Jump to content

Eganrac1239

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Eganrac1239
    ran a full scan with avg and nothing was found. =/ It doesnt seem to be causing any issues, just dont like seeing it in my startup knowing that it's spyware
  2. Eganrac1239
    The ESET link isnt working so I went to their main page and tried to use the link to run the scanner and that link isn't working either unfortunately. Here's the combofix log ComboFix 12-05-19.01 - Eganrac 05/22/2012 23:10:13.2.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.8172.5294 [GMT -7:00] Running from: c:\users\Eganrac\Downloads\ComboFix.exe Command switches used :: c:\users\Eganrac\Downloads\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Common Files\Spigot c:\program files (x86)\Common Files\Spigot\Search Settings\baidu_ff.xml c:\program files (x86)\Common Files\Spigot\Search Settings\baidu_ie.xml c:\program files (x86)\Common Files\Spigot\Search Settings\config.ini c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1031.ini c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1033.ini c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1034.ini c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1036.ini c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1040.ini c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe c:\program files (x86)\Common Files\Spigot\Search Settings\wth.dll c:\program files (x86)\Common Files\Spigot\Search Settings\yahoo_ff.xml c:\program files (x86)\Common Files\Spigot\Search Settings\yahoo_ie.xml c:\program files (x86)\Common Files\Spigot\Search Settings\yandex_ff.xml c:\program files (x86)\Common Files\Spigot\Search Settings\yandex_ie.xml c:\program files (x86)\Common Files\Spigot\wtxpcom\chrome.manifest c:\program files (x86)\Common Files\Spigot\wtxpcom\components\chrome.manifest c:\program files (x86)\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt c:\program files (x86)\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt c:\program files (x86)\Common Files\Spigot\wtxpcom\components\install.rdf c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11 c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12 c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13 c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14 c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 c:\program files (x86)\Common Files\Spigot\wtxpcom\install.rdf . . ((((((((((((((((((((((((( Files Created from 2012-04-23 to 2012-05-23 ))))))))))))))))))))))))))))))) . . 2012-05-23 06:15 . 2012-05-23 06:15 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-23 04:32 . 2012-05-23 04:32 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-05-23 04:31 . 2012-05-23 04:31 -------- d-----w- c:\program files (x86)\Oracle 2012-05-23 04:31 . 2012-04-05 01:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-05-23 03:40 . 2012-05-23 03:40 839112 ----a-w- c:\windows\system32\deployJava1.dll 2012-05-23 03:40 . 2012-05-23 03:40 955848 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-05-23 03:40 . 2012-05-23 03:40 -------- d-----w- c:\program files\Java 2012-05-22 23:10 . 2011-07-07 20:51 1452648 ----a-w- c:\windows\system32\nvhdagenco6420102.dll 2012-05-22 23:08 . 2011-10-20 09:50 3074368 ----a-r- c:\windows\system32\nvsvcr.dll 2012-05-22 23:06 . 2012-05-15 10:48 68928 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-22 23:06 . 2012-05-15 10:48 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll 2012-05-22 23:06 . 2012-05-15 10:48 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll 2012-05-22 23:06 . 2012-05-15 10:48 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-05-22 23:00 . 2012-05-15 09:29 2621723 ----a-w- c:\windows\system32\nvcoproc.bin 2012-05-18 17:18 . 2012-05-18 17:18 -------- d-----w- c:\program files (x86)\YouTube Downloader Toolbar 2012-05-18 17:18 . 2012-05-18 17:18 -------- d-----w- c:\program files (x86)\Application Updater 2012-05-15 09:21 . 2012-05-15 09:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-05-14 16:56 . 2012-05-14 17:10 -------- d-----w- c:\program files (x86)\Diablo III 2012-05-12 23:05 . 2012-05-12 23:05 -------- d-----w- c:\program files (x86)\Diablo 3 2012-05-11 20:38 . 2012-05-11 20:38 -------- d-----w- c:\users\Eganrac\AppData\Roaming\Amazon 2012-05-11 20:38 . 2012-05-11 20:38 -------- d-----w- c:\users\Eganrac\AppData\Local\Amazon 2012-05-07 22:56 . 2012-05-07 22:56 -------- d-----w- c:\users\Eganrac\AppData\Local\Red 5 Studios 2012-05-07 22:03 . 2012-05-07 22:03 -------- d-----w- c:\program files (x86)\Xiph.Org 2012-05-07 22:00 . 2012-05-07 22:00 -------- d-----w- c:\program files (x86)\Red 5 Studios 2012-04-30 20:12 . 2012-05-22 23:10 -------- d-----w- c:\users\UpdatusUser 2012-04-30 20:10 . 2012-05-15 10:48 949056 ----a-w- c:\windows\system32\nvumdshimx.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-15 10:48 . 2011-11-15 10:46 1738048 ----a-w- c:\windows\system32\nvdispco64.dll 2012-05-15 10:48 . 2011-11-15 10:46 1468224 ----a-w- c:\windows\system32\nvgenco64.dll 2012-05-15 10:48 . 2010-07-10 05:38 2741568 ----a-w- c:\windows\system32\nvapi64.dll 2012-05-15 10:48 . 2009-07-13 21:59 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-05-15 09:29 . 2011-02-23 08:38 889664 ----a-w- c:\windows\system32\nvvsvc.exe 2012-05-15 09:29 . 2011-02-23 08:38 118080 ----a-w- c:\windows\system32\nvmctray.dll 2012-05-15 09:29 . 2010-07-09 16:27 63296 ----a-w- c:\windows\system32\nvshext.dll 2012-05-15 09:29 . 2011-02-23 08:39 3149632 ----a-w- c:\windows\system32\nvsvc64.dll 2012-05-15 09:28 . 2011-02-23 08:39 6151488 ----a-w- c:\windows\system32\nvcpl.dll 2012-04-05 01:47 . 2011-03-03 11:21 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-04-04 22:56 . 2011-04-24 18:50 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-23 04:31 . 2012-01-23 04:31 859497 ----a-w- c:\program files (x86)\BPClientSetup.exe 2012-01-23 04:31 . 