Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast thought it stopped something, but it really didn't. slow operation.


  • This topic is locked This topic is locked
38 replies to this topic

#1 ZulaZ

ZulaZ

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 22 October 2014 - 09:18 PM

I did try two days worth of self repair before reading the instructions for this forum I hope that is ok.

 

I was playing with free automation software when a downloaded install file caused a blocked malware attempt message from my avast shield. I figured if avast thought it stopped something I should check to make sure it actually stopped everything, a boot time scan revealed several other infections. I thought I could solve the problem myself, but I keep getting clean scans at the end of the day and more viruses and slow performance the next day. I've used the tutorials and downloads from this site before but I think I need real help with this one.

 

I've ran alot of tools at this point almost everything in safe mode:

rKill

Mallwarebites

adwCleaner

SuperAnispyware

avast scan in normal mode and boot time

 

I'm certain there is something still haunting the computer in the background I use this machine alot for work and it feels slower than it should. I just ran ESET, it found some things and removed them, then for fun I ran it a second time and it found entirely new things, so I stopped it and decide to try getting help here, while i was trying to find those tools I saw alot of posts on this forum and it seemed like everyone got aid. I'll not do anymore self repair attempts while this post is active.

 

I think I'm supposed todo this, DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.67.2
Run by 3dev at 19:00:50 on 2014-10-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16366.6311 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\Microsoft Kinect Drivers\Service\KinectManagementService.exe
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe
C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
c:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe
C:\Program Files\Autodesk\3ds Max Design 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe
C:\Program Files\Motorola\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Motorola\Bluetooth\audiosrv.exe
C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\perfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\Notepad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uProxyOverride = <local>;192.168.*.*;*.local
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [SteelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
mRun: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ADSKAppManager] "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun
StartupFolder: C:\Users\3dev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6E9AF319-8418-441D-95C0-E264B69AB7C3} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.google.com
x64-BHO: SofteCoup: {135691C8-9994-FDBF-0C4A-456F706AADD6} - 
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
x64-IE: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\3dev\AppData\Roaming\Mozilla\Firefox\Profiles\rwhbf8ed.default-1407268430289\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\3dev\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AppleHFS;AppleHFS;C:\Windows\System32\drivers\AppleHFS.sys [2011-7-2 72024]
R0 AppleMNT;AppleMNT;C:\Windows\System32\drivers\AppleMNT.sys [2011-7-2 16216]
R0 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswNdisFlt.sys [2014-8-5 448400]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-5 65776]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-8-14 55280]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-8-5 28184]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2012-8-5 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2012-8-5 427360]
R2 AdAppMgrSvc;Autodesk Application Manager Service;C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [2014-8-30 597896]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-6-22 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-8-5 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-10 92008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2014-8-5 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\Alwil Software\Avast5\afwServ.exe [2014-8-5 106488]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files\Motorola\Bluetooth\obexsrv.exe [2012-8-7 679176]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-9-20 1148744]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-8-5 133800]
R2 KinectManagement;Kinect Management;C:\Program Files\Microsoft Kinect Drivers\Service\KinectManagementService.exe [2013-8-20 98816]
R2 McNeelUpdate;McNeel Update Service 5.0;C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [2014-6-9 67224]
R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max Design 2012 64-bit - English 64-bit;C:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016]
R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-9-14 86016]
R2 mi-raysat_3dsmax2014_64;mental ray Satellite for Autodesk 3ds Max Design 2014 64-bit;C:\Program Files\Autodesk\3ds Max Design 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [2011-9-14 86016]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-4-20 1795912]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-8-3 19439944]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-9-20 411968]
R2 WindowsVNT_R3;Windows Virtual Network (WVN3);C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe [2014-10-20 2973600]
R3 Bluetooth Device Manager;Bluetooth Device Manager;C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [2012-8-7 4150536]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files\Motorola\Bluetooth\audiosrv.exe [2012-8-7 1188616]
R3 busenum;SteelBusSvc;C:\Windows\System32\drivers\SteelBus64.sys [2013-4-26 134656]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-8-7 1357104]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-7-26 78848]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-7-26 180224]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-5-6 19272]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-9-20 38048]
R3 SAlphamHid;SteelHIDSvc;C:\Windows\System32\drivers\SAlpham64.sys [2013-5-31 38016]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfswin7.sys [2013-6-26 768680]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaywin7.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirwin7.sys [2013-6-26 29352]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvolwin7.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 BTMCOM;Bluetooth Serial Port;C:\Windows\System32\drivers\btmcom.sys [2012-8-7 52736]
S3 BTMUSB;Motorola Bluetooth Radio Service;C:\Windows\System32\drivers\btmusb.sys [2012-8-7 479616]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [2013-12-2 25832]
S3 EfiVariable;Efi Variable Service;C:\Windows\SysWOW64\drivers\variable64.sys [2012-8-7 18200]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-15 111616]
S3 KinectCamera;Kinect for Windows Camera Driver;C:\Windows\System32\drivers\kinectcamera.sys [2013-2-27 192512]
S3 mi-raysat_3dsmax2015_64;mental ray Satellite for Autodesk 3ds Max Design 2015 64-bit;C:\Program Files\Autodesk\3ds Max Design 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe [2011-9-14 86016]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2014-5-7 121416]
S3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;C:\Windows\System32\drivers\PcaSp60.sys [2012-11-3 38912]
S3 psdrv3;PrimeSense Sensor Device Driver Service v3.x;C:\Windows\System32\drivers\psdrv3.sys [2012-5-24 24472]
S3 Razerlow;Razer Pro|Solutions;C:\Windows\System32\drivers\Razerlow.sys [2005-11-7 21120]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-18 19456]
S3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2013-11-14 149160]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-18 56832]
S3 VaneFltr;Lachesis Mouse Driver;C:\Windows\System32\drivers\Lachesis.sys [2014-1-11 29952]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-5 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 YouTubeDownload;YouTube Downloader Services;C:\Program Files (x86)\YouTube Downloader Services\youtubeserv.exe --> C:\Program Files (x86)\YouTube Downloader Services\youtubeserv.exe [?]
.
=============== Created Last 30 ================
.
2014-10-22 19:26:06 -------- d-----w- C:\Program Files (x86)\ESET
2014-10-22 19:04:40 37624 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2014-10-22 19:04:39 -------- d-----w- C:\ProgramData\RogueKiller
2014-10-22 05:48:38 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{93526DC0-9BA9-4D62-9EFC-C846FE54FCB9}\offreg.dll
2014-10-21 13:44:11 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{93526DC0-9BA9-4D62-9EFC-C846FE54FCB9}\mpengine.dll
2014-10-21 03:25:30 15369544 ----a-r- C:\Users\3dev\AppData\Roaming\Microsoft\Installer\{413A0A2B-D154-4457-833F-3299DB3183FF}\PhotoSceneEditor.exe
2014-10-21 01:47:37 -------- d-----w- C:\Users\3dev\.swt
2014-10-21 01:43:26 -------- d-----w- C:\Users\3dev\AppData\Local\Ankama
2014-10-20 17:44:40 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-20 13:52:02 -------- d-sh--w- C:\$RECYCLE.BIN
2014-10-20 03:47:10 -------- d-----w- C:\ProgramData\HitmanPro
2014-10-20 03:18:52 -------- d-----w- C:\ProgramData\Malwarebytes
2014-10-20 03:15:57 -------- d-----w- C:\Windows\ERUNT
2014-10-19 20:47:57 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-19 20:25:57 -------- d-----w- C:\Users\3dev\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
2014-10-19 20:25:57 -------- d-----w- C:\Users\3dev\AppData\Roaming\com.adobe.WidgetBrowser
2014-10-18 19:47:21 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET
2014-10-18 12:22:04 -------- d-----w- C:\Program Files (x86)\GSAutoClicker3
2014-10-18 11:41:18 -------- d-----w- C:\ProgramData\Windows VXM
2014-10-18 11:41:18 -------- d-----w- C:\Program Files (x86)\Windows Network Accelerater
2014-10-18 11:40:58 -------- d-----w- C:\ProgramData\Optimizer
2014-10-18 11:37:51 -------- d-----w- C:\ProgramData\nWeJiZ
2014-10-15 20:51:52 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-10-07 00:59:15 -------- d-----w- C:\Program Files (x86)\Razer Surround Driver Installer
2014-09-30 20:22:30 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-30 20:22:30 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-28 23:26:17 -------- d-----r- C:\Program Files (x86)\Skype
2014-09-24 23:10:02 -------- d-----w- C:\Users\3dev\AppData\Roaming\Mumble
2014-09-24 23:04:09 -------- d-----w- C:\Program Files (x86)\Mumble
2014-09-24 08:59:13 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-24 08:59:13 2048 ----a-w- C:\Windows\System32\tzres.dll
.
==================== Find3M  ====================
.
2014-10-10 02:05:59 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-10-02 22:53:02 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-09-29 00:58:48 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-18 01:32:52 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-09-17 04:51:20 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2014-09-17 04:51:20 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2014-09-17 04:51:20 1538880 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2014-09-17 02:13:36 2193560 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-09-17 02:13:36 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-09-17 02:12:40 2799784 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-09-17 02:12:39 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-09-13 21:53:36 6890696 ----a-w- C:\Windows\System32\nvcpl.dll
2014-09-13 21:53:36 3529872 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-09-13 21:53:34 934216 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-09-13 21:53:34 62608 ----a-w- C:\Windows\System32\nvshext.dll
2014-09-13 21:53:34 385168 ----a-w- C:\Windows\System32\nvmctray.dll
2014-09-13 20:13:03 613696 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-09-13 01:58:18 77312 ----a-w- C:\Windows\System32\packager.dll
2014-09-13 01:40:05 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-09-11 15:37:55 3961833 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-09-05 02:11:09 6584320 ----a-w- C:\Windows\System32\mstscax.dll
2014-09-05 01:52:41 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-09-04 19:14:38 38048 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-09-04 19:14:38 34976 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-09-04 19:14:38 32416 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-29 02:07:13 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-05 23:15:42 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-08-05 23:15:42 92008 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-08-05 23:15:42 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-08-05 23:15:42 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-08-05 23:15:42 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-08-05 23:15:42 224896 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-08-05 23:15:42 1041168 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-08-05 23:15:41 43152 ----a-w- C:\Windows\avastSS.scr
2014-08-05 23:15:36 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2014-08-05 23:15:33 448400 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys
2014-08-01 11:53:22 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-08-01 11:35:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-07-25 19:55:09 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-25 09:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 06:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
.
============= FINISH: 19:01:08.50 ===============
 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 PM

