04 00:03:51 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
2014-05-04 00:03:51 107368 ----a-w- C:\Windows\System32\xinput1_3.dll
2014-05-04 00:03:04 -------- d-----w- C:\Windows\SysWow64\directx
2014-05-03 23:50:18 -------- d-----w- C:\Program Files (x86)\Steam
2014-05-03 21:50:18 40392 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-05-03 21:50:18 33568 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-05-03 21:41:59 -------- d-----w- C:\Users\Devin Vertigo\AppData\Local\NVIDIA Corporation
2014-05-03 21:41:52 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2014-05-03 21:41:52 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2014-05-03 21:41:51 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll
2014-05-03 21:41:51 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2014-05-03 21:41:51 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
2014-05-03 21:41:44 1225920 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-05-03 21:41:44 1081112 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-05-03 21:41:44 -------- d-----w- C:\Users\Devin Vertigo\AppData\Local\NVIDIA
2014-05-03 21:41:01 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-05-03 18:00:05 -------- d-----w- C:\Users\Devin Vertigo\AppData\Roaming\NVIDIA
2014-05-03 17:59:50 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2014-05-03 17:37:53 -------- d-----w- C:\Windows\Panther
2014-05-03 15:46:31 -------- d-s---w- C:\Windows\System32\CompatTel
2014-05-03 15:38:00 -------- d-----w- C:\Windows\SysWow64\Wat
2014-05-03 15:38:00 -------- d-----w- C:\Windows\System32\Wat
2014-05-03 15:35:07 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-05-03 15:35:07 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-05-03 15:35:07 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-05-03 15:35:06 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-05-03 15:27:58 -------- d-----w- C:\Windows\Migration
2014-05-03 15:11:25 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-05-03 15:03:16 -------- d-----w- C:\Program Files\Microsoft Xbox 360 Accessories
2014-05-03 14:48:35 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2014-05-03 14:48:35 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2014-05-03 14:48:34 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2014-05-03 14:48:34 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2014-05-03 14:48:33 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2014-05-03 14:48:33 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2014-05-03 14:48:33 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2014-05-03 14:44:47 -------- d-----w- C:\Windows\System32\MRT
2014-05-03 14:39:28 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2014-05-03 14:39:28 5120 ----a-w- C:\Windows\System32\wmi.dll
2014-05-03 14:39:28 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2014-05-03 14:32:53 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2014-05-03 14:31:55 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2014-05-03 14:30:59 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2014-05-03 14:29:35 956928 ----a-w- C:\Windows\System32\localspl.dll
2014-05-03 14:29:34 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2014-05-03 14:24:11 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-05-03 14:24:11 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-05-03 14:24:11 331776 ----a-w- C:\Windows\System32\oleacc.dll
2014-05-03 14:24:11 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2014-05-03 14:21:14 -------- d-----w- C:\Users\Devin Vertigo\AppData\Roaming\3909
2014-05-03 14:20:52 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2014-05-03 14:20:50 99840 ----a-w- C:\Windows\System32\wudriver.dll
