Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads & Pop-ups malware/virus


  • This topic is locked This topic is locked
3 replies to this topic

#1 defomas

defomas

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 08 January 2015 - 07:15 PM

Hi my name is tomas, i must have downloaded something wrong becaus i'am getting alot of ads & pop ups in my browsers that re obviously fake. (by speeditup)

I deleted the files with unistaller and did a adware scan and  avira scan but that didnt work otherwise i wouldnt be here begging for help.

i couldnt do a dds log because iam using windows 8.1 but i used RSIT

 

 

hope you guys can help me.

 

 

LOG.txt

 

Logfile of random's system information tool 1.10 (written by random/random)
Run by tomas at 2015-01-09 10:05:49
Microsoft Windows 8.1 Pro 
System drive C: has 85 GB (74%) free of 114 GB
Total RAM: 8159 MB (71% free)
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:05:52, on 9/01/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.16384)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
G:\Program Files\Steam\Steam.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
G:\Program Files\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\tomas.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SpeeditUp - {AAC475AA-551E-939C-BE3E-EBFEF3FE7618} - (no file)
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Steam] "G:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [uTorrent] "C:\Users\tomas\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.ma-config.com
O15 - Trusted Zone: http://*.touslesdrivers.com
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - G:\Program Files\Lavasoft\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
O23 - Service: LavasoftTcpService - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: IE Search Set (SearchProtectionService) - Unknown owner - C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 7454 bytes
 
======Listing Processes======
 
 
 
 
 
wininit.exe
 
 
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\WINDOWS\system32\svchost.exe -k RPCSS
"C:\WINDOWS\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
"dwm.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\WINDOWS\system32\nvvsvc.exe -session -first
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
"C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
dashost.exe {c56e0d90-c5f1-4234-bd34d75d082e5364}
"C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
"C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss 8bd2cbda-b380-4fac-9a5d-a8e058622ab5 1
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\Explorer.EXE
taskhostex.exe 
"C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe" avshadowcontrol0_00000698
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
"G:\Program Files\Lavasoft\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe" 
"G:\Program Files\Steam\Steam.exe" -silent
C:\WINDOWS\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe" 
"C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"G:\Program Files\Steam\bin\steamwebhelper.exe" -cefhost -cachedir "G:\Program Files\Steam\config\htmlcache" -cookiepath "G:\Program Files\Steam\config\cookies" -steampid 6460 --blacklist-accelerated-compositing --process-per-tab --disable-accelerated-video-decode --enable-direct-write
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
taskhost.exe $(Arg0)
 
"G:\Program Files\Lavasoft\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="968.0.2078341504\243537255" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,17,38,46 --gpu-vendor-id=0x10de --gpu-device-id=0x1080 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.4709 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group2 pct:10b stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/OldAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLs/PasswordGeneration/Disabled/Prerender/PrerenderControl/PrerenderFromOmnibox/OmniboxPrerenderEnabled/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/group_35/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="968.4.489841198\71609082" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="968.5.255888628\86920835" --ppapi-flash-args=enable_hw_video_decode=1 --lang=nl --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group2 pct:10b stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/OldAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLs/PasswordGeneration/Disabled/Prerender/PrerenderControl/PrerenderFromOmnibox/OmniboxPrerenderEnabled/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/group_35/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="968.8.219602115\190071285" /prefetch:673131151
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" 
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 568 572 580 65536 576 
"C:\Users\tomas\Downloads\RSITx64.exe" 
C:\WINDOWS\system32\wbem\wmiprvse.exe
 
======Scheduled tasks folder======
 
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /c 
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /ua /installsource scheduler 
C:\WINDOWS\tasks\SpeeditUp Update.job - C:\Program Files (x86)\ver5SpeeditUp\J6SpeeditUpm99.exe  /update 
 