Posted 27 October 2014 - 09:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/552975 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 ZulaZ

ZulaZ
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 28 October 2014 - 01:48 AM

Thank you for responding.

 

I own a i7 2nd gen, with 16 gigs of ram and Windows 7 x64. I do own the original windows disks.

I've tried to not do anything that could expose a professional or personal acount on the computer, but I had to finally cave and log into my email systems. I have not typed any passwords however as those systems are memorized by my browser. I hope they are not exposed.

 

As requested a new DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.67.2
Run by 3dev at 23:40:38 on 2014-10-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16366.7042 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\Microsoft Kinect Drivers\Service\KinectManagementService.exe
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe
C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe
C:\Program Files\Autodesk\3ds Max Design 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe
C:\Program Files\Motorola\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Motorola\Bluetooth\audiosrv.exe
C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Autodesk\3ds Max Design 2015\3dsmax.exe
C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\Lib\WSCommCntr4.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_runtime.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Q:\140061.enu\Office14\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uProxyOverride = <local>;192.168.*.*;*.local
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [SteelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
mRun: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ADSKAppManager] "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun
StartupFolder: C:\Users\3dev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\3dev\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NEXONL~1.LNK - C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6E9AF319-8418-441D-95C0-E264B69AB7C3} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.google.com
x64-BHO: SofteCoup: {135691C8-9994-FDBF-0C4A-456F706AADD6} - 
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
x64-IE: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\3dev\AppData\Roaming\Mozilla\Firefox\Profiles\rwhbf8ed.default-1407268430289\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\3dev\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AppleHFS;AppleHFS;C:\Windows\System32\drivers\AppleHFS.sys [2011-7-2 72024]
R0 AppleMNT;AppleMNT;C:\Windows\System32\drivers\AppleMNT.sys [2011-7-2 16216]
R0 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswNdisFlt.sys [2014-8-5 448400]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-5 65776]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-8-14 55280]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-8-5 28184]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2012-8-5 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2012-8-5 427360]
R2 AdAppMgrSvc;Autodesk Application Manager Service;C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [2014-8-30 597896]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-6-22 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-8-5 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-10 92008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2014-8-5 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\Alwil Software\Avast5\afwServ.exe [2014-8-5 106488]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files\Motorola\Bluetooth\obexsrv.exe [2012-8-7 679176]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-9-20 1149760]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-8-5 133800]
R2 KinectManagement;Kinect Management;C:\Program Files\Microsoft Kinect Drivers\Service\KinectManagementService.exe [2013-8-20 98816]
R2 McNeelUpdate;McNeel Update Service 5.0;C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [2014-6-9 67224]
R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max Design 2012 64-bit - English 64-bit;C:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016]
R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-9-14 86016]
R2 mi-raysat_3dsmax2014_64;mental ray Satellite for Autodesk 3ds Max Design 2014 64-bit;C:\Program Files\Autodesk\3ds Max Design 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [2011-9-14 86016]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-4-20 1796928]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-8-3 19440960]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-10-23 410952]
R2 WindowsVNT_R3;Windows Virtual Network (WVN3);C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe [2014-10-20 2973600]
R3 Bluetooth Device Manager;Bluetooth Device Manager;C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [2012-8-7 4150536]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files\Motorola\Bluetooth\audiosrv.exe [2012-8-7 1188616]
R3 busenum;SteelBusSvc;C:\Windows\System32\drivers\SteelBus64.sys [2013-4-26 134656]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-8-7 1357104]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-7-26 78848]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-7-26 180224]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-5-6 20288]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-9-20 38048]
R3 SAlphamHid;SteelHIDSvc;C:\Windows\System32\drivers\SAlpham64.sys [2013-5-31 38016]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfswin7.sys [2013-6-26 768680]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaywin7.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirwin7.sys [2013-6-26 29352]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvolwin7.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 BTMCOM;Bluetooth Serial Port;C:\Windows\System32\drivers\btmcom.sys [2012-8-7 52736]
S3 BTMUSB;Motorola Bluetooth Radio Service;C:\Windows\System32\drivers\btmusb.sys [2012-8-7 479616]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [2013-12-2 25832]
S3 EfiVariable;Efi Variable Service;C:\Windows\SysWOW64\drivers\variable64.sys [2012-8-7 18200]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-15 111616]
S3 KinectCamera;Kinect for Windows Camera Driver;C:\Windows\System32\drivers\kinectcamera.sys [2013-2-27 192512]
S3 mi-raysat_3dsmax2015_64;mental ray Satellite for Autodesk 3ds Max Design 2015 64-bit;C:\Program Files\Autodesk\3ds Max Design 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe [2011-9-14 86016]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2014-5-7 121416]
S3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;C:\Windows\System32\drivers\PcaSp60.sys [2012-11-3 38912]
S3 psdrv3;PrimeSense Sensor Device Driver Service v3.x;C:\Windows\System32\drivers\psdrv3.sys [2012-5-24 24472]
S3 Razerlow;Razer Pro|Solutions;C:\Windows\System32\drivers\Razerlow.sys [2005-11-7 21120]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-18 19456]
S3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2013-11-14 149160]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-18 56832]
S3 VaneFltr;Lachesis Mouse Driver;C:\Windows\System32\drivers\Lachesis.sys [2014-1-11 29952]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-5 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 YouTubeDownload;YouTube Downloader Services;C:\Program Files (x86)\YouTube Downloader Services\youtubeserv.exe --> C:\Program Files (x86)\YouTube Downloader Services\youtubeserv.exe [?]
.
=============== Created Last 30 ================
.
2014-10-27 06:55:03 -------- d-----w- C:\Program Files (x86)\SquareEnix
2014-10-27 00:18:42 -------- d-----w- C:\Users\3dev\AppData\Local\NexonLauncher
2014-10-27 00:18:41 -------- d-----w- C:\Users\3dev\AppData\Roaming\NexonLauncher
2014-10-27 00:18:11 -------- d-----w- C:\Program Files (x86)\Nexon
2014-10-26 23:54:28 -------- d-----w- C:\Program Files (x86)\Drakensang Online
2014-10-24 11:41:22 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E54DE75F-2A2B-4919-A7E9-9A06DD9D81E4}\offreg.dll
2014-10-24 11:40:00 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E54DE75F-2A2B-4919-A7E9-9A06DD9D81E4}\mpengine.dll
2014-10-23 11:06:49 614544 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-10-22 19:26:06 -------- d-----w- C:\Program Files (x86)\ESET
2014-10-22 19:04:40 37624 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2014-10-22 19:04:39 -------- d-----w- C:\ProgramData\RogueKiller
2014-10-21 03:25:30 15369544 ----a-r- C:\Users\3dev\AppData\Roaming\Microsoft\Installer\{413A0A2B-D154-4457-833F-3299DB3183FF}\PhotoSceneEditor.exe
2014-10-21 01:47:37 -------- d-----w- C:\Users\3dev\.swt
2014-10-21 01:43:26 -------- d-----w- C:\Users\3dev\AppData\Local\Ankama
2014-10-20 17:44:40 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-20 13:52:02 -------- d-sh--w- C:\$RECYCLE.BIN
2014-10-20 03:47:10 -------- d-----w- C:\ProgramData\HitmanPro
2014-10-20 03:18:52 -------- d-----w- C:\ProgramData\Malwarebytes
2014-10-20 03:15:57 -------- d-----w- C:\Windows\ERUNT
2014-10-19 20:47:57 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-19 20:25:57 -------- d-----w- C:\Users\3dev\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
2014-10-19 20:25:57 -------- d-----w- C:\Users\3dev\AppData\Roaming\com.adobe.WidgetBrowser
2014-10-18 19:47:21 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET
2014-10-18 12:22:04 -------- d-----w- C:\Program Files (x86)\GSAutoClicker3
2014-10-18 11:41:18 -------- d-----w- C:\ProgramData\Windows VXM
2014-10-18 11:41:18 -------- d-----w- C:\Program Files (x86)\Windows Network Accelerater
2014-10-18 11:40:58 -------- d-----w- C:\ProgramData\Optimizer
2014-10-18 11:37:51 -------- d-----w- C:\ProgramData\nWeJiZ
2014-10-15 20:51:52 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-10-07 00:59:15 -------- d-----w- C:\Program Files (x86)\Razer Surround Driver Installer
2014-09-30 20:22:30 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-30 20:22:30 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-28 23:26:17 -------- d-----r- C:\Program Files (x86)\Skype
.
==================== Find3M  ====================
.
2014-10-16 14:11:40 6883136 ----a-w- C:\Windows\System32\nvcpl.dll
2014-10-16 14:11:40 3533632 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-10-16 14:11:36 933064 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-10-16 14:11:36 61640 ----a-w- C:\Windows\System32\nvshext.dll
2014-10-16 14:11:36 384200 ----a-w- C:\Windows\System32\nvmctray.dll
2014-10-16 14:11:36 2559808 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-10-15 00:48:02 4047877 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-10-10 02:05:59 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-10-04 06:42:47 2197680 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-10-04 06:42:47 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-10-04 06:41:43 2800296 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-10-04 06:41:43 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-10-02 22:53:02 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-09-29 00:58:48 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-18 01:32:52 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-09-17 04:51:20 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2014-09-17 04:51:20 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2014-09-17 04:51:20 1538880 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2014-09-13 23:48:03 984424 ----a-w- C:\Windows\System32\SETEA83.tmp
2014-09-13 23:48:03 3223120 ----a-w- C:\Windows\System32\SETDC82.tmp
2014-09-13 23:48:03 2838424 ----a-w- C:\Windows\SysWow64\SETEE62.tmp
2014-09-13 23:48:03 20589536 ----a-w- C:\Windows\System32\SETED05.tmp
2014-09-13 23:48:03 19954520 ----a-w- C:\Windows\System32\SETE35B.tmp
2014-09-13 23:48:03 1876296 ----a-w- C:\Windows\System32\nvdispco6434411.dll
2014-09-13 23:48:03 18106152 ----a-w- C:\Windows\SysWow64\SETA6.tmp
2014-09-13 23:48:03 16875856 ----a-w- C:\Windows\SysWow64\SETF3B4.tmp
2014-09-13 23:48:03 1539272 ----a-w- C:\Windows\System32\nvdispgenco6434411.dll
2014-09-13 01:58:18 77312 ----a-w- C:\Windows\System32\packager.dll
2014-09-13 01:40:05 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-05 02:11:09 6584320 ----a-w- C:\Windows\System32\mstscax.dll
2014-09-05 01:52:41 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-09-04 19:14:38 38048 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-09-04 19:14:38 34976 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-09-04 19:14:38 32416 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-29 02:07:13 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-05 23:15:42 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-08-05 23:15:42 92008 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-08-05 23:15:42 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-08-05 23:15:42 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-08-05 23:15:42 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-08-05 23:15:42 224896 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-08-05 23:15:42 1041168 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-08-05 23:15:41 43152 ----a-w- C:\Windows\avastSS.scr
2014-08-05 23:15:36 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2014-08-05 23:15:33 448400 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys
2014-08-01 11:53:22 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-08-01 11:35:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
.
============= FINISH: 23:40:47.67 ===============