2014-05-03 14:20:49 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-05-03 14:20:49 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2014-05-03 14:06:30 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-03 14:06:30 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-03 14:06:26 -------- d-----w- C:\Users\Devin Vertigo\AppData\Roaming\AVAST Software
2014-05-03 14:06:11 -------- d-----w- C:\Users\Devin Vertigo\AppData\Local\Adobe
2014-05-03 14:05:56 85328 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-05-03 14:05:56 208416 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-05-03 14:05:55 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-05-03 14:05:55 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-05-03 14:05:55 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-05-03 14:05:55 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-05-03 14:05:55 1039096 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-05-03 14:05:54 43152 ----a-w- C:\Windows\avastSS.scr
2014-05-03 14:05:47 -------- d-----w- C:\Program Files\AVAST Software
2014-05-03 14:05:32 -------- d-----w- C:\ProgramData\AVAST Software
2014-05-03 14:02:56 -------- d-----w- C:\Users\Devin Vertigo\AppData\Local\Google
2014-05-03 14:02:51 -------- d-----w- C:\Users\Devin Vertigo\AppData\Local\Deployment
2014-05-03 14:02:51 -------- d-----w- C:\Users\Devin Vertigo\AppData\Local\Apps
2014-05-03 13:59:00 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-03 13:58:32 922968 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-05-03 13:58:32 6714312 ----a-w- C:\Windows\System32\nvcpl.dll
2014-05-03 13:58:32 64968 ----a-w- C:\Windows\System32\nvshext.dll
2014-05-03 13:58:32 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2014-05-03 13:58:32 3649185 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-05-03 13:58:32 3497816 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-05-03 13:58:29 62408 ----a-w- C:\Windows\System32\OpenCL.dll
2014-05-03 13:58:29 54216 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2014-05-03 13:58:27 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2014-05-03 13:58:25 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2014-05-03 13:57:48 -------- d-----w- C:\Program Files (x86)\VideoLAN
2014-05-03 13:57:10 -------- d-----w- C:\Users\Devin Vertigo\AppData\Local\Amazon
2014-05-03 13:55:44 -------- d-----w- C:\ProgramData\Samsung
2014-05-03 13:54:51 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2014-05-03 13:54:26 -------- d-----w- C:\Program Files\NVIDIA Corporation
2014-05-03 13:54:20 -------- d-----w- C:\Users\Devin Vertigo\AppData\Roaming\Logishrd
2014-05-03 13:53:15 -------- d-----w- C:\Program Files (x86)\ASM104xUSB3
2014-05-03 13:53:09 -------- d-sh--w- C:\Windows\Installer
2014-05-03 13:51:53 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2014-05-03 13:51:49 -------- d-----w- C:\Program Files (x86)\Realtek
.
==================== Find3M  ====================
.
2014-05-03 15:43:40 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2014-04-14 02:24:46 465408 ----a-w- C:\Windows\System32\aepdu.dll
2014-04-14 02:19:37 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-03-31 13:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-03-21 19:43:50 37320 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 21:49:07.71 ===============
---
HIJACKTHIS
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:59:29 PM, on 5/5/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Devin Vertigo\Downloads\6elkob5h.exe
C:\Program Files\Firestorm\SLPlugin.exe
C:\Program Files\Firestorm\SLPlugin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun
O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
O4 - HKCU\..\Run: [Amazon Cloud Player] "C:\Users\Devin Vertigo\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
O4 - Startup: Samsung Magician.lnk = C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
O4 - Startup: Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 8546 bytes
--
Combofix
 