======Registry dump======
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAC475AA-551E-939C-BE3E-EBFEF3FE7618}]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAC475AA-551E-939C-BE3E-EBFEF3FE7618}]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-12-13 2531472]
"ShadowPlay"=C:\WINDOWS\system32\nvspcap64.dll [2014-12-13 2824504]
""= []
"AdAwareTray"=G:\Program Files\Lavasoft\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [2014-12-18 8947008]
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=G:\Program Files\Steam\steam.exe [2014-11-18 1940160]
"uTorrent"=C:\Users\tomas\AppData\Roaming\uTorrent\uTorrent.exe [2015-01-09 1677904]
 
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Avira Systray"=C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [2014-11-20 126200]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2014-11-24 702768]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"SoftwareSASGeneration"=1
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=lvcod64.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo"=vfwwdm32.dll
 
======File associations======
 
.inf - open - "%SystemRoot%\system32\NOTEPAD.EXE" %1
.ini - open - "%SystemRoot%\system32\NOTEPAD.EXE" %1
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "C:\WINDOWS\System32\WScript.exe" "%1" %*
.txt - open - "%SystemRoot%\system32\NOTEPAD.EXE" %1
 
======List of files/folders created in the last 1 month======
 
2015-01-09 10:05:49 ----D---- C:\rsit
2015-01-09 10:05:49 ----D---- C:\Program Files\trend micro
2015-01-09 09:04:48 ----D---- C:\ProgramData\APN
2015-01-09 09:04:26 ----D---- C:\Users\tomas\AppData\Roaming\uTorrent
2015-01-09 08:37:36 ----SD---- C:\WINDOWS\SYSWOW64\Microsoft
2015-01-09 08:33:03 ----D---- C:\Users\tomas\AppData\Roaming\Avira
2015-01-09 08:29:42 ----A---- C:\WINDOWS\system32\drivers\avnetflt.sys
2015-01-09 08:28:03 ----D---- C:\Users\tomas\AppData\Roaming\Mozilla
2015-01-09 08:27:24 ----A---- C:\WINDOWS\system32\drivers\avkmgr.sys
2015-01-09 08:27:24 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2015-01-09 08:27:24 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2015-01-09 08:22:07 ----D---- C:\ProgramData\Avira
2015-01-09 08:22:07 ----D---- C:\Program Files (x86)\Avira
2015-01-09 08:22:04 ----D---- C:\ProgramData\Package Cache
2015-01-09 08:09:45 ----D---- C:\Users\tomas\AppData\Roaming\Lavasoft
2015-01-09 08:08:54 ----D---- C:\WINDOWS\Minidump
2015-01-09 08:04:02 ----D---- C:\ProgramData\Riot Games
2015-01-09 08:01:12 ----A---- C:\WINDOWS\SYSWOW64\XAudio2_2.dll
2015-01-09 08:01:12 ----A---- C:\WINDOWS\SYSWOW64\XAPOFX1_1.dll
2015-01-09 08:01:12 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_39.dll
2015-01-09 08:01:12 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_39.dll
2015-01-09 08:01:11 ----A---- C:\WINDOWS\SYSWOW64\D3DX9_39.dll
2015-01-09 07:56:34 ----A---- C:\WINDOWS\SYSWOW64\LavasoftTcpServiceOff.ini
2015-01-09 07:56:34 ----A---- C:\WINDOWS\SYSWOW64\LavasoftTcpService.ini
2015-01-09 07:56:34 ----A---- C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2015-01-09 07:56:33 ----A---- C:\WINDOWS\SYSWOW64\LavasoftTcpService.dll