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:12 PM

Posted 28 October 2014 - 09:12 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

No personal information is gathered with the running of DDS or this tool.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.


Wait for further instructions.

#5 ZulaZ

ZulaZ
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 28 October 2014 - 10:21 AM

Thank you for responding.

Log follows:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01
Ran by 3dev (administrator) on SHIFT on 28-10-2014 08:17:49
Running from C:\Users\3dev\Desktop\malware tools
Loaded Profile: 3dev (Available profiles: 3dev)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\afwServ.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Kinect Drivers\Service\KinectManagementService.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(Robert McNeel & Associates) C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Autodesk, Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
() C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_runtime.exe
() C:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
() C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe
() C:\Program Files\Autodesk\3ds Max Design 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(MicroStudio) C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Autodesk Inc.) C:\Users\3dev\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11474024 2010-10-05] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2463552 2014-10-03] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM-x32\...\Run: [ADSK DLMSession] => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1632216 2012-07-23] (Autodesk, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4085896 2014-08-05] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [488328 2014-09-03] (Autodesk Inc.)
HKU\S-1-5-21-325537884-1032957931-1083098233-1000\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [241152 2013-06-12] (SteelSeries ApS)
Startup: C:\Users\3dev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\3dev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nexon Launcher.lnk
ShortcutTarget: Nexon Launcher.lnk -> C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * aswBoot.exe /A:*  /L:1033 /heur:80 /RA:chest /pup /archives /IA:0 /KBD:4 /wow /dir:C:\Program
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7D4CBAAC41BDCE01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: SofteCoup -> {135691C8-9994-FDBF-0C4A-456F706AADD6} -> C:\ProgramData\SofteCoup\4ni.x64.dll No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\3dev\AppData\Roaming\Mozilla\Firefox\Profiles\rwhbf8ed.default-1407268430289
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\3dev\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012-08-05]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=AV01
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\3dev\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\internal-nacl-plugin No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.670.1) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U67) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Unity Player) - C:\Users\3dev\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\3dev\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\3dev\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Pop Block Pro - The Ultimate Popup Blocker) - C:\Users\3dev\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjmjkdknjeokcmgjmdpkccpmahfmiib [2014-10-21]
CHR Extension: (Adblock Plus) - C:\Users\3dev\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-08-05]
CHR Extension: (µBlock) - C:\Users\3dev\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2014-10-21]
CHR Extension: (AdBlock) - C:\Users\3dev\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-21]
CHR Extension: (Avast Online Security) - C:\Users\3dev\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-29]
CHR Extension: (JavaScript Popup Blocker) - C:\Users\3dev\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol [2014-10-21]
CHR Extension: (Google Wallet) - C:\Users\3dev\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\3dev\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-08-21]
CHR HKCU\...\Chrome\Extension: [blklojfklgnogjaijkibhfjepakiocng] - C:\Users\3dev\AppData\Local\CRE\blklojfklgnogjaijkibhfjepakiocng.crx [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [blklojfklgnogjaijkibhfjepakiocng] - C:\Users\3dev\AppData\Local\CRE\blklojfklgnogjaijkibhfjepakiocng.crx [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-08-05]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [597896 2014-09-03] (Autodesk Inc.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-08-05] (AVAST Software)
R2 avast! Firewall; C:\Program Files\Alwil Software\Avast5\afwServ.exe [106488 2014-08-05] (AVAST Software)
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2013-12-02] (BioWare)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2012-08-07] (Macrovision Europe Ltd.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-10-03] (NVIDIA Corporation)
R2 KinectManagement; C:\Program Files\Microsoft Kinect Drivers\Service\KinectManagementService.exe [98816 2013-08-20] (Microsoft Corporation) [File not signed]
R2 McNeelUpdate; C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [67224 2014-06-09] (Robert McNeel & Associates)
R2 mi-raysat_3dsmax2012_64; c:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [86016 2011-02-22] () [File not signed]
R2 mi-raysat_3dsmax2013_64; C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [86016 2011-09-14] () [File not signed]
R2 mi-raysat_3dsmax2014_64; C:\Program Files\Autodesk\3ds Max Design 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [86016 2011-09-14] () [File not signed]
S3 mi-raysat_3dsmax2015_64; C:\Program Files\Autodesk\3ds Max Design 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe [86016 2011-09-14] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-10-03] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-10-03] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-01] ()
R2 WindowsVNT_R3; C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe [2973600 2014-10-20] (MicroStudio) [File not signed]
S4 YouTubeDownload; C:\Program Files (x86)\YouTube Downloader Services\youtubeserv.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-05] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-08-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-05] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-08-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-05] (AVAST Software)
S3 EfiVariable; C:\Windows\SysWOW64\Drivers\variable64.sys [18200 2010-10-28] (Windows ® Server 2003 DDK provider)
S3 KinectCamera; C:\Windows\System32\Drivers\kinectcamera.sys [192512 2013-02-27] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-10-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-06] (Printing Communications Assoc., Inc. (PCAUSA))
S3 psdrv3; C:\Windows\System32\Drivers\psdrv3.sys [24472 2012-05-24] (Prime Sense Ltd.)
S3 Razerlow; C:\Windows\System32\drivers\Razerlow.sys [21120 2005-11-07] (Razer (Asia-Pacific) Pte Ltd)
R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-05-31] (SteelSeries Corporation)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation)
S3 uisp; C:\Windows\System32\Drivers\usbicp.sys [20480 2010-08-24] (Motorola)
S3 VaneFltr; C:\Windows\System32\drivers\Lachesis.sys [29952 2009-10-16] (Razer (Asia-Pacific) Pte Ltd)
S3 aswVmm; \??\C:\Users\3dev\AppData\Local\Temp\aswVmm.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz130; \??\C:\Users\3dev\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-28 08:17 - 2014-10-28 08:17 - 00000000 ____D () C:\FRST
2014-10-28 08:15 - 2014-10-28 08:17 - 00000000 ____D () C:\Users\3dev\Desktop\malware tools
2014-10-27 23:38 - 2014-10-27 23:38 - 00688992 ____R (Swearware) C:\Users\3dev\Downloads\dds (1).com
2014-10-27 03:24 - 2014-10-27 03:32 - 00000000 ____D () C:\Users\3dev\Documents\Heroes of the Storm
2014-10-26 23:55 - 2014-10-26 23:55 - 00002402 _____ () C:\Users\Public\Desktop\FINAL FANTASY XIV - A Realm Reborn.lnk
2014-10-26 23:55 - 2014-10-26 23:55 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-26 23:55 - 2014-10-26 23:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX
2014-10-26 23:55 - 2014-10-26 23:55 - 00000000 ____D () C:\Program Files (x86)\SquareEnix
2014-10-26 23:54 - 2014-10-26 23:54 - 112206656 _____ (SQUARE ENIX CO., LTD.) C:\Users\3dev\Downloads\ffxivsetup_ft.exe
2014-10-26 17:48 - 2014-10-26 17:48 - 00002204 _____ () C:\Users\3dev\Desktop\MapleStory.lnk
2014-10-26 17:18 - 2014-10-28 06:31 - 00000000 ____D () C:\Users\3dev\AppData\Local\NexonLauncher
2014-10-26 17:18 - 2014-10-26 17:48 - 00000000 ____D () C:\Users\3dev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon
2014-10-26 17:18 - 2014-10-26 17:19 - 00000000 ____D () C:\Users\3dev\AppData\Roaming\NexonLauncher
2014-10-26 17:18 - 2014-10-26 17:18 - 00002079 _____ () C:\Users\3dev\Desktop\Nexon Launcher.lnk
2014-10-26 17:18 - 2014-10-26 17:18 - 00000000 ____D () C:\Program Files (x86)\Nexon
2014-10-26 17:17 - 2014-10-26 17:18 - 10117512 _____ () C:\Users\3dev\Downloads\NexonLauncherSetup.exe
2014-10-26 16:54 - 2014-10-26 16:54 - 00000000 ____D () C:\Users\3dev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drakensang Online
2014-10-26 16:54 - 2014-10-26 16:54 - 00000000 ____D () C:\Program Files (x86)\Drakensang Online
2014-10-26 16:53 - 2014-10-26 16:54 - 19902888 _____ () C:\Users\3dev\Downloads\DrakensangOnlineSetup.exe
2014-10-24 19:23 - 2014-10-24 20:47 - 01684416 _____ () C:\Users\3dev\Documents\SelfIntersectionPipeTest.3dm
2014-10-24 19:23 - 2014-10-24 20:46 - 01654563 _____ () C:\Users\3dev\Documents\SelfIntersectionPipeTest.3dmbak
2014-10-24 17:21 - 2014-10-24 17:21 - 06931928 _____ () C:\Users\3dev\Downloads\new knot.3dm
2014-10-23 04:06 - 2014-10-16 05:27 - 00614544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-10-23 04:05 - 2014-10-16 09:54 - 31890064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-10-23 04:05 - 2014-10-16 09:54 - 24555840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-10-23 04:05 - 2014-10-16 09:54 - 20922696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-10-23 04:05 - 2014-10-16 09:54 - 17260864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-10-23 04:05 - 2014-10-16 09:54 - 14029400 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-10-23 04:05 - 2014-10-16 09:54 - 13942368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-10-23 04:05 - 2014-10-16 09:54 - 13190288 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-10-23 04:05 - 2014-10-16 09:54 - 11395672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-10-23 04:05 - 2014-10-16 09:54 - 11333848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-10-23 04:05 - 2014-10-16 09:54 - 04289856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-10-23 04:05 - 2014-10-16 09:54 - 04009672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-10-23 04:05 - 2014-10-16 09:54 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434448.dll