ComboFix 14-05-05.01 - Devin Vertigo 05/05/2014  21:39:29.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16351.12072 [GMT -4:00]
Running from: c:\users\Devin Vertigo\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-06 to 2014-05-06  )))))))))))))))))))))))))))))))
.
.
2014-05-06 01:43 . 2014-05-06 01:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-05 23:42 . 2014-04-29 14:01 23547904 ----a-w- c:\windows\system32\mshtml.dll
2014-05-05 23:42 . 2014-04-29 13:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-05 23:42 . 2014-04-29 12:34 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-05 02:18 . 2014-05-06 01:20 -------- d-----w- c:\program files\PeerBlock
2014-05-05 00:49 . 2014-05-05 00:49 -------- d-----w- c:\program files\CCleaner
2014-05-05 00:12 . 2014-05-05 00:13 -------- d-----w- c:\program files (x86)\LibreOffice 4
2014-05-05 00:10 . 2014-05-05 00:10 -------- d-----w- c:\program files (x86)\VST
2014-05-05 00:09 . 2014-05-05 00:10 -------- d-----w- c:\program files (x86)\Acoustica Mixcraft 6
2014-05-05 00:09 . 2014-05-05 00:10 -------- d-----w- c:\programdata\Acoustica
2014-05-04 22:25 . 2014-05-04 22:25 -------- d-----w- c:\program files (x86)\FreeAlarmClock
2014-05-04 19:27 . 2014-05-06 01:39 -------- d-----w- c:\program files\Firestorm
2014-05-04 19:27 . 2014-05-04 19:27 -------- d-----w- c:\programdata\Package Cache
2014-05-04 19:15 . 2014-03-06 08:15 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-05-04 11:24 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2014-05-04 11:24 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2014-05-04 11:24 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2014-05-04 11:24 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2014-05-04 11:24 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-05-04 11:24 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-05-04 11:24 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-05-04 11:24 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-05-04 11:24 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-05-04 11:24 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-05-04 11:22 . 2014-04-17 09:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06B2BA0D-03B3-4BFD-ADAF-FE824C53DEBA}\mpengine.dll
2014-05-04 00:07 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2014-05-04 00:03 . 2007-04-04 22:54 107368 ----a-w- c:\windows\system32\xinput1_3.dll
2014-05-04 00:03 . 2007-04-04 22:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2014-05-03 23:50 . 2014-05-06 01:19 -------- d-----w- c:\program files (x86)\Steam
2014-05-03 21:50 . 2014-03-21 19:43 40392 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2014-05-03 21:50 . 2014-03-21 19:43 33568 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2014-05-03 21:41 . 2010-05-26 15:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2014-05-03 21:41 . 2010-05-26 15:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2014-05-03 21:41 . 2010-05-26 15:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2014-05-03 21:41 . 2010-05-26 15:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2014-05-03 21:41 . 2010-05-26 15:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2014-05-03 21:41 . 2014-04-02 13:27 1081112 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-05-03 21:41 . 2014-04-02 13:27 1225920 ----a-w- c:\windows\system32\nvspcap64.dll
2014-05-03 21:41 . 2014-05-03 21:41 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2014-05-03 21:41 . 2014-03-04 11:32 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-05-03 17:59 . 2010-05-26 15:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2014-05-03 17:37 . 2014-05-05 02:11 -------- d-----w- c:\windows\Panther
2014-05-03 15:46 . 2014-05-03 15:46 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-03 15:38 . 2014-05-03 15:38 -------- d-----w- c:\windows\SysWow64\Wat
2014-05-03 15:38 . 2014-05-03 15:38 -------- d-----w- c:\windows\system32\Wat
2014-05-03 15:35 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-05-03 15:35 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-05-03 15:35 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-05-03 15:35 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-05-03 15:35 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-05-03 15:27 . 2014-05-03 15:27 -------- d-----w- c:\windows\Migration
2014-05-03 15:22 . 2013-10-14 22:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-05-03 15:11 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2014-05-03 15:03 . 2014-05-03 15:03 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2014-05-03 14:48 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-05-03 14:48 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-05-03 14:48 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-05-03 14:48 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-05-03 14:48 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2014-05-03 14:48 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2014-05-03 14:48 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-05-03 14:44 . 2014-05-03 14:45 -------- d-----w- c:\windows\system32\MRT
2014-05-03 14:39 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2014-05-03 14:39 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2014-05-03 14:39 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2014-05-03 14:32 . 2013-12-04 02:27 485888 ----a-w- c:\windows\system32\secproc_isv.dll
2014-05-03 14:31 . 2011-05-04 05:25 2315776 ----a-w- c:\windows\system32\tquery.dll