2015-01-09 07:56:33 ----A---- C:\WINDOWS\system32\LavasoftTcpService64.dll
2015-01-09 07:56:16 ----D---- C:\Program Files (x86)\Lavasoft
2015-01-09 07:44:09 ----D---- C:\Program Files\Common Files\Lavasoft
2015-01-09 07:41:03 ----D---- C:\ProgramData\Lavasoft
2015-01-09 07:32:12 ----D---- C:\Program Files\Common Files\Atheros
2015-01-09 07:13:58 ----D---- C:\ProgramData\AVAST Software
2015-01-09 06:57:14 ----D---- C:\Program Files (x86)\Reference Assemblies
2015-01-09 06:57:14 ----D---- C:\Program Files (x86)\MSBuild
2015-01-09 06:57:13 ----D---- C:\Program Files\Reference Assemblies
2015-01-09 06:57:13 ----D---- C:\Program Files\MSBuild
2015-01-09 06:55:50 ----A---- C:\WINDOWS\SYSWOW64\TsWpfWrp.exe
2015-01-09 06:55:50 ----A---- C:\WINDOWS\SYSWOW64\PresentationNative_v0300.dll
2015-01-09 06:55:50 ----A---- C:\WINDOWS\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-01-09 06:55:50 ----A---- C:\WINDOWS\system32\TsWpfWrp.exe
2015-01-09 06:55:50 ----A---- C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-01-09 06:55:50 ----A---- C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-01-09 06:52:56 ----D---- C:\ProgramData\Registry Helper
2015-01-09 06:52:35 ----D---- C:\ProgramData\IHProtectUpDate
2015-01-09 06:52:30 ----A---- C:\WINDOWS\system32\drivers\webinstrNHK.sys
2015-01-09 06:51:44 ----D---- C:\ProgramData\WindowsMangerProtect
2015-01-09 06:51:22 ----D---- C:\Users\tomas\AppData\Roaming\mystartsearch
2015-01-09 06:41:36 ----D---- C:\Users\tomas\AppData\Roaming\WinRAR
2015-01-09 06:36:21 ----D---- C:\WINDOWS\system32\appmgmt
2015-01-09 06:33:11 ----D---- C:\Users\tomas\AppData\Roaming\Macromedia
2015-01-09 06:32:48 ----D---- C:\Program Files (x86)\Google
2015-01-09 06:31:12 ----D---- C:\Program Files\Common Files\logishrd
2015-01-09 06:26:14 ----A---- C:\WINDOWS\SYSWOW64\D3DX9_43.dll
2015-01-09 06:26:14 ----A---- C:\WINDOWS\SYSWOW64\d3dx11_43.dll
2015-01-09 06:26:14 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_43.dll
2015-01-09 06:26:14 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
2015-01-09 06:26:14 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
2015-01-09 06:26:14 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
2015-01-09 06:26:08 ----A---- C:\WINDOWS\SYSWOW64\nvspcap.dll
2015-01-09 06:26:08 ----A---- C:\WINDOWS\SYSWOW64\nvspbridge.dll
2015-01-09 06:26:08 ----A---- C:\WINDOWS\system32\nvspcap64.dll
2015-01-09 06:26:08 ----A---- C:\WINDOWS\system32\nvspbridge64.dll
2015-01-09 06:25:42 ----A---- C:\WINDOWS\SYSWOW64\nvStreaming.exe
2015-01-09 06:25:37 ----D---- C:\ProgramData\NVIDIA
2015-01-09 06:25:35 ----A---- C:\WINDOWS\system32\nvvsvc.exe
2015-01-09 06:25:35 ----A---- C:\WINDOWS\system32\nvsvcr.dll
2015-01-09 06:25:35 ----A---- C:\WINDOWS\system32\nvsvc64.dll
2015-01-09 06:25:35 ----A---- C:\WINDOWS\system32\nvshext.dll
2015-01-09 06:25:35 ----A---- C:\WINDOWS\system32\nvmctray.dll
2015-01-09 06:25:35 ----A---- C:\WINDOWS\system32\nvcpl.dll
2015-01-09 06:25:28 ----A---- C:\WINDOWS\SYSWOW64\OpenCL.dll
2015-01-09 06:25:28 ----A---- C:\WINDOWS\system32\OpenCL.dll
2015-01-09 06:25:24 ----D---- C:\ProgramData\NVIDIA Corporation