2012-01-23 04:29 229060345 ----a-w- c:\program files (x86)\BPClientSetup-2b.bin 2012-01-23 04:29 . 2012-01-23 04:14 1566000000 ----a-w- c:\program files (x86)\BPClientSetup-2a.bin 2012-01-23 04:14 . 2012-01-23 03:59 1566000000 ----a-w- c:\program files (x86)\BPClientSetup-1c.bin 2012-01-23 03:59 . 2012-01-23 03:41 1566000000 ----a-w- c:\program files (x86)\BPClientSetup-1b.bin 2012-01-23 03:41 . 2012-01-23 03:23 1565140352 ----a-w- c:\program files (x86)\BPClientSetup-1a.bin 2011-02-15 21:45 . 2011-03-30 00:48 1867776 ----a-w- c:\program files (x86)\LaunchKaros.exe 2011-01-25 22:45 . 2011-03-30 00:48 1583104 ----a-w- c:\program files (x86)\AMo.exe 2011-01-21 04:27 . 2011-03-30 00:48 200704 ----a-w- c:\program files (x86)\Karos_Launcher.dll 2010-09-21 00:20 . 2010-09-21 00:20 726016 ----a-w- c:\program files (x86)\7z.dll 2009-12-12 00:01 . 2011-03-30 00:48 292545 ----a-w- c:\program files (x86)\GameGuard.des 2009-09-09 05:30 . 2011-03-30 00:48 4378632 ----a-w- c:\program files (x86)\D3DX9_40.dll 2009-09-09 05:29 . 2011-03-30 00:48 991752 ----a-w- c:\program files (x86)\dbghelp.dll 2009-09-09 05:29 . 2011-03-30 00:48 484872 ----a-w- c:\program files (x86)\msvcm80.dll 2009-09-09 05:29 . 2011-03-30 00:48 554504 ----a-w- c:\program files (x86)\msvcp80.dll 2009-09-09 05:29 . 2011-03-30 00:48 632328 ----a-w- c:\program files (x86)\msvcr80.dll 2009-09-09 05:28 . 2011-03-30 00:48 101896 ----a-w- c:\program files (x86)\atl80.dll 2009-08-14 19:32 . 2011-03-30 00:48 425984 ----a-w- c:\program files (x86)\WeberForClient.dll 2009-08-14 19:22 . 2011-03-30 00:48 1875968 ----a-w- c:\program files (x86)\WeberForClientD.dll 2009-08-11 04:33 . 2011-03-30 00:48 180224 ----a-w- c:\program files (x86)\HanReportForClient.dll 2009-08-11 04:33 . 2011-03-30 00:48 651264 ----a-w- c:\program files (x86)\HanReportForClientD.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-05-19_18.30.37 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 04:54 . 2012-05-23 06:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-05-18 17:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-05-18 17:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-05-23 06:16 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-05-18 17:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-05-23 06:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-03-03 05:09 . 2012-05-23 03:19 36968 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-05-23 03:19 27590 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2012-05-22 23:17 . 2012-04-18 17:08 31040 c:\windows\system32\nvhdap64.dll - 2009-07-14 05:30 . 2012-04-30 20:12 86016 c:\windows\system32\DriverStore\infpub.dat + 2009-07-14 05:30 . 2012-05-22 23:19 86016 c:\windows\system32\DriverStore\infpub.dat + 2012-05-22 23:10 . 2011-07-07 20:51 29288 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_d9dc0257f3c16ec3\nvhdap64.dll + 2012-05-22 23:10 . 2011-07-07 20:51 70760 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_d9dc0257f3c16ec3\nvapo64v.dll + 2012-05-22 23:17 . 2012-04-18 17:08 31040 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_9f01b2372a747820\nvhdap64.dll + 2012-05-22 23:17 . 2012-04-18 17:08 72512 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_9f01b2372a747820\nvapo64v.dll + 2012-05-22 23:17 . 2012-05-15 10:48 68928 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\OpenCL64.dll + 2012-05-22 23:17 . 2012-05-15 10:48 61248 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\OpenCL.dll + 2012-05-22 23:06 . 2011-10-20 09:50 68928 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\OpenCL64.dll + 2012-05-22 23:06 . 2011-10-20 09:50 61248 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\OpenCL.dll + 2005-01-07 16:14 . 2012-05-22 23:08 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2005-01-07 16:14 . 2012-05-10 19:32 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2005-01-07 16:14 . 2012-05-10 19:32 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2005-01-07 16:14 . 2012-05-22 23:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-05-10 19:32 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-05-22 23:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-02-11 23:41 . 2012-05-23 06:15 4222 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2005-01-07 16:23 . 2012-05-23 03:19 9918 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3997576125-1133855517-1033892153-1000_UserData.bin + 2012-05-22 23:17 . 2012-05-15 10:48 4096 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvdetx.dll + 2012-05-22 23:17 . 2012-05-15 10:48 4096 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvdet.dll + 2012-05-23 06:16 . 2012-05-23 06:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-05-19 18:30 . 2012-05-19 18:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-05-23 06:16 . 2012-05-23 06:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-05-19 18:30 . 2012-05-19 18:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-05-22 23:17 . 2012-05-15 10:48 818496 c:\windows\SysWOW64\nvumdshim.dll + 2012-05-22 23:17 . 2012-05-15 10:48 202048 c:\windows\SysWOW64\nvinit.dll + 2012-05-22 23:17 . 2012-05-15 10:48 301376 c:\windows\SysWOW64\nvdecodemft.dll + 2012-05-23 04:31 . 2012-04-05 01:47 227720 c:\windows\SysWOW64\javaws.exe + 2012-05-23 04:30 . 2012-05-23 04:30 174024 c:\windows\SysWOW64\javaw.exe + 2012-05-23 04:30 . 2012-05-23 04:30 174024 c:\windows\SysWOW64\java.exe + 2009-07-14 02:36 . 2012-05-22 23:12 666718 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-05-15 07:02 666718 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-05-22 23:12 126444 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-05-15 07:02 126444 c:\windows\system32\perfc009.dat + 2012-05-22 23:17 . 2012-05-15 10:48 246592 c:\windows\system32\nvinitx.dll + 2012-05-22 23:17 . 