2014-05-03 14:30 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2014-05-03 14:29 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2014-05-03 14:29 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2014-05-03 14:24 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-05-03 14:24 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2014-05-03 14:24 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-05-03 14:24 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2014-05-03 14:20 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2014-05-03 14:20 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2014-05-03 14:20 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2014-05-03 14:20 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2014-05-03 14:20 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2014-05-03 14:20 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2014-05-03 14:20 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2014-05-03 14:20 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2014-05-03 14:20 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-05-03 14:06 . 2014-05-03 14:06 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-03 14:06 . 2014-05-03 14:06 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-03 14:06 . 2014-05-03 14:06 -------- d-----w- c:\windows\SysWow64\Macromed
2014-05-03 14:06 . 2014-05-03 14:06 -------- d-----w- c:\windows\system32\Macromed
2014-05-03 14:05 . 2014-05-03 14:05 85328 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-05-03 14:05 . 2014-05-03 14:05 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-05-03 14:05 . 2014-05-03 14:05 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-05-03 14:05 . 2014-05-03 14:05 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-05-03 14:05 . 2014-05-03 14:05 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-05-03 14:05 . 2014-05-03 14:05 423240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-05-03 14:05 . 2014-05-03 14:05 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-05-03 14:05 . 2014-05-03 14:05 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-05-03 14:05 . 2014-05-03 14:05 1039096 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-05-03 14:05 . 2014-05-03 14:05 43152 ----a-w- c:\windows\avastSS.scr
2014-05-03 14:05 . 2014-05-03 14:05 -------- d-----w- c:\program files\AVAST Software
2014-05-03 14:05 . 2014-05-03 14:05 -------- d-----w- c:\programdata\AVAST Software
2014-05-03 14:03 . 2014-05-05 02:13 -------- d-----w- c:\program files (x86)\Google
2014-05-03 13:59 . 2014-05-03 13:59 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-05-03 13:59 . 2014-05-03 13:58 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-03 13:58 . 2014-05-03 13:58 -------- d-----w- c:\program files (x86)\Java
2014-05-03 13:58 . 2014-05-06 01:19 -------- d-----w- c:\programdata\NVIDIA
2014-05-03 13:58 . 2014-03-04 13:06 6714312 ----a-w- c:\windows\system32\nvcpl.dll
2014-05-03 13:58 . 2014-03-04 13:06 3497816 ----a-w- c:\windows\system32\nvsvc64.dll
2014-05-03 13:58 . 2014-03-04 13:05 922968 ----a-w- c:\windows\system32\nvvsvc.exe
2014-05-03 13:58 . 2014-03-04 13:05 64968 ----a-w- c:\windows\system32\nvshext.dll
2014-05-03 13:58 . 2014-03-04 13:05 386336 ----a-w- c:\windows\system32\nvmctray.dll
2014-05-03 13:58 . 2014-03-04 13:05 3649185 ----a-w- c:\windows\system32\nvcoproc.bin
2014-05-03 13:58 . 2014-03-04 14:35 62408 ----a-w- c:\windows\system32\OpenCL.dll
2014-05-03 13:58 . 2014-03-04 14:35 54216 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-05-03 13:58 . 2014-05-03 21:50 -------- d-----w- c:\programdata\NVIDIA Corporation
2014-05-03 13:58 . 2014-05-03 21:50 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2014-05-03 13:57 . 2014-05-03 13:57 -------- d-----w- c:\program files (x86)\VideoLAN
2014-05-03 13:55 . 2014-05-03 13:55 -------- d-----w- c:\programdata\Samsung
2014-05-03 13:55 . 2014-05-03 13:55 -------- d-----w- c:\program files (x86)\Samsung
2014-05-03 13:55 . 2014-05-03 13:55 -------- d-----w- c:\programdata\Logitech
2014-05-03 13:55 . 2014-05-06 01:19 -------- d-----w- c:\program files (x86)\Trillian
2014-05-03 13:55 . 2014-05-03 13:55 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-05-03 13:55 . 2014-05-03 13:55 -------- d-----r- c:\program files (x86)\Skype
2014-05-03 13:55 . 2014-05-03 14:36 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2014-05-03 13:55 . 2014-05-03 13:55 -------- d-----w- c:\programdata\Skype
2014-05-03 13:55 . 2014-05-03 15:43 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2014-05-03 13:54 . 2014-05-03 14:02 -------- d-----w- c:\program files (x86)\Common Files\Steam
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-31 13:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-04 09:17 . 2014-05-03 14:35 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20924064]
"FreeAC"="c:\program files (x86)\FreeAlarmClock\FreeAlarmClock.exe" [2014-02-21 1553688]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2014-01-14 2513992]
"Amazon Cloud Player"="c:\users\Devin Vertigo\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2014-03-07 3168576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-05-03 3873704]
.
c:\users\Devin Vertigo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe /remind /language=ENU /_WFM="." [2009-11-16 517384]
Samsung Magician.lnk - c:\program files (x86)\Samsung\Samsung Magician\Samsung Magician.exe  /AUTOHIDE [2014-5-3 4580256]
Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2014-4-8 2622832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVUVC64;Logitech HD Pro Webcam C920(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys;c:\program files\PeerBlock\pbfilter.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PBFILTER
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-05 02:13 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-03 14:06]
.
2014-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-05 02:13]
.
2014-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-05 02:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-03 14:05 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 3091224]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-02 2201032]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-04-02 1225920]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 199.182.166.168 199.182.166.169 209.18.47.61
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-05  21:44:04
ComboFix-quarantined-files.txt  2014-05-06 01:44
.
Pre-Run: 119,321,518,080 bytes free
Post-Run: 119,094,218,752 bytes free
.
- - End Of File - - 4E4B3AF889F440608378ABB3B369637D
A36C5E4F47E84449FF07ED3517B43A31
 