2015-01-09 06:25:22 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2015-01-09 06:25:06 ----A---- C:\WINDOWS\SYSWOW64\nvwgf2um.dll
2015-01-09 06:25:06 ----A---- C:\WINDOWS\SYSWOW64\nvumdshim.dll
2015-01-09 06:25:06 ----A---- C:\WINDOWS\SYSWOW64\nvopencl.dll
2015-01-09 06:25:06 ----A---- C:\WINDOWS\SYSWOW64\nvoglv32.dll
2015-01-09 06:25:06 ----A---- C:\WINDOWS\SYSWOW64\nvoglshim32.dll
2015-01-09 06:25:06 ----A---- C:\WINDOWS\SYSWOW64\nvinit.dll
2015-01-09 06:25:06 ----A---- C:\WINDOWS\SYSWOW64\NvIFR.dll
2015-01-09 06:25:06 ----A---- C:\WINDOWS\SYSWOW64\NvFBC.dll
2015-01-09 06:25:06 ----A---- C:\WINDOWS\SYSWOW64\nvd3dum.dll
2015-01-09 06:25:06 ----A---- C:\WINDOWS\SYSWOW64\nvcuvid.dll
2015-01-09 06:25:06 ----A---- C:\WINDOWS\SYSWOW64\nvcuda.dll
2015-01-09 06:25:06 ----A---- C:\WINDOWS\SYSWOW64\nvcompiler.dll
2015-01-09 06:25:06 ----A---- C:\WINDOWS\SYSWOW64\nvaudcap32v.dll
2015-01-09 06:25:06 ----A---- C:\WINDOWS\SYSWOW64\nvapi.dll
2015-01-09 06:25:06 ----A---- C:\WINDOWS\system32\nvwgf2umx.dll
2015-01-09 06:25:06 ----A---- C:\WINDOWS\system32\nvumdshimx.dll
2015-01-09 06:25:06 ----A---- C:\WINDOWS\system32\nvopencl.dll
2015-01-09 06:25:06 ----A---- C:\WINDOWS\system32\nvoglv64.dll
2015-01-09 06:25:06 ----A---- C:\WINDOWS\system32\nvoglshim64.dll
2015-01-09 06:25:06 ----A---- C:\WINDOWS\system32\nvmcumd.dll
2015-01-09 06:25:06 ----A---- C:\WINDOWS\system32\nvinitx.dll
2015-01-09 06:25:06 ----A---- C:\WINDOWS\system32\NvIFR64.dll
2015-01-09 06:25:06 ----A---- C:\WINDOWS\system32\nvhdap64.dll
2015-01-09 06:25:06 ----A---- C:\WINDOWS\system32\nvhdagenco64.dll
2015-01-09 06:25:06 ----A---- C:\WINDOWS\system32\NvFBC64.dll
2015-01-09 06:25:06 ----A---- C:\WINDOWS\system32\nvdispgenco6434709.dll
2015-01-09 06:25:06 ----A---- C:\WINDOWS\system32\nvdispco6434709.dll
2015-01-09 06:25:06 ----A---- C:\WINDOWS\system32\nvd3dumx.dll
2015-01-09 06:25:06 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2015-01-09 06:25:06 ----A---- C:\WINDOWS\system32\nvcuda.dll
2015-01-09 06:25:06 ----A---- C:\WINDOWS\system32\nvcompiler.dll
2015-01-09 06:25:06 ----A---- C:\WINDOWS\system32\nvaudcap64v.dll
2015-01-09 06:25:06 ----A---- C:\WINDOWS\system32\nvapi64.dll
2015-01-09 06:25:06 ----A---- C:\WINDOWS\system32\drivers\nvvad64v.sys
2015-01-09 06:25:06 ----A---- C:\WINDOWS\system32\drivers\nvlddmkm.sys
2015-01-09 06:25:06 ----A---- C:\WINDOWS\system32\drivers\nvhda64v.sys
2015-01-09 06:24:50 ----D---- C:\Program Files\NVIDIA Corporation
2015-01-09 06:10:29 ----D---- C:\Drivers
2015-01-09 05:52:44 ----D---- C:\Users\tomas\AppData\Roaming\Adobe
2015-01-09 05:51:58 ----SD---- C:\Users\tomas\AppData\Roaming\Microsoft
2015-01-09 05:49:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-09 05:47:35 ----D---- C:\WINDOWS\CSC
2015-01-09 05:47:34 ----A---- C:\WINDOWS\SYSWOW64\PrintConfig.dll
2015-01-09 05:45:19 ----D---- C:\WINDOWS\SoftwareDistribution
2015-01-09 05:44:05 ----D---- C:\WINDOWS\Prefetch
2015-01-09 05:43:48 ----ASH---- C:\swapfile.sys
2015-01-09 05:43:16 ----DC---- C:\WINDOWS\Panther
2015-01-09 05:38:39 ----A---- C:\WINDOWS\system32\drivers\usbccgp.sys
2014-12-14 23:35:09 ----ASH---- C:\pagefile.sys
 