2012-05-15 10:48 364352 c:\windows\system32\nvdecodemft.dll + 2012-05-23 03:40 . 2012-05-23 03:40 268744 c:\windows\system32\javaws.exe + 2012-05-23 03:40 . 2012-05-23 03:40 189384 c:\windows\system32\javaw.exe + 2012-05-23 03:40 . 2012-05-23 03:40 188872 c:\windows\system32\java.exe + 2009-07-14 05:30 . 2012-05-22 23:19 239616 c:\windows\system32\DriverStore\infstrng.dat - 2009-07-14 05:30 . 2012-04-30 20:12 239616 c:\windows\system32\DriverStore\infstrng.dat + 2009-07-14 05:30 . 2012-05-22 23:19 143360 c:\windows\system32\DriverStore\infstor.dat - 2009-07-14 05:30 . 2012-04-30 20:12 143360 c:\windows\system32\DriverStore\infstor.dat + 2012-05-22 23:17 . 2012-05-15 12:55 398656 c:\windows\system32\DriverStore\FileRepository\nvstusb.inf_amd64_neutral_9040728c38bb13af\nvstusb64.sys + 2012-05-22 23:09 . 2011-10-20 12:45 291648 c:\windows\system32\DriverStore\FileRepository\nvstusb.inf_amd64_neutral_6bd42d842972ff19\nvstusb64.sys + 2012-05-22 23:10 . 2011-07-07 20:51 174184 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_d9dc0257f3c16ec3\nvhda64v.sys + 2012-05-22 23:10 . 2011-07-07 20:51 150120 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_d9dc0257f3c16ec3\nvhda64.sys + 2012-05-22 23:17 . 2012-04-18 17:08 188736 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_9f01b2372a747820\nvhda64v.sys + 2012-05-22 23:17 . 2012-04-18 17:08 156480 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_9f01b2372a747820\nvhda64.sys + 2012-05-22 23:17 . 2012-05-15 10:48 949056 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvumdshimx.dll + 2012-05-22 23:17 . 2012-05-15 10:48 818496 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvumdshim.dll + 2012-05-22 23:17 . 2012-05-15 10:48 313664 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvml.dll + 2012-05-22 23:17 . 2012-05-15 10:48 246592 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvinitx.dll + 2012-05-22 23:17 . 2012-05-15 10:48 202048 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvinit.dll + 2012-05-22 23:17 . 2012-05-15 10:48 202560 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvidia-smi.exe + 2012-05-22 23:17 . 2012-05-15 10:48 333120 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvEncodeAPI64.dll + 2012-05-22 23:17 . 2012-05-15 10:48 282432 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvEncodeAPI.dll + 2012-05-22 23:17 . 2012-05-15 10:48 249856 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvdxgiwrapx.dll + 2012-05-22 23:17 . 2012-05-15 10:48 220480 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvdxgiwrap.dll + 2012-05-22 23:17 . 2012-05-15 10:48 301376 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvdecodemft32.dll + 2012-05-22 23:17 . 2012-05-15 10:48 364352 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvdecodemft.dll + 2012-05-22 23:17 . 2012-05-15 10:48 316928 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\Nvd3d9wrapx.dll + 2012-05-22 23:17 . 2012-05-15 10:48 285504 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\Nvd3d9wrap.dll + 2012-05-22 23:17 . 2012-05-15 10:48 232768 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\dbInstaller.exe + 2012-05-22 23:06 . 2011-10-20 09:50 284480 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvml.dll + 2012-05-22 23:06 . 2011-10-20 09:50 200512 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvidia-smi.exe + 2012-05-22 23:06 . 2011-10-20 09:50 316928 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvdrsdb.bin + 2012-05-22 23:06 . 2011-10-20 09:50 224064 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\dbInstaller.exe + 2012-05-22 23:17 . 2012-04-18 17:08 188736 c:\windows\system32\drivers\nvhda64v.sys - 2009-07-14 05:01 . 2012-05-19 18:29 281292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-05-23 06:15 281292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-05-23 04:31 . 2012-05-23 04:31 179200 c:\windows\Installer\43a9c3.msi + 2012-05-23 04:31 . 2012-05-23 04:31 461312 c:\windows\Installer\43a9be.msi + 2012-05-23 03:39 . 2012-05-23 03:39 891392 c:\windows\Installer\15afb2.msi + 2012-05-22 23:17 . 2012-05-15 10:48 8105280 c:\windows\SysWOW64\nvwgf2um.dll + 2012-05-22 23:17 . 2012-05-15 10:48 2524992 c:\windows\SysWOW64\nvcuvid.dll + 2012-05-22 23:17 . 2012-05-15 10:48 2445120 c:\windows\SysWOW64\nvcuvenc.dll + 2012-05-22 23:17 . 2012-05-15 10:48 5982528 c:\windows\SysWOW64\nvcuda.dll + 2012-05-22 23:17 . 2012-05-15 10:48 2368832 c:\windows\SysWOW64\nvapi.dll + 2012-05-22 23:17 . 2012-04-18 17:08 1451840 c:\windows\system32\nvhdagenco6420103.dll + 2012-05-22 23:17 . 2012-05-15 10:48 2681664 c:\windows\system32\nvcuvid.dll + 2012-05-22 23:17 . 2012-05-15 10:48 2881856 c:\windows\system32\nvcuvenc.dll + 2012-05-22 23:17 . 2012-05-15 10:48 8139072 c:\windows\system32\nvcuda.dll + 2012-05-22 23:17 . 2012-05-15 12:55 1468224 c:\windows\system32\DriverStore\FileRepository\nvstusb.inf_amd64_neutral_9040728c38bb13af\nvgenco64.dll + 2012-05-22 23:09 . 2011-10-20 12:45 1454912 c:\windows\system32\DriverStore\FileRepository\nvstusb.inf_amd64_neutral_6bd42d842972ff19\nvgenco64.dll + 2012-05-22 23:10 . 2011-07-07 20:51 1452648 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_d9dc0257f3c16ec3\nvgenco64.dll + 2012-05-22 23:17 . 2012-04-18 17:08 1451840 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_9f01b2372a747820\nvgenco64.dll + 2012-05-22 23:17 . 2012-05-15 10:48 8105280 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvwgf2um.dll + 2012-05-22 23:17 . 2012-05-15 10:48 1468224 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvgenco64.dll + 2012-05-22 23:17 . 2012-05-15 10:48 1066872 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvdrsdb.bin + 2012-05-22 23:17 . 2012-05-15 10:48 1738048 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvdispco64.dll + 2012-05-22 23:17 . 2012-05-15 10:48 2524992 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvcuvid32.dll + 2012-05-22 23:17 . 