Combofix Quarintined files
 
2014-05-06 01:41:46 . 2014-05-06 01:41:46            4,083 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2014-05-06 01:38:32 . 2014-05-06 01:38:32               51 ----a-w-  C:\Qoobox\Quarantine\catchme.log
 
 

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 dmlocklear

dmlocklear
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 10 May 2014 - 09:44 AM

Let's hope CLoudflare let's this through. Not a duplicate. Format no go on last issue. Bios flash no good, secure erase ssd no good. Diskpart clean on Hdd for storage no good. Switch to linux?! Frustrated.

 

Devin

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17041
Run by Devin Vertigo at 10:43:10 on 2014-05-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16351.13232 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\RAPID\SamsungRapidSvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\Users\DEVINV~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
StartupFolder: C:\Users\DEVINV~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
StartupFolder: C:\Users\DEVINV~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
TCP: NameServer = 199.182.166.168 199.182.166.169 209.18.47.61
TCP: Interfaces\{E9EC230A-F29C-479B-90D4-DE09A802D5AB} : DHCPNameServer = 199.182.166.168 199.182.166.169 209.18.47.61
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [SamsungRapidApp] C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Devin Vertigo\AppData\Roaming\Mozilla\Firefox\Profiles\dsy41n2o.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-5-9 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-5-9 208416]
R0 SamsungRapidDiskFltr;SAMSUNG RAPID Mode Disk Filter Driver;C:\Windows\System32\drivers\SamsungRapidDiskFltr.sys [2014-5-9 240864]
R0 SamsungRapidFSFltr;SamsungRapidFSFltr;C:\Windows\System32\drivers\SamsungRapidFSFltr.sys [2013-7-29 111328]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-5-9 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-5-9 423240]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-9 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-5-9 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-5-9 85328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-5-9 50344]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-4-11 1764992]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-5-9 1618888]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-5-9 21009352]
R2 SamsungRapidSvc;Samsung RAPID Mode Service;system32\RAPID\SamsungRapidSvc.exe --> system32\RAPID\SamsungRapidSvc.exe [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-5-9 411936]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2010-11-15 121832]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2010-11-15 364520]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-5-23 77592]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-5-23 13080]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-5-9 19744]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-5-9 40392]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-5-9 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-5-9 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-9 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-5-9 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-5-9 1255736]
.
=============== Created Last 30 ================
.
2014-05-10 04:50:34 -------- d-----w- C:\Windows\Panther
2014-05-10 03:56:54 -------- d-----w- C:\Program Files (x86)\ESET
2014-05-10 03:39:55 -------- d-s---w- C:\Windows\System32\CompatTel
2014-05-10 03:39:54 -------- d-----w- C:\Windows\SysWow64\Wat
2014-05-10 03:39:54 -------- d-----w- C:\Windows\System32\Wat
2014-05-10 03:36:34 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-05-10 03:36:34 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-05-10 03:36:34 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-05-10 03:36:33 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-05-10 03:28:58 -------- d-----w- C:\Windows\Migration
2014-05-10 03:21:01 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-10 03:21:01 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll
2014-05-10 03:13:23 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2014-05-10 03:03:23 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-05-10 02:58:21 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-05-10 02:58:20 30208 ----a-w- C:\Windows\System32\drivers\TsUsbGD.sys
2014-05-10 02:58:20 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2014-05-10 02:58:19 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2014-05-10 02:58:19 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2014-05-10 02:58:19 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2014-05-10 02:58:18 3174912 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-05-10 02:44:20 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2014-05-10 02:44:20 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2014-05-10 02:44:20 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2014-05-10 02:44:20 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2014-05-10 02:44:20 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2014-05-10 02:44:19 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2014-05-10 02:44:19 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2014-05-10 02:40:47 -------- d-----w- C:\Windows\System32\MRT
2014-05-10 02:35:42 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2014-05-10 02:35:41 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2014-05-10 02:35:41 5120 ----a-w- C:\Windows\System32\wmi.dll
2014-05-10 02:31:59 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
2014-05-10 02:30:47 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2014-05-10 02:27:48 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2014-05-10 02:26:58 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2014-05-10 02:24:06 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-05-10 02:24:05 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{712795EB-17AE-4B0F-ADEE-93836DE6B4EC}\mpengine.dll