======List of files/folders modified in the last 1 month======
 
2015-01-09 10:05:49 ----RD---- C:\Program Files
2015-01-09 10:05:49 ----D---- C:\WINDOWS\Temp
2015-01-09 10:00:00 ----D---- C:\WINDOWS\system32\sru
2015-01-09 09:46:07 ----D---- C:\WINDOWS\System32
2015-01-09 09:46:07 ----D---- C:\WINDOWS\Inf
2015-01-09 09:39:55 ----D---- C:\Windows
2015-01-09 09:25:50 ----SHD---- C:\System Volume Information
2015-01-09 09:23:44 ----D---- C:\WINDOWS\AppReadiness
2015-01-09 09:04:48 ----HD---- C:\ProgramData
2015-01-09 08:37:50 ----D---- C:\WINDOWS\system32\Tasks
2015-01-09 08:37:50 ----D---- C:\WINDOWS\system32\DriverStore
2015-01-09 08:37:47 ----D---- C:\WINDOWS\system32\drivers
2015-01-09 08:37:36 ----D---- C:\WINDOWS\SysWOW64
2015-01-09 08:22:51 ----SHD---- C:\WINDOWS\Installer
2015-01-09 08:22:07 ----RD---- C:\Program Files (x86)
2015-01-09 08:09:04 ----RD---- C:\Users
2015-01-09 08:03:04 ----D---- C:\WINDOWS\system32\config
2015-01-09 08:01:09 ----D---- C:\WINDOWS\Tasks
2015-01-09 08:01:08 ----SHD---- C:\$Recycle.Bin
2015-01-09 08:01:04 ----D---- C:\WINDOWS\WinSxS
2015-01-09 07:56:39 ----RSD---- C:\WINDOWS\assembly
2015-01-09 07:44:09 ----D---- C:\Program Files\Common Files
2015-01-09 07:10:05 ----D---- C:\WINDOWS\Microsoft.NET
2015-01-09 06:57:24 ----D---- C:\WINDOWS\CbsTemp
2015-01-09 06:57:13 ----RSD---- C:\WINDOWS\Fonts
2015-01-09 06:57:13 ----D---- C:\WINDOWS\SYSWOW64\en-US
2015-01-09 06:57:13 ----D---- C:\WINDOWS\system32\en-US
2015-01-09 06:37:34 ----D---- C:\Program Files (x86)\Common Files
2015-01-09 06:31:51 ----HD---- C:\Program Files\WindowsApps
2015-01-09 06:31:10 ----D---- C:\WINDOWS\system32\drivers\UMDF
2015-01-09 06:28:55 ----D---- C:\WINDOWS\system32\wdi
2015-01-09 06:26:08 ----D---- C:\WINDOWS\system32\restore
2015-01-09 06:26:08 ----D---- C:\WINDOWS\Logs
2015-01-09 06:25:34 ----D---- C:\WINDOWS\Help
2015-01-09 06:03:35 ----D---- C:\WINDOWS\system32\CodeIntegrity
2015-01-09 06:01:32 ----SD---- C:\ProgramData\Microsoft
2015-01-09 06:01:16 ----D---- C:\adobe
2015-01-09 05:52:45 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2015-01-09 05:52:45 ----D---- C:\WINDOWS\WinStore
2015-01-09 05:52:45 ----D---- C:\WINDOWS\Camera
2015-01-09 05:52:44 ----D---- C:\WINDOWS\FileManager
2015-01-09 05:45:23 ----D---- C:\WINDOWS\debug
2015-01-09 05:45:09 ----D---- C:\WINDOWS\system32\catroot2
2015-01-09 05:43:16 ----SHD---- C:\Recovery
2015-01-09 05:42:54 ----D---- C:\WINDOWS\system32\Recovery
2015-01-08 20:36:20 ----SHD---- C:\Boot
2015-01-08 20:36:20 ----RASH---- C:\BOOTSECT.BAK
 