2012-05-15 10:48 2681664 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvcuvid.dll + 2012-05-22 23:17 . 2012-05-15 10:48 2881856 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvcuvenc64.dll + 2012-05-22 23:17 . 2012-05-15 10:48 2445120 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvcuvenc.dll + 2012-05-22 23:17 . 2012-05-15 10:48 5982528 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvcuda32.dll + 2012-05-22 23:17 . 2012-05-15 10:48 8139072 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvcuda.dll + 2012-05-22 23:17 . 2012-05-15 10:48 2741568 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvapi64.dll + 2012-05-22 23:17 . 2012-05-15 10:48 2368832 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvapi.dll + 2012-05-22 23:06 . 2011-10-20 09:50 8791360 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvwgf2umx.dll + 2012-05-22 23:06 . 2011-10-20 09:50 7042368 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvwgf2um.dll + 2012-05-22 23:08 . 2011-10-20 09:50 1454400 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvgenco64.dll + 2012-05-22 23:08 . 2011-10-20 09:50 1533248 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvdispco64.dll + 2012-05-22 23:06 . 2011-10-20 09:50 2401600 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvcuvid32.dll + 2012-05-22 23:06 . 2011-10-20 09:50 2543936 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvcuvid.dll + 2012-05-22 23:06 . 2011-10-20 09:50 2232128 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvcuvenc64.dll + 2012-05-22 23:06 . 2011-10-20 09:50 2099520 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvcuvenc.dll + 2012-05-22 23:06 . 2011-10-20 09:50 5581632 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvcuda32.dll + 2012-05-22 23:06 . 2011-10-20 09:50 7585600 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvcuda.dll + 2012-05-22 23:06 . 2011-10-20 09:50 2808640 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvapi64.dll + 2012-05-22 23:06 . 2011-10-20 09:50 2458432 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvapi.dll + 2011-03-09 11:17 . 2012-05-23 06:15 9090192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3997576125-1133855517-1033892153-1000-12288.dat + 2012-05-22 23:17 . 2012-05-15 10:48 19607872 c:\windows\SysWOW64\nvoglv32.dll + 2012-05-22 23:17 . 2012-05-15 10:48 17551680 c:\windows\SysWOW64\nvcompiler.dll + 2012-05-22 23:17 . 2012-05-15 10:48 25743168 c:\windows\system32\nvoglv64.dll + 2012-05-22 23:17 . 2012-05-15 10:48 25248064 c:\windows\system32\nvcompiler.dll + 2012-05-22 23:17 . 2012-05-15 10:48 10194752 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvwgf2umx.dll + 2012-05-22 23:17 . 2012-05-15 10:48 25743168 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvoglv64.dll + 2012-05-22 23:17 . 2012-05-15 10:48 19607872 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvoglv32.dll + 2012-05-22 23:17 . 2012-05-15 10:48 14298944 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvlddmkm.sys + 2012-05-22 23:17 . 2012-05-15 10:48 18044224 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvd3dumx.dll + 2012-05-22 23:17 . 2012-05-15 10:48 15322432 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvd3dum.dll + 2012-05-22 23:17 . 2012-05-15 10:48 30945512 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\NvCplSetupEng.exe + 2012-05-22 23:17 . 2012-05-15 10:48 17551680 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvcompiler32.dll + 2012-05-22 23:17 . 2012-05-15 10:48 25248064 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvcompiler.dll + 2012-05-22 23:06 . 2011-10-20 09:50 24743744 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvoglv64.dll + 2012-05-22 23:06 . 2011-10-20 09:50 18872128 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvoglv32.dll + 2012-05-22 23:06 . 2011-10-20 09:50 12972352 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvlddmkm.sys + 2012-05-22 23:06 . 2011-10-20 09:50 15694144 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvd3dumx.dll + 2012-05-22 23:06 . 2011-10-20 09:50 13205824 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvd3dum.dll + 2012-05-22 23:06 . 2011-10-20 09:50 17248576 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvcompiler32.dll + 2012-05-22 23:06 . 2011-10-20 09:50 24796992 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvcompiler.dll + 2012-05-22 23:17 . 2012-05-15 10:48 14298944 c:\windows\system32\drivers\nvlddmkm.sys + 2012-05-23 04:29 . 2012-05-23 04:29 17379840 c:\windows\Installer\43a9ba.msi . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CreativeTaskScheduler"="c:\program files (x86)\Creative\Shared Files\CTSched.exe" [2006-11-17 53341] "Creative Software Update"="c:\program files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" [2009-01-15 430968] "MusicManager"="c:\users\Eganrac\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-05-10 13805568] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . c:\users\Eganrac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ CurseClientStartup.ccip [2012-5-11 0] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 ALSysIO;ALSysIO;c:\users\Eganrac\AppData\Local\Temp\ALSysIO64.sys [x] R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-05-19 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-03-03 79360] R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x] R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x] R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x] R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\GameGuard\dump_wmimmc.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 SSMO3v2Filter;MMO3v2 Mouse;c:\windows\system32\drivers\MO3v2Driver.