2014-05-10 02:17:24 -------- d-----w- C:\Program Files (x86)\ASM104xUSB3
2014-05-10 02:13:00 53248 ----a-r- C:\Users\Devin Vertigo\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2014-05-10 02:12:56 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2014-05-10 02:08:04 -------- d-----w- C:\Users\Devin Vertigo\AppData\Roaming\NVIDIA
2014-05-10 02:08:00 -------- d-----w- C:\Users\Devin Vertigo\AppData\Roaming\Firestorm_x64
2014-05-10 02:08:00 -------- d-----w- C:\Users\Devin Vertigo\AppData\Local\FirestormOS_x64
2014-05-10 02:07:13 -------- d-----w- C:\Users\Devin Vertigo\AppData\Roaming\Logishrd
2014-05-10 02:06:39 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2014-05-10 02:06:39 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2014-05-10 02:06:39 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2014-05-10 02:04:48 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2014-05-10 02:04:46 99840 ----a-w- C:\Windows\System32\wudriver.dll
2014-05-10 02:04:45 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-05-10 02:04:45 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2014-05-10 01:54:44 240864 ----a-w- C:\Windows\System32\drivers\SamsungRapidDiskFltr.sys
2014-05-10 01:54:44 -------- d-----w- C:\Windows\System32\RAPID
2014-05-10 01:50:32 -------- d-----w- C:\Program Files (x86)\LibreOffice 4
2014-05-10 01:47:13 -------- d-----w- C:\ProgramData\Samsung
2014-05-10 01:47:13 -------- d-----w- C:\Program Files (x86)\Samsung
2014-05-10 01:45:40 -------- d-----w- C:\Program Files\Firestorm
2014-05-10 01:45:29 -------- d-----w- C:\ProgramData\Package Cache
2014-05-10 01:40:14 -------- d-----w- C:\Program Files (x86)\VideoLAN
2014-05-10 01:39:54 -------- d-----w- C:\Users\Devin Vertigo\AppData\Local\NVIDIA Corporation
2014-05-10 01:37:56 62408 ----a-w- C:\Windows\System32\OpenCL.dll
2014-05-10 01:37:56 54216 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2014-05-10 01:37:53 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2014-05-10 01:37:49 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2014-05-10 01:34:32 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-05-10 01:34:32 85328 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-05-10 01:34:32 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-05-10 01:34:32 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-05-10 01:34:32 43152 ----a-w- C:\Windows\avastSS.scr
2014-05-10 01:34:32 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-05-10 01:34:32 208416 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-05-10 01:34:32 1039096 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-05-10 01:33:52 -------- d-----w- C:\Program Files\AVAST Software
2014-05-10 01:33:30 -------- d-----w- C:\ProgramData\AVAST Software
2014-05-10 01:33:00 -------- d-sh--w- C:\Windows\Installer
2014-05-10 01:32:48 -------- d-----w- C:\Program Files\NVIDIA Corporation
2014-05-10 01:32:32 -------- d-----w- C:\NVIDIA
2014-05-10 01:28:00 -------- d-----w- C:\Users\Devin Vertigo\AppData\Local\Google
2014-05-10 01:27:56 -------- d-----w- C:\Users\Devin Vertigo\AppData\Local\Deployment
2014-05-10 01:27:56 -------- d-----w- C:\Users\Devin Vertigo\AppData\Local\Apps
2014-05-10 01:18:08 -------- d-----w- C:\Program Files (x86)\Steam
2014-05-10 01:18:08 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2014-05-10 01:16:52 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2014-05-10 01:16:49 -------- d-----w- C:\Program Files (x86)\Realtek
2014-05-10 00:58:31 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-10 00:58:25 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-10 00:58:25 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-10 00:58:25 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-10 00:58:25 -------- d-----w- C:\ProgramData\Malwarebytes
2014-05-10 00:58:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-10 00:58:16 -------- d-----w- C:\Users\Devin Vertigo\AppData\Local\Programs
2014-05-01 20:58:14 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2014-05-01 20:58:14 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
.
==================== Find3M  ====================
.
2014-04-30 18:29:25 1081112 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-04-30 18:29:03 1225920 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-04-14 02:24:46 465408 ----a-w- C:\Windows\System32\aepdu.dll
2014-04-14 02:19:37 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-03-31 16:42:44 40392 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-03-31 16:42:42 37320 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-03-31 16:42:40 34760 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-03-31 13:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-03-04 13:06:00 6714312 ----a-w- C:\Windows\System32\nvcpl.dll
2014-03-04 13:06:00 3497816 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-03-04 13:05:58 922968 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-03-04 13:05:58 64968 ----a-w- C:\Windows\System32\nvshext.dll
2014-03-04 13:05:57 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2014-03-04 13:05:53 3649185 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-03-04 11:32:59 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
.
============= FINISH: 10:43:22.82 ===============

Attached Files


Edited by xXToffeeXx, 10 May 2014 - 10:44 AM.
Merged post from another topic


#3 dmlocklear

dmlocklear
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 10 May 2014 - 09:47 AM

let it through. phew.



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:47 AM

Posted 10 May 2014 - 09:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/533410 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:47 AM

Posted 15 May 2014 - 09:30 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users