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 
R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2012-07-09 645952]
R0 JRAID;JRAID; C:\WINDOWS\System32\drivers\jraid.sys [2011-05-19 120920]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2014-11-24 131608]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2014-11-24 28600]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\WINDOWS\system32\DRIVERS\vwififlt.sys [2013-08-22 71680]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2014-11-24 119272]
R2 webinstrNHK;webinstrNHK; \??\C:\WINDOWS\system32\Drivers\webinstrNHK.sys [2015-01-09 56432]
R3 BtFilter;BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [2014-04-28 599240]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2013-08-22 53248]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2013-08-22 118272]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2013-08-22 77312]
R3 CompFilter64;UVCCompositeFilter; C:\WINDOWS\System32\drivers\lvbflt64.sys [2012-10-26 26784]
R3 e1iexpress;@net1ic64.inf,%e1iExpress.Service.DispName%;Intel® PRO/1000 PCI Express Network Connection Driver I; C:\WINDOWS\system32\DRIVERS\e1i63x64.sys [2013-06-18 460288]
R3 LVRS64;@oem25.inf,%lvrs.SrvDesc%;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs64.sys [2012-10-26 351520]
R3 LVUVC64;@oem26.inf,%PID_0826_DD%(UVC);Logitech HD Webcam C525(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc64.sys [2012-10-26 4758176]
R3 MEIx64;@oem33.inf,%HECI_SvcDesc%;Intel® Management Engine Interface ; C:\WINDOWS\System32\drivers\HECIx64.sys [2010-10-19 56344]
R3 netr28ux;@netr28ux.inf,%Generic.Service.DispName%;RT2870 USB Extensible Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\netr28ux.sys [2013-06-18 2408208]
R3 NVHDA;@oem21.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda64v.sys [2014-10-09 195728]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys [2014-12-13 10345280]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-12-13 19600]
R3 nvvad_WaveExtensible;@oem23.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\WINDOWS\system32\drivers\nvvad64v.sys [2014-11-22 38032]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2013-08-22 167424]
R3 usbaudio;@wdma_usb.inf,%USBAudio.SvcDesc%;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2013-08-22 121088]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\WINDOWS\system32\DRIVERS\vwifimp.sys [2013-08-22 36864]
S3 AthDfu;@oem32.inf,%AthDfu.SvcDesc%;Atheros Valkyrie USB BootROM; C:\WINDOWS\System32\Drivers\AthDfu.sys [2012-08-22 55336]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2013-08-22 1200128]
S3 Trufos;Trufos; C:\WINDOWS\system32\DRIVERS\Trufos.sys [2014-10-09 389240]
S3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2013-08-22 212224]
 
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2014-11-24 431920]
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2014-11-24 431920]
R2 Avira.OE.ServiceHost;Avira Service Host; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-11-20 166192]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-12-13 1148560]
R2 LavasoftAdAwareService11;Ad-Aware Service 11; G:\Program Files\Lavasoft\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [2014-12-18 713568]
R2 LavasoftTcpService;LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe [2014-12-16 1351512]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-12-13 1701520]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-12-13 19823248]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvvsvc.exe [2014-12-13 935240]
R2 SearchProtectionService;IE Search Set; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [2014-12-16 15208]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-12-13 410768]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-11-18 833728]
S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-09 107912]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-09 107912]
 
-----------------EOF-----------------
 
 
 