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 BCSWAP;BCSWAP; [x] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-05-17 785344] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776] S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2011-04-21 23680] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x] S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x] S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x] S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x] S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x] S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3997576125-1133855517-1033892153-1000Core.job - c:\users\Eganrac\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-03 05:11] . 2012-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3997576125-1133855517-1033892153-1000UA.job - c:\users\Eganrac\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-03 05:11] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 190472] "Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-14 415752] "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-14 2093064] "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-14 4195848] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-11 1873256] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.0.1 205.171.3.25 FF - ProfilePath - c:\users\Eganrac\AppData\Roaming\Mozilla\Firefox\Profiles\5br2vx7q.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p= FF - Ext: Targeted Advertising Cookie Opt-Out (TACO): optout@dubfire.net - c:\program files (x86)\Mozilla Firefox\extensions\optout@dubfire.net FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - Ext: Update Notifier: {95f24680-9e31-11da-a746-0800200c9a66} - c:\program files (x86)\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66} FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\program files (x86)\Mozilla Firefox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - c:\program files (x86)\Mozilla Firefox\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} FF - Ext: XHTML Mobile Profile: {8ea9957e-2953-402f-80e0-bceb5f169d6f} - %profile%\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f} FF - Ext: wmlbrowser: {c4dc572a-3295-40eb-b30f-b54aa4cdc4b7} - %profile%\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7} FF - Ext: EWOQ Mobile Setup extension: {f035aa18-ee32-4e6e-81d2-57e32867f8a7} - %profile%\extensions\{f035aa18-ee32-4e6e-81d2-57e32867f8a7} FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files (x86)\AVG\AVG2012\Firefox FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF - Ext: FiddlerHook: fiddlerhook@fiddler2.com - c:\program files (x86)\Fiddler2\FiddlerHook FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3997576125-1133855517-1033892153-1000\Software\SecuROM\License information*] "datasecu"=hex:7f,79,b0,52,45,47,9e,d0,d6,d9,95,bb,a7,ef,f2,ca,65,56,68,29,d2, cf,c0,00,cb,f3,2f,7f,f2,db,75,25,31,ec,3c,9e,3f,21,3e,f7,27,e6,e7,f0,6b,77,\ "rkeysecu"=hex:b7,86,a4,1d,e9,d1,63,3d,ad,54,a8,46,4c,8b,0d,37 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe . ************************************************************************** . Completion time: 2012-05-22 23:39:10 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-23 06:39 ComboFix2.txt 2012-05-19 18:35 . Pre-Run: 72,054,411,264 bytes free Post-Run: 71,979,479,040 bytes free . - - End Of File - - 488574A439D060D2D118A9AFBB7CDFA2
  3. Eganrac1239
    <p> </p> <div>Malwarebytes Anti-Malware (PRO) 1.61.0.1400</div> <div>www.malwarebytes.org</div> <div> </div> <div>Database version: v2012.05.22.01</div> <div> </div> <div>Windows 7 Service Pack 1 x64 NTFS</div> <div>Internet Explorer 9.0.8112.16421</div> <div>Eganrac :: EGANRAC-PC [administrator]</div> <div> </div> <div>Protection: Enabled</div> <div> </div> <div>5/22/2012 8:51:29 PM</div> <div>mbam-log-2012-05-22 (20-51-29).txt</div> <div> </div> <div>Scan type: Full scan</div> <div>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</div> <div>Scan options disabled: P2P</div> <div>Objects scanned: 489899</div> <div>Time elapsed: 1 hour(s), 34 minute(s), 22 second(s)</div> <div> </div> <div>Memory Processes Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Memory Modules Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Registry Keys Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Registry Values Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Registry Data Items Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Folders Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Files Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>(end)</div> <div> </div> <div> </div> <div>Got rid of the old java and got the new one. Don't even use UTorrent anymore. Haven't in a long time and won't be anymore Nothing malicious but Widgi still comes up on startup.</div>
  4. Eganrac1239
    0_0 im so sorry. Apparently malwarebytes didnt e-mail me a notification letting me know someone commented on my post. Here is my combofix log. Thanks again! _________________________________________________________________________________________________________________________________ ComboFix 12-05-19.01 - Eganrac 05/19/2012 11:20:04.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.8172.5392 [GMT -7:00] Running from: c:\users\Eganrac\Downloads\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\program files (x86)\KarosOnline_02_1067.exe c:\users\Eganrac\AppData\Local\assembly\tmp c:\users\Eganrac\AppData\Roaming\Love c:\users\Eganrac\AppData\Roaming\Love\not_tetris_2\highscoresA.txt c:\users\Eganrac\AppData\Roaming\Love\not_tetris_2\highscoresB.txt c:\users\Eganrac\AppData\Roaming\Love\not_tetris_2\options.txt . . ((((((((((((((((((((((((( Files Created from 2012-04-19 to 2012-05-19 ))))))))))))))))))))))))))))))) . . 2012-05-19 18:27 . 2012-05-19 18:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-18 17:18 . 2012-05-18 17:18 -------- d-----w- c:\program files (x86)\YouTube Downloader Toolbar 2012-05-18 17:18 . 