2014-10-23 04:05 - 2014-10-16 09:54 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434448.dll
2014-10-23 04:05 - 2014-10-16 09:54 - 00962376 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-10-23 04:05 - 2014-10-16 09:54 - 00931984 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-10-23 04:05 - 2014-10-16 09:54 - 00921928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-10-23 04:05 - 2014-10-16 09:54 - 00895176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-10-23 04:05 - 2014-10-16 09:54 - 00870112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-10-23 04:05 - 2014-10-16 09:54 - 00500880 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-10-23 04:05 - 2014-10-16 09:54 - 00418112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-10-23 04:05 - 2014-10-16 09:54 - 00392008 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-10-23 04:05 - 2014-10-16 09:54 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-10-23 04:05 - 2014-10-16 09:54 - 00348488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-10-23 04:05 - 2014-10-16 09:54 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-10-23 04:05 - 2014-10-16 09:54 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-10-23 04:05 - 2014-10-16 09:54 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-10-22 19:12 - 2014-10-22 19:12 - 00018345 _____ () C:\Users\3dev\Documents\Attach.txt
2014-10-22 19:01 - 2014-10-27 23:40 - 00028362 _____ () C:\Users\3dev\Desktop\dds.txt
2014-10-22 19:01 - 2014-10-27 23:40 - 00018761 _____ () C:\Users\3dev\Desktop\attach.txt
2014-10-22 18:59 - 2014-10-22 18:59 - 00688992 ____R (Swearware) C:\Users\3dev\Downloads\dds.com
2014-10-22 18:46 - 2014-10-22 18:46 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\3dev\Downloads\rkill64.exe
2014-10-22 18:45 - 2014-10-22 18:46 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\3dev\Downloads\rkill.exe
2014-10-22 12:26 - 2014-10-22 12:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-22 12:18 - 2014-10-22 12:18 - 02347384 _____ (ESET) C:\Users\3dev\Downloads\esetsmartinstaller_enu (1).exe
2014-10-22 12:04 - 2014-10-26 15:30 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-22 12:04 - 2014-10-22 12:04 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-22 11:38 - 2014-10-27 04:40 - 00020424 _____ () C:\Users\3dev\Documents\clickerHeroSave.txt
2014-10-22 11:21 - 2014-10-22 11:21 - 02347384 _____ (ESET) C:\Users\3dev\Downloads\esetsmartinstaller_enu.exe
2014-10-22 11:18 - 2014-10-22 11:18 - 19114072 _____ () C:\Users\3dev\Downloads\RogueKillerX64.exe
2014-10-22 10:44 - 2014-10-22 10:45 - 00019624 _____ () C:\Users\3dev\Documents\clickerHeroSave10_22.txt
2014-10-22 10:44 - 2014-10-22 10:44 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\3dev\Downloads\tdsskiller.exe
2014-10-22 10:31 - 2014-10-22 18:49 - 00002122 _____ () C:\Users\3dev\Desktop\Rkill.txt
2014-10-21 19:39 - 2014-10-21 19:39 - 00001048 _____ () C:\DelFix.txt
2014-10-21 19:07 - 2014-10-22 10:43 - 00000000 ____D () C:\Users\3dev\Downloads\MalwareRemovalTools
2014-10-21 18:55 - 2014-10-21 18:55 - 00018696 _____ () C:\Users\3dev\Documents\clickerHeroSave10_21.txt
2014-10-20 20:25 - 2014-10-20 20:25 - 00002172 _____ () C:\Users\3dev\Desktop\Autodesk 123D Catch.lnk
2014-10-20 20:22 - 2014-10-20 20:22 - 93683712 _____ () C:\Users\3dev\Downloads\123DCatch.msi
2014-10-20 18:47 - 2014-10-20 18:47 - 00000000 ____D () C:\Users\3dev\.swt
2014-10-20 18:43 - 2014-10-20 18:43 - 00004200 _____ () C:\Users\3dev\AppData\Localtransition_695d023943ae953cd599497f44e981eb.ini
2014-10-20 18:43 - 2014-10-20 18:43 - 00000000 ____D () C:\Users\3dev\AppData\Local\Ankama
2014-10-20 16:52 - 2014-10-20 18:20 - 00019384 _____ () C:\Users\3dev\Documents\clickerHeroSaveTwo_10_20.txt
2014-10-20 10:44 - 2014-10-20 11:14 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-20 06:31 - 2014-10-20 06:50 - 00000000 ____D () C:\Windows\erdnt
2014-10-19 22:30 - 2014-10-19 23:44 - 00019104 _____ () C:\Users\3dev\Documents\clickerHeroSave10_20.txt
2014-10-19 21:44 - 2014-10-19 21:44 - 00001578 _____ () C:\Windows\system32\.crusader
2014-10-19 20:47 - 2014-10-19 21:44 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-10-19 20:18 - 2014-10-19 20:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-19 20:15 - 2014-10-19 20:15 - 00000000 ____D () C:\Windows\ERUNT
2014-10-19 17:20 - 2014-10-20 19:36 - 00000000 ____D () C:\Users\3dev\AppData\Roaming\vlc
2014-10-19 17:19 - 2014-10-19 17:19 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-10-19 17:18 - 2014-10-19 17:18 - 24743106 _____ () C:\Users\3dev\Downloads\vlc-2.1.5-win32.exe
2014-10-19 17:08 - 2014-10-19 17:08 - 00262232 _____ () C:\Users\3dev\Downloads\GoogleUpdate.adm
2014-10-19 17:05 - 2014-10-19 17:05 - 00015424 _____ () C:\Users\3dev\Documents\clickerHeroSave10_19.txt
2014-10-19 14:03 - 2014-10-19 14:04 - 00019440 _____ () C:\Users\3dev\Documents\clickerHeroSavez.txt
2014-10-19 13:47 - 2014-10-21 20:00 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-19 13:25 - 2014-10-19 13:25 - 00000000 ____D () C:\Users\3dev\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
2014-10-19 13:25 - 2014-10-19 13:25 - 00000000 ____D () C:\Users\3dev\AppData\Roaming\com.adobe.WidgetBrowser
2014-10-18 12:47 - 2014-10-18 12:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-10-18 05:22 - 2014-10-18 05:22 - 00001106 _____ () C:\Users\Public\Desktop\GS Auto Clicker.lnk
2014-10-18 05:22 - 2014-10-18 05:22 - 00000000 ____D () C:\Users\3dev\Documents\AutomaticSolution Software
2014-10-18 05:22 - 2014-10-18 05:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GS Auto Clicker
2014-10-18 05:22 - 2014-10-18 05:22 - 00000000 ____D () C:\Program Files (x86)\GSAutoClicker3
2014-10-18 05:21 - 2014-10-18 05:21 - 00893648 _____ (goldensoft.org ) C:\Users\3dev\Downloads\GSAutoClicker-Setup.exe
2014-10-18 04:41 - 2014-10-25 04:44 - 00000000 ____D () C:\ProgramData\Windows VXM
2014-10-18 04:41 - 2014-10-20 11:28 - 00000000 ____D () C:\Program Files (x86)\Windows Network Accelerater
2014-10-18 04:40 - 2014-10-20 06:27 - 00000000 ____D () C:\ProgramData\Optimizer
2014-10-18 04:37 - 2014-10-18 04:48 - 00000000 ____D () C:\ProgramData\nWeJiZ
2014-10-15 13:52 - 2014-10-09 19:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 13:52 - 2014-10-09 19:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 13:52 - 2014-10-09 19:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 13:52 - 2014-10-06 19:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 13:52 - 2014-10-06 19:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 13:52 - 2014-09-28 17:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 13:52 - 2014-09-25 15:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 13:52 - 2014-09-25 15:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 13:52 - 2014-09-25 15:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 13:52 - 2014-09-25 15:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 13:52 - 2014-09-25 15:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 13:52 - 2014-09-25 15:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 13:52 - 2014-09-25 15:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 13:52 - 2014-09-18 19:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 13:52 - 2014-09-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 13:52 - 2014-09-18 18:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 13:52 - 2014-09-18 18:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 13:52 - 2014-09-18 18:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 13:52 - 2014-09-18 18:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 13:52 - 2014-09-18 18:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 13:52 - 2014-09-18 18:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 13:52 - 2014-09-18 18:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 13:52 - 2014-09-18 18:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 13:52 - 2014-09-18 18:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 13:52 - 2014-09-18 18:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 13:52 - 2014-09-18 18:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 13:52 - 2014-09-18 18:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 13:52 - 2014-09-18 18:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 13:52 - 2014-09-18 18:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 13:52 - 2014-09-18 18:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 13:52 - 2014-09-18 18:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 13:52 - 2014-09-18 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 13:52 - 2014-09-18 18:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 13:52 - 2014-09-18 18:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 13:52 - 2014-09-18 18:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 13:52 - 2014-09-18 18:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 13:52 - 2014-09-18 18:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 13:52 - 2014-09-18 18:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 13:52 - 2014-09-18 18:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 13:52 - 2014-09-18 17:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 13:52 - 2014-09-18 17:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 13:52 - 2014-09-18 17:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 13:52 - 2014-09-18 17:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 13:52 - 2014-09-18 17:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 13:52 - 2014-09-18 17:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 13:52 - 2014-09-18 17:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 13:52 - 2014-09-18 17:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 13:52 - 2014-09-18 17:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 13:52 - 2014-09-18 17:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 13:52 - 2014-09-18 17:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 13:52 - 2014-09-18 17:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 13:52 - 2014-09-18 17:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 13:52 - 2014-09-18 17:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 13:52 - 2014-09-18 17:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 13:52 - 2014-09-18 17:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 13:52 - 2014-09-18 17:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 13:52 - 2014-09-18 16:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 13:52 - 2014-09-18 16:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 13:52 - 2014-09-18 16:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 