INFO.txt
 
info.txt logfile of random's system information tool 1.10 2015-01-09 10:05:52
 
======MBR======
 
0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9AF0D5F68F00000020210007FEFFFF000800000058707400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AA
 
======Uninstall list======
 
-->MsiExec /X{B455E95A-B804-439F-B533-336B1635AE97}
Ad-Aware Antivirus-->"C:\Program Files\Common Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus Updater\11.5.202.7299\AdAwareUpdater.exe" --uninstall
Ad-Aware Web Companion-->MsiExec.exe /I{D5116390-5C95-4FEA-A719-78C3C8B5DFB5}
AdAwareInstaller-->MsiExec.exe /I{17DB0909-D123-43E1-B5F2-CC356E08B4AA}
AdAwareUpdater-->MsiExec.exe /I{A5C0392D-46A7-4CB3-800B-5794909453BD}
AntimalwareEngine-->MsiExec.exe /I{CC347FC6-C8D7-493A-B70E-1D89E22691A7}
Avira Free Antivirus-->C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVE
Avira-->"C:\ProgramData\Package Cache\{e7c7c227-b742-4878-9425-f09bbf9951db}\Avira.OE.Setup.Bundle.exe"  /uninstall
Avira-->MsiExec.exe /I{21388E37-9EC5-4549-95CA-95D9B2D327A4}
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\setup.exe" --uninstall --multi-install --chrome --system-level --verbose-logging
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
LavasoftTcpService-->MsiExec.exe /I{655F6B43-070A-403C-9DAF-3FCC813C2E59}
League of Legends-->msiexec.exe /x {79BF4901-1EC4-4726-B3C2-A7859706C6E7}
League of Legends-->MsiExec.exe /X{79BF4901-1EC4-4726-B3C2-A7859706C6E7}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
NVIDIA 3D Vision Controller Driver 347.09-->"C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.NVIRUSB
NVIDIA 3D Vision Driver 347.09-->"C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.3DVision
NVIDIA GeForce Experience 2.1.5-->"C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.GFExperience
NVIDIA Graphics Driver 347.09-->"C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA HD Audio Driver 1.3.33.0-->"C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage HDAudio.Driver
NVIDIA PhysX System Software 9.14.0702-->"C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.PhysX
NVIDIA PhysX-->MsiExec.exe /I{B455E95A-B804-439F-B533-336B1635AE97}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
Steam-->G:\Program Files\Steam\uninstall.exe
Web Companion-->"C:\Program Files (x86)\Lavasoft\Web Companion\Application\Installer.exe" --uninstall
WinRAR 5.20 (64-bit)-->G:\Program Files\WinRar\uninstall.exe
 
======System event log======
 
Computer Name: WIN-MP9E0MI9RNA
Event Code: 7024
Message: The BranchCache service terminated with the following service-specific error: 
This program is blocked by group policy. For more information, contact your system administrator.
Record Number: 132
Source Name: Service Control Manager
Time Written: 20150109044528.064770-000
Event Type: Error
User: 
 
Computer Name: WIN-MP9E0MI9RNA
Event Code: 3095
Message: This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
Record Number: 131
Source Name: NETLOGON
Time Written: 20150109044523.000000-000
Event Type: Error
User: 
 
Computer Name: WIN-MP9E0MI9RNA
Event Code: 27
Message: 
Record Number: 127
Source Name: e1iexpress
Time Written: 20150109044503.688978-000
Event Type: Warning
User: 
 
Computer Name: windows-mrt14b2
Event Code: 27
Message: 
Record Number: 100
Source Name: e1iexpress
Time Written: 20150109044426.390514-000
Event Type: Warning
User: 
 
Computer Name: windows-mrt14b2
Event Code: 7023
Message: The IP Helper service terminated with the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 29
Source Name: Service Control Manager
Time Written: 20150109044417.990235-000
Event Type: Error
User: 
 
=====Application event log=====
 
Computer Name: Tomas
Event Code: 3036
Message: Crawl could not be completed on content source <winrt://{S-1-5-21-3868007639-3519943315-2497538795-1001}/>.
 