2012-05-18 17:18 -------- d-----w- c:\program files (x86)\Common Files\Spigot 2012-05-18 17:18 . 2012-05-18 17:18 -------- d-----w- c:\program files (x86)\Application Updater 2012-05-14 16:56 . 2012-05-14 17:10 -------- d-----w- c:\program files (x86)\Diablo III 2012-05-12 23:05 . 2012-05-12 23:05 -------- d-----w- c:\program files (x86)\Diablo 3 2012-05-11 20:38 . 2012-05-11 20:38 -------- d-----w- c:\users\Eganrac\AppData\Roaming\Amazon 2012-05-11 20:38 . 2012-05-11 20:38 -------- d-----w- c:\users\Eganrac\AppData\Local\Amazon 2012-05-07 22:56 . 2012-05-07 22:56 -------- d-----w- c:\users\Eganrac\AppData\Local\Red 5 Studios 2012-05-07 22:03 . 2012-05-07 22:03 -------- d-----w- c:\program files (x86)\Xiph.Org 2012-05-07 22:00 . 2012-05-07 22:00 -------- d-----w- c:\program files (x86)\Red 5 Studios 2012-04-30 20:12 . 2012-05-10 19:25 -------- d-----w- c:\users\UpdatusUser . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-04 22:56 . 2011-04-24 18:50 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-01 00:02 . 2011-11-15 10:46 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-03-01 00:02 . 2011-11-15 10:46 1737536 ----a-w- c:\windows\system32\nvdispco64.dll 2012-03-01 00:02 . 2011-11-15 10:46 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-03-01 00:02 . 2011-11-15 10:46 1466176 ----a-w- c:\windows\system32\nvgenco64.dll 2012-03-01 00:02 . 2010-07-10 05:38 2660160 ----a-w- c:\windows\system32\nvapi64.dll 2012-03-01 00:02 . 2009-07-13 21:59 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-02-29 21:00 . 2011-02-23 08:39 3089728 ----a-w- c:\windows\system32\nvsvc64.dll 2012-02-29 21:00 . 2011-02-23 08:39 6074176 ----a-w- c:\windows\system32\nvcpl.dll 2012-02-29 20:59 . 2011-02-23 08:38 889664 ----a-w- c:\windows\system32\nvvsvc.exe 2012-02-29 20:59 . 2011-02-23 08:38 118080 ----a-w- c:\windows\system32\nvmctray.dll 2012-02-29 20:59 . 2010-07-09 16:27 63296 ----a-w- c:\windows\system32\nvshext.dll 2012-02-29 20:26 . 2012-02-29 20:26 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-01-23 04:31 . 2012-01-23 04:31 859497 ----a-w- c:\program files (x86)\BPClientSetup.exe 2012-01-23 04:31 . 2012-01-23 04:29 229060345 ----a-w- c:\program files (x86)\BPClientSetup-2b.bin 2012-01-23 04:29 . 2012-01-23 04:14 1566000000 ----a-w- c:\program files (x86)\BPClientSetup-2a.bin 2012-01-23 04:14 . 2012-01-23 03:59 1566000000 ----a-w- c:\program files (x86)\BPClientSetup-1c.bin 2012-01-23 03:59 . 2012-01-23 03:41 1566000000 ----a-w- c:\program files (x86)\BPClientSetup-1b.bin 2012-01-23 03:41 . 2012-01-23 03:23 1565140352 ----a-w- c:\program files (x86)\BPClientSetup-1a.bin 2011-02-15 21:45 . 2011-03-30 00:48 1867776 ----a-w- c:\program files (x86)\LaunchKaros.exe 2011-01-25 22:45 . 2011-03-30 00:48 1583104 ----a-w- c:\program files (x86)\AMo.exe 2011-01-21 04:27 . 2011-03-30 00:48 200704 ----a-w- c:\program files (x86)\Karos_Launcher.dll 2010-09-21 00:20 . 2010-09-21 00:20 726016 ----a-w- c:\program files (x86)\7z.dll 2009-12-12 00:01 . 2011-03-30 00:48 292545 ----a-w- c:\program files (x86)\GameGuard.des 2009-09-09 05:30 . 2011-03-30 00:48 4378632 ----a-w- c:\program files (x86)\D3DX9_40.dll 2009-09-09 05:29 . 2011-03-30 00:48 991752 ----a-w- c:\program files (x86)\dbghelp.dll 2009-09-09 05:29 . 2011-03-30 00:48 484872 ----a-w- c:\program files (x86)\msvcm80.dll 2009-09-09 05:29 . 2011-03-30 00:48 554504 ----a-w- c:\program files (x86)\msvcp80.dll 2009-09-09 05:29 . 2011-03-30 00:48 632328 ----a-w- c:\program files (x86)\msvcr80.dll 2009-09-09 05:28 . 2011-03-30 00:48 101896 ----a-w- c:\program files (x86)\atl80.dll 2009-08-14 19:32 . 2011-03-30 00:48 425984 ----a-w- c:\program files (x86)\WeberForClient.dll 2009-08-14 19:22 . 2011-03-30 00:48 1875968 ----a-w- c:\program files (x86)\WeberForClientD.dll 2009-08-11 04:33 . 2011-03-30 00:48 180224 ----a-w- c:\program files (x86)\HanReportForClient.dll 2009-08-11 04:33 . 2011-03-30 00:48 651264 ----a-w- c:\program files (x86)\HanReportForClientD.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CreativeTaskScheduler"="c:\program files (x86)\Creative\Shared Files\CTSched.exe" [2006-11-17 53341] "Creative Software Update"="c:\program files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" [2009-01-15 430968] "MusicManager"="c:\users\Eganrac\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-05-10 13805568] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-05-17 992648] . c:\users\Eganrac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ CurseClientStartup.ccip [2012-5-11 0] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2011-04-21 23680] R3 ALSysIO;ALSysIO;c:\users\Eganrac\AppData\Local\Temp\ALSysIO64.sys [x] R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-05-19 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-03-03 79360] R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x] R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x] R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x] R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\GameGuard\dump_wmimmc.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 SSMO3v2Filter;MMO3v2 Mouse;c:\windows\system32\drivers\MO3v2Driver.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 BCSWAP;BCSWAP; [x] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-05-17 785344] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x] S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x] S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x] S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x] S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x] S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3997576125-1133855517-1033892153-1000Core.job - c:\users\Eganrac\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-03 05:11] . 