13:52 - 2014-09-18 16:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 13:52 - 2014-06-18 15:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 13:52 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 13:52 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 13:52 - 2014-06-18 15:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 13:52 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 13:52 - 2014-06-18 15:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 13:51 - 2014-09-17 19:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 13:51 - 2014-09-17 18:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 13:51 - 2014-09-12 18:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 13:51 - 2014-09-12 18:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 13:51 - 2014-09-04 19:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 13:51 - 2014-09-04 18:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 13:51 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 13:51 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 13:51 - 2014-08-28 19:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 13:51 - 2014-07-16 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 13:51 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 13:51 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 13:51 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 13:51 - 2014-07-16 19:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 13:51 - 2014-07-16 19:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 13:51 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 13:51 - 2014-07-16 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 13:51 - 2014-07-16 18:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 13:51 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 13:51 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-02 15:53 - 2014-10-02 15:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-01 17:23 - 2014-10-01 17:23 - 00006633 _____ () C:\Users\3dev\AppData\Local\recently-used.xbel
2014-09-30 13:22 - 2014-09-24 19:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 13:22 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-28 16:26 - 2014-09-28 16:26 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-28 16:26 - 2014-09-28 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-28 08:11 - 2013-08-21 15:34 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-28 07:51 - 2012-08-05 08:24 - 00000000 ____D () C:\Users\3dev\AppData\Roaming\Skype
2014-10-28 06:46 - 2012-08-05 06:11 - 01653678 _____ () C:\Windows\WindowsUpdate.log
2014-10-28 02:52 - 2009-07-13 21:45 - 00023568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-28 02:52 - 2009-07-13 21:45 - 00023568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-28 02:43 - 2013-08-21 15:34 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-28 02:43 - 2012-08-05 12:04 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-28 02:43 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-28 02:43 - 2009-07-13 21:51 - 00124108 _____ () C:\Windows\setupact.log
2014-10-28 02:43 - 2009-07-13 21:45 - 04963480 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-28 02:42 - 2012-08-24 19:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-28 02:42 - 2012-08-05 11:35 - 00375194 _____ () C:\Windows\PFRO.log
2014-10-28 02:36 - 2014-01-16 13:11 - 00000000 ____D () C:\Users\3dev\AppData\Local\Battle.net
2014-10-28 01:10 - 2014-05-29 23:07 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
2014-10-27 03:27 - 2012-08-05 06:31 - 00000000 ____D () C:\Users\3dev
2014-10-27 03:24 - 2014-09-17 14:36 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-10-27 03:24 - 2014-03-09 02:16 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-10-27 03:23 - 2014-01-16 13:11 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-10-27 03:17 - 2012-08-10 16:03 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-27 03:04 - 2013-12-22 22:59 - 00000000 ____D () C:\Users\3dev\AppData\Roaming\Guild Wars 2
2014-10-27 03:04 - 2012-08-30 17:17 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2014-10-26 23:54 - 2012-09-22 17:43 - 00000000 ____D () C:\Users\3dev\Documents\My Games
2014-10-26 17:19 - 2013-06-26 00:39 - 00000000 ____D () C:\Nexon
2014-10-24 19:48 - 2013-06-27 12:38 - 00000000 ____D () C:\Users\3dev\Documents\Abstraction
2014-10-24 17:21 - 2013-10-18 13:46 - 00000500 _____ () C:\Windows\SysWOW64\Drivers\iczgzv_586.set
2014-10-24 17:21 - 2013-10-18 13:46 - 00000500 _____ () C:\Windows\SysWOW64\Drivers\deqordi262.dat
2014-10-24 17:21 - 2013-10-18 13:46 - 00000500 _____ () C:\Windows\d_kenkpm229.ini
2014-10-24 17:04 - 2012-08-05 08:21 - 00059000 _____ () C:\Users\3dev\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-24 15:59 - 2009-07-13 22:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-23 22:48 - 2013-09-29 10:52 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-23 22:48 - 2013-01-06 18:17 - 00000000 ____D () C:\Users\3dev\AppData\Local\My Games
2014-10-23 04:07 - 2012-11-20 05:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-10-23 04:07 - 2012-08-05 07:36 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-10-22 19:58 - 2012-08-06 16:34 - 00007606 _____ () C:\Users\3dev\AppData\Local\Resmon.ResmonCfg
2014-10-22 10:07 - 2012-08-09 11:25 - 00000000 ___RD () C:\Users\3dev\Dropbox
2014-10-22 10:06 - 2012-08-09 11:23 - 00000000 ____D () C:\Users\3dev\AppData\Roaming\Dropbox
2014-10-21 20:10 - 2012-12-22 12:26 - 00000000 ____D () C:\ProgramData\Apple
2014-10-21 20:06 - 2012-08-07 08:32 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-21 20:05 - 2012-08-14 10:32 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-10-21 20:05 - 2012-08-06 16:20 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-21 20:05 - 2012-08-05 07:32 - 00000000 ____D () C:\Users\3dev\AppData\Roaming\Adobe
2014-10-21 02:00 - 2012-08-06 16:18 - 00000000 ____D () C:\Users\3dev\AppData\Local\Adobe
2014-10-20 20:25 - 2012-10-10 15:13 - 00000000 ____D () C:\Users\3dev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk
2014-10-20 20:25 - 2012-08-10 16:22 - 00000000 ____D () C:\Users\3dev\AppData\Roaming\Autodesk
2014-10-20 20:24 - 2012-08-10 16:39 - 00000000 ____D () C:\Program Files (x86)\Autodesk
2014-10-20 18:47 - 2013-05-19 20:50 - 00000000 ____D () C:\Users\3dev\AppData\Roaming\Mozilla
2014-10-20 15:17 - 2014-05-07 04:28 - 00000000 ____D () C:\Windows\pss
2014-10-20 06:52 - 2012-08-05 08:31 - 00000000 ____D () C:\Users\3dev\AppData\Local\Apps\2.0
2014-10-20 06:52 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2014-10-20 06:49 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-20 05:47 - 2012-08-05 08:31 - 00000000 ____D () C:\Users\3dev\AppData\Local\Deployment
2014-10-19 20:44 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Speech
2014-10-19 20:27 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Branding
2014-10-19 19:19 - 2012-08-23 02:20 - 00000000 ____D () C:\Program Files\WinRAR
2014-10-19 19:18 - 2012-10-02 14:52 - 00000000 ____D () C:\Users\3dev\AppData\Roaming\SoftGrid Client
2014-10-19 17:19 - 2013-07-13 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-10-19 17:15 - 2014-09-26 14:25 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-19 17:06 - 2013-08-21 15:34 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 17:06 - 2013-08-21 15:34 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-19 13:44 - 2013-09-29 23:48 - 00000000 ____D () C:\Users\3dev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-19 13:44 - 2013-09-29 23:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-19 13:42 - 2013-04-18 13:37 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-18 22:40 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-10-18 13:06 - 2014-05-07 01:14 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-18 12:48 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-18 12:47 - 2013-08-15 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-18 12:43 - 2012-08-05 12:22 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-18 04:46 - 2014-02-06 15:13 - 00000000 ____D () C:\Users\3dev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2014-10-18 04:46 - 2014-02-06 14:07 - 00000000 ____D () C:\AeriaGames
2014-10-16 09:54 - 2014-09-20 13:46 - 18499648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-10-16 09:54 - 2014-05-26 18:24 - 19966856 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-10-16 09:54 - 2013-08-03 14:03 - 00072904 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-10-16 09:54 - 2013-08-03 14:03 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-10-16 09:54 - 2013-08-03 13:53 - 20968040 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-10-16 09:54 - 2013-08-03 13:53 - 16886168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-10-16 09:54 - 2013-08-03 13:53 - 03237528 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-10-16 09:54 - 2013-08-03 13:53 - 02849224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-10-16 09:54 - 2013-08-03 13:53 - 00987008 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-10-16 09:54 - 2013-08-03 13:53 - 00027024 _____ () C:\Windows\system32\nvinfo.pb
2014-10-16 07:11 - 2014-04-18 13:43 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-10-16 07:11 - 2013-08-03 14:04 - 06883136 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-10-16 07:11 - 2013-08-03 14:04 - 03533632 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-10-16 07:11 - 2013-08-03 14:04 - 00933064 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-10-16 07:11 - 2013-08-03 14:04 - 00384200 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-10-16 07:11 - 2013-08-03 14:04 - 00061640 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-10-15 09:22 - 2013-05-19 20:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-14 17:48 - 2013-08-03 14:04 - 04047877 _____ () C:\Windows\system32\nvcoproc.bin
2014-10-08 19:07 - 2014-09-24 16:10 - 00000000 ____D () C:\Users\3dev\AppData\Roaming\Mumble
2014-10-03 23:42 - 2014-08-10 21:09 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-10-03 23:42 - 2014-04-20 23:28 - 02197680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-10-03 23:41 - 2014-08-10 21:09 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-10-03 23:41 - 2014-04-20 23:28 - 02800296 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-10-02 15:53 - 2012-08-05 07:29 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-01 17:36 - 2014-04-25 03:13 - 00000000 ____D () C:\Users\3dev\.gimp-2.8
2014-10-01 17:23 - 2014-04-25 03:16 - 00000000 ____D () C:\Users\3dev\AppData\Local\gtk-2.0
2014-09-28 16:26 - 2012-08-05 08:24 - 00000000 ____D () C:\ProgramData\Skype
2014-09-28 08:10 - 2012-08-05 08:31 - 00000000 ____D () C:\Users\3dev\AppData\Local\Google
2014-09-28 01:03 - 2012-08-12 16:02 - 00000000 ____D () C:\Users\3dev\AppData\Roaming\Spotify
 