Context:  Application, SystemIndex Catalog
 
Details:
The parameter is incorrect.  (HRESULT : 0x80070057) (0x80070057)
 
Record Number: 72
Source Name: Microsoft-Windows-Search
Time Written: 20150109045823.000000-000
Event Type: Warning
User: 
 
Computer Name: Tomas
Event Code: 8198
Message: License Activation (slui.exe) failed with the following error code:
hr=0xC004C003
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8da2dfae-e4f5-4e6a-9272-96f8470e033e;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Record Number: 56
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20150109045300.000000-000
Event Type: Error
User: 
 
Computer Name: Tomas
Event Code: 1014
Message: Acquisition of End User License failed. hr=0xC004C003
Sku Id=8da2dfae-e4f5-4e6a-9272-96f8470e033e
Record Number: 53
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20150109045300.000000-000
Event Type: Error
User: 
 
Computer Name: Tomas
Event Code: 8200
Message: License acquisition failure details. 
hr=0xC004C003
Record Number: 52
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20150109045300.000000-000
Event Type: Error
User: 
 
Computer Name: Tomas
Event Code: 3086
Message: The system locale has changed. Existing data will be deleted and the index must be recreated.
 
Context:  Application, SystemIndex Catalog
 
Record Number: 44
Source Name: Microsoft-Windows-Search
Time Written: 20150109045244.000000-000
Event Type: Warning
User: 
 
=====Security event log=====
 
Computer Name: windows-mrt14b2
Event Code: 4735
Message: A security-enabled local group was changed.
 
Subject:
Security ID: S-1-5-18
Account Name: WINDOWS-MRT14B2$
Account Domain: WORKGROUP
Logon ID: 0x3E7
 
Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin
 
Changed Attributes:
SAM Account Name: -
SID History: -
 
Additional Information:
Privileges: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150109044356.450649-000
Event Type: Audit Success
User: 
 
Computer Name: windows-mrt14b2
Event Code: 4731
Message: A security-enabled local group was created.
 
Subject:
Security ID: S-1-5-18
Account Name: WINDOWS-MRT14B2$
Account Domain: WORKGROUP
Logon ID: 0x3E7
 
New Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin
 
Attributes:
SAM Account Name: Backup Operators
SID History: -
 
Additional Information:
Privileges: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150109044356.450649-000
Event Type: Audit Success
User: 
 
Computer Name: windows-mrt14b2
Event Code: 4902
Message: The Per-user audit policy table was created.
 
Number of Elements: 0
Policy ID: 0x3E465
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150109044356.435023-000
Event Type: Audit Success
User: 
 
Computer Name: windows-mrt14b2
Event Code: 4624
Message: An account was successfully logged on.
 
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
 
Logon Type: 0
 
Impersonation Level: -
 
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
Logon GUID: {00000000-0000-0000-0000-000000000000}
 
Process Information:
Process ID: 0x4
Process Name:
 
Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -
 
Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
 
This event is generated when a logon session is created. It is generated on the computer that was accessed.
 
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
 
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
 
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
 
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
 
The impersonation level field indicates the extent to which a process in the logon session can impersonate.
 
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150109044356.388147-000
Event Type: Audit Success
User: 
 
Computer Name: windows-mrt14b2
Event Code: 4608
Message: Windows is starting up.
 
This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150109044356.388147-000
Event Type: Audit Success
User: 
 
======Environment variables======
 
"FP_NO_HOST_CHECK"=NO
"USERNAME"=SYSTEM
"Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"ComSpec"=%SystemRoot%\system32\cmd.exe
"TMP"=%SystemRoot%\TEMP
"OS"=Windows_NT
"windir"=%SystemRoot%
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=2a07
 
-----------------EOF-----------------
 
 

Attached Files

  • Attached File  info.txt   11.74KB   0 downloads
  • Attached File  log.txt   33.96KB   0 downloads


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:10 PM

Posted 08 January 2015 - 11:28 PM

Hello defomas

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:10 PM

Posted 11 January 2015 - 07:54 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:10 PM

Posted 14 January 2015 - 12:47 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users