2012-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3997576125-1133855517-1033892153-1000UA.job - c:\users\Eganrac\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-03 05:11] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 190472] "Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-14 415752] "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-14 2093064] "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-14 4195848] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-11 1873256] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.0.1 205.171.3.25 FF - ProfilePath - c:\users\Eganrac\AppData\Roaming\Mozilla\Firefox\Profiles\5br2vx7q.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p= FF - Ext: Targeted Advertising Cookie Opt-Out (TACO): optout@dubfire.net - c:\program files (x86)\Mozilla Firefox\extensions\optout@dubfire.net FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - Ext: Update Notifier: {95f24680-9e31-11da-a746-0800200c9a66} - c:\program files (x86)\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66} FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\program files (x86)\Mozilla Firefox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - c:\program files (x86)\Mozilla Firefox\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} FF - Ext: XHTML Mobile Profile: {8ea9957e-2953-402f-80e0-bceb5f169d6f} - %profile%\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f} FF - Ext: wmlbrowser: {c4dc572a-3295-40eb-b30f-b54aa4cdc4b7} - %profile%\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7} FF - Ext: EWOQ Mobile Setup extension: {f035aa18-ee32-4e6e-81d2-57e32867f8a7} - %profile%\extensions\{f035aa18-ee32-4e6e-81d2-57e32867f8a7} FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files (x86)\AVG\AVG2012\Firefox FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF - Ext: FiddlerHook: fiddlerhook@fiddler2.com - c:\program files (x86)\Fiddler2\FiddlerHook FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file) Wow6432Node-HKCU-Run-PlayNC Launcher - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3997576125-1133855517-1033892153-1000\Software\SecuROM\License information*] "datasecu"=hex:7f,79,b0,52,45,47,9e,d0,d6,d9,95,bb,a7,ef,f2,ca,65,56,68,29,d2, cf,c0,00,cb,f3,2f,7f,f2,db,75,25,31,ec,3c,9e,3f,21,3e,f7,27,e6,e7,f0,6b,77,\ "rkeysecu"=hex:b7,86,a4,1d,e9,d1,63,3d,ad,54,a8,46,4c,8b,0d,37 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe c:\windows\SysWOW64\Ctxfihlp.exe c:\program files\Logitech\GamePanel Software\Applets\LCDMedia.exe c:\windows\SysWOW64\CTXFISPI.EXE . ************************************************************************** . Completion time: 2012-05-19 11:35:33 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-19 18:35 . Pre-Run: 36,837,146,624 bytes free Post-Run: 37,807,017,984 bytes free . - - End Of File - - 208A7A661ACF3EE11C6A4A3318CD1CEF
  5. Eganrac1239
    . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30 Run by Eganrac at 15:15:23 on 2012-05-10 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.8172.6144 [GMT -7:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2012\avgrsa.exe C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\WUDFHost.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files (x86)\Creative\Shared Files\CTSched.exe C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe C:\Windows\SysWOW64\Ctxfihlp.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Windows\system32\IProsetMonitor.exe C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe C:\Program Files (x86)\AVG\AVG2012\avgemca.exe C:\Program Files\Windows Media Player\WMPSideShowGadget.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\taskhost.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\sppsvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\SysWOW64\CTXFISPI.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Ventrilo\Ventrilo.exe C:\Users\Eganrac\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Eganrac\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Eganrac\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Eganrac\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Eganrac\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Eganrac\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Eganrac\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Eganrac\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Eganrac\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Eganrac\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\World of Warcraft\Launcher.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.6\youtubedownloaderToolbarIE.dll uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.6\youtubedownloaderToolbarIE.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.6\youtubedownloaderToolbarIE.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [Google Update] "C:\Users\Eganrac\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [CreativeTaskScheduler] "C:\Program Files (x86)\Creative\Shared Files\CTSched.exe" /logon uRun: [PlayNC Launcher] uRun: [Creative Software Update] "C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" /Silent mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [<NO NAME>] mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab TCP: DhcpNameServer = 192.168.0.1 205.171.3.25 TCP: Interfaces\{A4042599-6155-4B2F-AC7B-6E46F7B5B00B} : DhcpNameServer = 192.168.0.1 205.171.3.25 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.6\youtubedownloaderToolbarIE.dll BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.6\youtubedownloaderToolbarIE.dll EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [CTxfiHlp] CTXFIHLP.EXE mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [(Default)] IE-X64: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Eganrac\AppData\Roaming\Mozilla\Firefox\Profiles\5br2vx7q.