Some content of TEMP:
====================
C:\Users\3dev\AppData\Local\Temp\dllnt_dump.dll
C:\Users\3dev\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpalo3t_.dll
C:\Users\3dev\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\3dev\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\3dev\AppData\Local\Temp\nvStInst.exe
C:\Users\3dev\AppData\Local\Temp\RhinoScript.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-26 08:30
 
==================== End Of Log ============================


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:12 PM

Posted 28 October 2014 - 12:56 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: SofteCoup -> {135691C8-9994-FDBF-0C4A-456F706AADD6} -> C:\ProgramData\SofteCoup\4ni.x64.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\internal-nacl-plugin No File
CHR HKCU\...\Chrome\Extension: [blklojfklgnogjaijkibhfjepakiocng] - C:\Users\3dev\AppData\Local\CRE\blklojfklgnogjaijkibhfjepakiocng.crx [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [blklojfklgnogjaijkibhfjepakiocng] - C:\Users\3dev\AppData\Local\CRE\blklojfklgnogjaijkibhfjepakiocng.crx [2013-08-21]
S4 YouTubeDownload; C:\Program Files (x86)\YouTube Downloader Services\youtubeserv.exe [X]
S3 aswVmm; \??\C:\Users\3dev\AppData\Local\Temp\aswVmm.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz130; \??\C:\Users\3dev\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#7 ZulaZ

ZulaZ
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 28 October 2014 - 02:35 PM

Nasdaq,

 

The computer has been feeling a little more like its old self, but every now and again I see an odd little glitch which normally would not happen. Like a full screen video stopping its video(but the stream is still running and if you exit fullscreen you can see that it is running in the browser. Or two nights ago the desktop did a full refresh on its own, with no error report. and in general the HDD seems to be running more than it should. Its a pretty powerful computer with good internet, so its kind of hard to really notice if it is thinking about something or not, I had to do some work this weekend on it and was able to complete all task is roughly a normal amount of time. I do feel like it is just running a little slower than normal so I think something is running in the background, but it could be paranoia(around 5 years ago I had a very tough infection which took weeks to remove and still gives me nightmares). Actually after the FRST reboot I ran the security check, it just completed and the HDD is quite for the first time in awhile.

 

Edit:

that YouTubeDownloader service is one of the things which keeps reappearing along with the conduit type virus.

 

Security Check Log(because it was short):

 Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 JavaFX 2.1.1    
 Java 7 Update 60  
 Java version out of Date!
 Adobe Reader XI  
 Mozilla Firefox 31.0 Firefox out of Date!
 Google Chrome 37.0.2062.124  
 Google Chrome 38.0.2125.104  
````````Process Check: objlist.exe by Laurent````````
 Alwil Software Avast5 AvastSvc.exe  
 Alwil Software Avast5 afwServ.exe  
 Alwil Software Avast5 AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log``````````````````````
 
 
FRST Fixlog.txt :
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-10-2014 01
Ran by 3dev at 2014-10-28 12:08:28 Run:1
Running from C:\Users\3dev\Desktop\malware tools
Loaded Profile: 3dev (Available profiles: 3dev)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: SofteCoup -> {135691C8-9994-FDBF-0C4A-456F706AADD6} -> C:\ProgramData\SofteCoup\4ni.x64.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\internal-nacl-plugin No File
CHR HKCU\...\Chrome\Extension: [blklojfklgnogjaijkibhfjepakiocng] - C:\Users\3dev\AppData\Local\CRE\blklojfklgnogjaijkibhfjepakiocng.crx [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [blklojfklgnogjaijkibhfjepakiocng] - C:\Users\3dev\AppData\Local\CRE\blklojfklgnogjaijkibhfjepakiocng.crx [2013-08-21]
S4 YouTubeDownload; C:\Program Files (x86)\YouTube Downloader Services\youtubeserv.exe [X]
S3 aswVmm; \??\C:\Users\3dev\AppData\Local\Temp\aswVmm.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz130; \??\C:\Users\3dev\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
 
End
*****************
 
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{135691C8-9994-FDBF-0C4A-456F706AADD6}" => Key deleted successfully.
"HKCR\CLSID\{135691C8-9994-FDBF-0C4A-456F706AADD6}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
"HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
"HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\internal-nacl-plugin No File not found.
"HKCU\SOFTWARE\Google\Chrome\Extensions\blklojfklgnogjaijkibhfjepakiocng" => Key deleted successfully.
"C:\Users\3dev\AppData\Local\CRE\blklojfklgnogjaijkibhfjepakiocng.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\blklojfklgnogjaijkibhfjepakiocng" => Key deleted successfully.
"C:\Users\3dev\AppData\Local\CRE\blklojfklgnogjaijkibhfjepakiocng.crx" => File/Directory not found.
YouTubeDownload => Service deleted successfully.
aswVmm => Error deleting Service
catchme => Service deleted successfully.
cpuz130 => Service deleted successfully.
EagleX64 => Service deleted successfully.
hxsyol => Service deleted successfully.
MBAMSwissArmy => Service deleted successfully.
 
==== End of Fixlog ====

Edited by ZulaZ, 28 October 2014 - 02:38 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:12 PM

Posted 29 October 2014 - 07:59 AM

Reset all you Browsers.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Internet Explorer:
Menu > Tools > Internet Options > General Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

If the problem persists execute this.

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Keep me posted.

#9 ZulaZ

ZulaZ
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 29 October 2014 - 10:09 AM

Nasdaq,

 

I reset all three browsers and ran roguekiller as you requested. it popped up a informational page about userland rootkits IAT hooks. I had ran roguekiller on my own and those IAT things were not there previously.

 

edit:

I believe the suspicious path (AdAppMgr.exe) it lists at the top of log is legit software.

Also I just had a window popup:

"Adobe Flash Player Plugs is out of date,some functions of it may not function normally,we strongly recommend you update it to latest version!"

 

edit2:

sorry for the edits, windows says the popup is an application called vxmclient, and if I right click on it, it gives a custom menu drop down so I'm pretty sure its not real whatever it is.

 

 

I don't believe I have flash player installed right now, I think I'm going to just ignore it until you update me on an action. I have a screen grab of it but I'm not sure I should be posting files

 

LOG:

 

RogueKiller V10.0.4.0 (x64) [Oct 29 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : 3dev [Administrator]
Mode : Delete -- Date : 10/29/2014  08:03:50
 
¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] AdAppMgr.exe -- C:\Users\3dev\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[7] -> Killed [TermProc]
 
¤¤¤ Registry : 19 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswVmm (\??\C:\Users\3dev\AppData\Local\Temp\aswVmm.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswVmm (\??\C:\Users\3dev\AppData\Local\Temp\aswVmm.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aswVmm (\??\C:\Users\3dev\AppData\Local\Temp\aswVmm.sys) -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-325537884-1032957931-1083098233-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-325537884-1032957931-1083098233-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 100 (Driver: Loaded) ¤¤¤
[IAT:Inl] (explorer.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x76fc01f0 (jmp 0x15d850)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x76fc03b0 (jmp 0x15ed60)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x76fc0390 (jmp 0x15ed20)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x76fc02d0 (jmp 0x15eba0)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x76fc0490 (jmp 0x15e300)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x76fc03e0 (jmp 0x15ee70)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x76fc02e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtAssignProcessToJobObject : Unknown @ 0x76fc03a0 (jmp 0x15e870)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtSetContextThread : Unknown @ 0x76fc0400 (jmp 0x15dc20)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtCreateSection : Unknown @ 0x76fc0310 (jmp 0x15ebc0)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x76fc0370 (jmp 0x15ee60)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x76fc01f0 (jmp 0x15d850)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtNotifyChangeMultipleKeys : Unknown @ 0x76fc04a0 (jmp 0x15e300)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x76fc0450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateIoCompletion : Unknown @ 0x76fc0350 (jmp 0x15e730)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x76fc02d0 (jmp 0x15eba0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x76fc0390 (jmp 0x15ed20)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtQueryObject : Unknown @ 0x76fc0450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateSection : Unknown @ 0x76fc0310 (jmp 0x15ebc0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenSection : Unknown @ 0x76fc0320 (jmp 0x15ed00)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x76fc03b0 (jmp 0x15ed60)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x76fc0370 (jmp 0x15ee60)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x76fc03e0 (jmp 0x15ee70)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x76fc02e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateSemaphore : Unknown @ 0x76fc02b0 (jmp 0x15e5a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenSemaphore : Unknown @ 0x76fc02c0 (jmp 0x15e030)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateMutant : Unknown @ 0x76fc0290 (jmp 0x15e610)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenMutant : Unknown @ 0x76fc02a0 (jmp 0x15e060)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateTimer : Unknown @ 0x76fc0330 (jmp 0x15e5f0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenTimer : Unknown @ 0x76fc0340 (jmp 0x15e070)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateThreadEx : Unknown @ 0x76fc03d0 (jmp 0x15e6a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateThread : Unknown @ 0x76fc03f0 (jmp 0x15ec10)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenThread : Unknown @ 0x76fc0380 (jmp 0x15e0c0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtSuspendThread : Unknown @ 0x76fc0430 (jmp 0x15d9a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x76fc0490 (jmp 0x15e300)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtTerminateThread : Unknown @ 0x76fc03f0 (jmp 0x15ec10)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x76fc02d0 (jmp 0x15eba0)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x76fc0390 (jmp 0x15ed20)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x76fc01f0 (jmp 0x15d850)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x76fc0450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ sechost.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x76fc03e0 (jmp 0x15ee70)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x76fc0480 (jmp 0x15e980)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtCreateSection : Unknown @ 0x76fc0310 (jmp 0x15ebc0)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtQueueApcThreadEx : Unknown @ 0x76fc0440 (jmp 0x15de80)
[IAT:Inl] (explorer.exe @ GDI32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x76fc0280 (jmp 0x15d700)
[IAT:Inl] (explorer.exe @ GDI32.dll) ntdll.dll - NtCreateSection : Unknown @ 0x76fc0310 (jmp 0x15ebc0)
[IAT:Inl] (explorer.exe @ USER32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x76fc0280 (jmp 0x15d700)
[IAT:Inl] (explorer.exe @ SHELL32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x76fc0450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x76fc03e0 (jmp 0x15ee70)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x76fc0450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ MSCTF.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x76fc0480 (jmp 0x15e980)
[IAT:Inl] (explorer.exe @ UxTheme.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x76fc02e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ SETUPAPI.dll) ntdll.dll - NtQueryObject : Unknown @ 0x76fc0450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ dwmapi.dll) ntdll.dll - NtCreateSection : Unknown @ 0x76fc0310 (jmp 0x15ebc0)
[IAT:Inl] (explorer.exe @ Secur32.dll) ntdll.dll - NtOpenSection : Unknown @ 0x76fc0320 (jmp 0x15ed00)
[IAT:Inl] (explorer.exe @ SSPICLI.DLL) ntdll.dll - NtDuplicateObject : Unknown @ 0x76fc0390 (jmp 0x15ed20)
[IAT:Inl] (explorer.exe @ SSPICLI.DLL) ntdll.dll - NtOpenEvent : Unknown @ 0x76fc02e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ WINSTA.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x76fc0370 (jmp 0x15ee60)
[IAT:Inl] (explorer.exe @ WINSTA.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x76fc03e0 (jmp 0x15ee70)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtCreateSection : Unknown @ 0x76fc0310 (jmp 0x15ebc0)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtQueryObject : Unknown @ 0x76fc0450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ CLBCatQ.DLL) ntdll.dll - NtOpenEvent : Unknown @ 0x76fc02e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ dbghelp.dll) ntdll.dll - NtQueryObject : Unknown @ 0x76fc0450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenTimer : Unknown @ 0x76fc0340 (jmp 0x15e070)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenThread : Unknown @ 0x76fc0380 (jmp 0x15e0c0)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenSemaphore : Unknown @ 0x76fc02c0 (jmp 0x15e030)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenSection : Unknown @ 0x76fc0320 (jmp 0x15ed00)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x76fc0370 (jmp 0x15ee60)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenMutant : Unknown @ 0x76fc02a0 (jmp 0x15e060)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenEventPair : Unknown @ 0x76fc0300 (jmp 0x15e130)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x76fc02e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtQueryObject : Unknown @ 0x76fc0450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ gameux.dll) ntdll.dll - NtCreateSection : Unknown @ 0x76fc0310 (jmp 0x15ebc0)
[IAT:Inl] (explorer.exe @ CRYPT32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x76fc0450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ wer.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x76fc02e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ wer.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x76fc0480 (jmp 0x15e980)
[IAT:Inl] (explorer.exe @ tiptsf.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x76fc0480 (jmp 0x15e980)
[IAT:Inl] (explorer.exe @ authui.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x76fc0370 (jmp 0x15ee60)
[IAT:Inl] (explorer.exe @ authui.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x76fc01f0 (jmp 0x15d850)
[IAT:Inl] (explorer.exe @ es.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x76fc02e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ AUDIOSES.DLL) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x76fc0480 (jmp 0x15e980)
[IAT:Inl] (explorer.exe @ NSI.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x76fc03e0 (jmp 0x15ee70)
[IAT:Inl] (explorer.exe @ CSCAPI.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x76fc02d0 (jmp 0x15eba0)
[IAT:Inl] (explorer.exe @ WS2_32.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x76fc01e0 (jmp 0x15e140)
[IAT:Inl] (explorer.exe @ WINMM.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x76fc02d0 (jmp 0x15eba0)
[IAT:Inl] (explorer.exe @ WINMM.dll) ntdll.dll - NtCreateTimer : Unknown @ 0x76fc0330 (jmp 0x15e5f0)
[IAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x76fc02e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x76fc0480 (jmp 0x15e980)
[IAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x76fc02d0 (jmp 0x15eba0)
[IAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x76fc03e0 (jmp 0x15ee70)
[IAT:Inl] (explorer.exe @ FirewallAPI.dll) ntdll.dll - NtQueryObject : Unknown @ 0x76fc0450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ mswsock.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x76fc01e0 (jmp 0x15e140)
[IAT:Inl] (explorer.exe @ mswsock.dll) ntdll.dll - NtCreateIoCompletion : Unknown @ 0x76fc0350 (jmp 0x15e730)
[IAT:Inl] (explorer.exe @ mswsock.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x76fc02d0 (jmp 0x15eba0)
[IAT:Inl] (explorer.exe @ wship6.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x76fc03e0 (jmp 0x15ee70)
[IAT:Inl] (explorer.exe @ wshtcpip.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x76fc03e0 (jmp 0x15ee70)
[IAT:Inl] (explorer.exe @ fwpuclnt.dll) ntdll.dll - NtQueryObject : Unknown @ 0x76fc0450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ ncrypt.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x76fc0370 (jmp 0x15ee60)
[IAT:Inl] (explorer.exe @ bcrypt.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x76fc03e0 (jmp 0x15ee70)
[IAT:Inl] (explorer.exe @ bcryptprimitives.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x76fc03e0 (jmp 0x15ee70)
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD2001FASS-00W2B0 ATA Device +++++
--- User ---
[MBR] f6a84d5b96d3951b1efe2f8e910e49dc
[BSP] 3c094271b0edc28598b3427dae0e60a5 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1026048 | Size: 6000 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 13314048 | Size: 1901227 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_SCN_10222014_120904.log - RKreport_SCN_10292014_080244.log

Edited by ZulaZ, 29 October 2014 - 10:24 AM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:12 PM

Posted 29 October 2014 - 01:20 PM

windows says the popup is an application called vxmclient, and if I right click on it, it gives a custom menu drop down so I'm pretty sure its not real whatever it is.

Can you relate to this?
http://www.herdprotect.com/vxmclient.exe-83580b56abab4184b9386e39d21bed241312ba31.aspx

===


Flash test site: look if you have the latest version.
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows

#11 ZulaZ

ZulaZ
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 29 October 2014 - 01:43 PM

my flash is up to date according to the test site.

 

I don't know what to look for on herprotect's page, but I believe that is the file which was running the message. I did kill the process because it was open for along time.

 

if I go to my list of installed programs the only adobe product I currently have installed is adobe reader. My flash plugin comes from chrome's built in flash plugin which is updated with chrome(always up to date). I don't have a service purposefully installed which would request to update adobe flash so it is definitely something malicious. I saw that same window when I first got infected and refused to interact with it then as well. I actually uninstalled all adobe products at that time so I could be certain that any update request was malicious.

 

I suspect it appeared in response to RogueKiller being ran but I don't know what it is. I've yet to be able to find a search phrase which results in a virus description which may be the primary cause of infection.

 

the file I download which I am certain was the actual cause however is

(downloaded from cnet)

http://free-mouse-auto-clicker.en.lo4d.com/virus-malware-tests

 

lo4D claims the file to scan clean, but has a comment that it does contain adware. tobad they don't say what it is.

 

 

 

It had good ratings so I figured it was safe, however another user did comment "thanks for the free virus" to bad I didn't notice that sooner. Is there someway to remotely scan that file for whatever is haunting me?


Edited by ZulaZ, 29 October 2014 - 03:44 PM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:12 PM

Posted 30 October 2014 - 08:32 AM

the file I download which I am certain was the actual cause however is
(downloaded from cnet)
http://free-mouse-auto-clicker.en.lo4d.com/virus-malware-tests

lo4D claims the file to scan clean, but has a comment that it does contain adware. tobad they don't say what it is.


Submit the .exe file associated with this virus malware test program to
https://www.virustotal.com/

See if any malware is identified.
===


Run the Online ESET Scanner.

Refer to this page.

http://www.eset.com/us/download/home/detail/family/2/?trl=ea&CMP=spc-online-scan-non#offline

Click the OffLine installer.

Follow the instructions on the page.

When the download is complete.

Disconnect the computer from the Internet, close all running programs and Security software.

Run the scanner.

====

Keep me posted.

#13 ZulaZ

ZulaZ
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 30 October 2014 - 08:59 AM

I went a head and redownloaded the file and sent it too virustotal.com

https://www.virustotal.com/en/file/9e9fdd0c0c87cb980bda774c2557c6c8ce79016bb82cabdf418c2cbfce34dbc0/analysis/

 

ESET-NOD32 Win32/InstallMonetizer.AF 20141030

I have to go into work for a few hours, I'll run eset while I'm out and maybe have my girlfriend post an update with the logs from it.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:12 PM

Posted 30 October 2014 - 09:24 AM


I went a head and redownloaded the file and sent it too virustotal.com
https://www.virustotal.com/en/file/9e9fdd0c0c87cb980bda774c2557c6c8ce79016bb82cabdf418c2cbfce34dbc0/analysis/
ESET-NOD32 Win32/InstallMonetizer.AF 20141030


What you have is a variant of this program.

http://www.herdprotect.com/freemouseautoclickersetup.exe-6049b25546e5493bd8a5cf4ccb44c9a095884d0e.aspx

===

Run the Eset scan.

I would keep the mouse click program only if I really needed it.

#15 ZulaZ

ZulaZ
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 30 October 2014 - 07:53 PM

wow ESET is a long scanning process. I asked it to scan on its highest setting, it came up with 6 possible infections, but they were all from the same file and I doubt any of them were an actual infection, it was an old winzip installer from a back up portion of the drive which contained some files from another computer. I don't think it has even been accessed in the last few years and nothing on it was ever installed on this machine.

 

do you want the log? it came up with nothing and it just seems to be a list of every zip file it couldn't access. the only thing on the log that seemed odd to me was this section. If it wasn't for that one rogue popup i would of thought the computer is clean, I'll await a next step

 

Edit:

on that thought I decided to use your virus total scan to check out vxmclient(is that suposed to be real software?). it turns out I have a vxmclient.exe and a winvxm installed twice on the computer. one in program files(x86) > windows network accelerater > v2 and on in the same address v3.

 

v3 scans:

https://www.virustotal.com/en/file/5a786366f12c6cf55becbd66d6f6a15c2b175eedb74325181d033a759ba2bda1/analysis/1414717273/

https://www.virustotal.com/en/file/5a786366f12c6cf55becbd66d6f6a15c2b175eedb74325181d033a759ba2bda1/analysis/1414717273/

 

v2 scans:

https://www.virustotal.com/en/file/228d4c5b65f9f27eb9c030df636912793c78da4aa82345036d5b6d76416d5563/analysis/1414717080/

https://www.virustotal.com/en/file/34df34bda07647150f992d098f2d93770b53d98f5b299a57960d4118eb72bde2/analysis/1414717034/

 

 

I also found in my program files alot of "windows" install folders. I honestly haven't looked at a program files directory in along time, is it normal for windows 7 to install features there?

 

windows defender

windows kits

windows mail

windows media player

windows network accelerater

windows NT

windows photo viewer

windows portable devices

windows sidebar

 

I don't know what any of this stuff is, I could be just conflating the things for you to think about, but it doesn't seem like a real service would be installed at this location.

 

Edit 2, This morning I noticed that I had two versions of csrss.exe running one 3.5megs and the other 13.5megs in size, I tried sending csrss.exe to virustotal and it claimed the file had no size(by dragging and dropping), so I went to chose file and tried to browser to the file location, but I can not find the file in the choose file browser. in explore I can see it organized alphabetically, but it is not listed in the open file window from virus total.

I was able to scan it by putting a copy in another folder though, the copy came up clean.

 

portion of crazy big ESET scan log:

Scanned disks, folders and files: Operating memory;Boot sector;C:\Boot sector;C:\;D:\Boot sector;D:\;H:\Boot sector;H:\;I:\Boot sector;I:\;J:\Boot sector;J:\;K:\Boot sector;K:\;Q:\Boot sector;Q:\
MBR sector of the 1. physical disk - error opening [4]
MBR sector of the 2. physical disk - error opening [4]
MBR sector of the 3. physical disk - error opening [4]
MBR sector of the 4. physical disk - error opening [4]
C::CCwMhANka647p8UirEPlG00 - error opening [4]
C::jLou4bK8jAhx7yfPMaggv2Q59 - error opening [4]
C::Jrf0ixIVNCPgI3SG - error opening [4]
C::stbzQF4VCdSNDCKejLMOPpIbXtzv - error opening [4]
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]

Edited by ZulaZ, 31 October 2014 - 05:27 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users