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p= FF - component: C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll FF - component: C:\Users\Eganrac\AppData\Roaming\Mozilla\Firefox\Profiles\5br2vx7q.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll FF - plugin: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll FF - plugin: C:\Users\Eganrac\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: C:\Users\Eganrac\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - Ext: Targeted Advertising Cookie Opt-Out (TACO): optout@dubfire.net - C:\Program Files (x86)\Mozilla Firefox\extensions\optout@dubfire.net FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - Ext: Update Notifier: {95f24680-9e31-11da-a746-0800200c9a66} - C:\Program Files (x86)\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66} FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - C:\Program Files (x86)\Mozilla Firefox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - C:\Program Files (x86)\Mozilla Firefox\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} FF - Ext: XHTML Mobile Profile: {8ea9957e-2953-402f-80e0-bceb5f169d6f} - %profile%\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f} FF - Ext: wmlbrowser: {c4dc572a-3295-40eb-b30f-b54aa4cdc4b7} - %profile%\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7} FF - Ext: EWOQ Mobile Setup extension: {f035aa18-ee32-4e6e-81d2-57e32867f8a7} - %profile%\extensions\{f035aa18-ee32-4e6e-81d2-57e32867f8a7} FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG2012\Firefox FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF - Ext: FiddlerHook: fiddlerhook@fiddler2.com - C:\Program Files (x86)\Fiddler2\FiddlerHook FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?] R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952] R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-4-23 785304] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776] R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2011-2-25 23680] R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-10 654408] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-4-30 2348352] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?] R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?] R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?] R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?] R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 VaneFltr;Lachesis Mouse Driver;C:\Windows\system32\drivers\Lachesis.sys --> C:\Windows\system32\drivers\Lachesis.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-6-18 401920] S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-5-19 79360] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-3-2 79360] S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?] S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?] S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?] S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 SSMO3v2Filter;MMO3v2 Mouse;C:\Windows\system32\drivers\MO3v2Driver.sys --> C:\Windows\system32\drivers\MO3v2Driver.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 BCSWAP;BCSWAP;C:\Windows\system32\drivers\BCSWAP.sys --> C:\Windows\system32\drivers\BCSWAP.sys [?] . =============== Created Last 30 ================ . 2012-05-10 20:03:04 -------- d-----w- C:\Windows\pss 2012-05-07 22:56:26 -------- d-----w- C:\Users\Eganrac\AppData\Local\Red 5 Studios 2012-05-07 22:03:49 -------- d-----w- C:\Program Files (x86)\Xiph.Org 2012-05-07 22:00:10 -------- d-----w- C:\Program Files (x86)\Red 5 Studios 2012-05-05 16:51:19 -------- d-----w- C:\Program Files (x86)\YouTube Downloader Toolbar 2012-05-05 16:51:19 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot 2012-05-05 16:51:19 -------- d-----w- C:\Program Files (x86)\Application Updater 2012-04-12 16:27:46 -------- d--h--w- C:\$AVG . ==================== Find3M ==================== . 2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-02-29 21:00:22 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll 2012-02-29 21:00:09 6074176 ----a-w- C:\Windows\System32\nvcpl.dll 2012-02-29 20:59:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe 2012-02-29 20:59:47 63296 ----a-w- C:\Windows\System32\nvshext.dll 2012-02-29 20:59:47 118080 ----a-w- C:\Windows\System32\nvmctray.dll 2012-02-29 20:26:56 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2012-01-23 04:31:45 859497 ----a-w- C:\Program Files (x86)\BPClientSetup.exe 2012-01-23 04:31:41 229060345 ----a-w- C:\Program Files (x86)\BPClientSetup-2b.bin 2012-01-23 04:29:26 1566000000 ----a-w- C:\Program Files (x86)\BPClientSetup-2a.bin 2012-01-23 04:14:59 1566000000 ----a-w- C:\Program Files (x86)\BPClientSetup-1c.bin 2012-01-23 03:59:24 1566000000 ----a-w- C:\Program Files (x86)\BPClientSetup-1b.bin 2012-01-23 03:41:32 1565140352 ----a-w- C:\Program Files (x86)\BPClientSetup-1a.bin 2011-02-15 21:45:50 1867776 ----a-w- C:\Program Files (x86)\LaunchKaros.exe 2011-02-09 05:54:46 1088786096 ----a-w- C:\Program Files (x86)\KarosOnline_02_1067.exe 2011-01-25 22:45:06 1583104 ----a-w- C:\Program Files (x86)\AMo.exe 2011-01-21 04:27:36 200704 ----a-w- C:\Program Files (x86)\Karos_Launcher.dll 2010-09-21 00:20:04 726016 ----a-w- C:\Program Files (x86)\7z.dll 2009-12-12 00:01:00 292545 ----a-w- C:\Program Files (x86)\GameGuard.des 2009-09-09 05:30:08 4378632 ----a-w- C:\Program Files (x86)\D3DX9_40.dll 2009-09-09 05:29:54 991752 ----a-w- C:\Program Files (x86)\dbghelp.dll 2009-09-09 05:29:36 484872 ----a-w- C:\Program Files (x86)\msvcm80.dll 2009-09-09 05:29:18 554504 ----a-w- C:\Program Files (x86)\msvcp80.dll 2009-09-09 05:29:02 632328 ----a-w- C:\Program Files (x86)\msvcr80.dll 2009-09-09 05:28:00 101896 ----a-w- C:\Program Files (x86)\atl80.dll 2009-08-14 19:32:08 425984 ----a-w- C:\Program Files (x86)\WeberForClient.dll 2009-08-14 19:22:22 1875968 ----a-w- C:\Program Files (x86)\WeberForClientD.dll 2009-08-11 04:33:46 180224 ----a-w- C:\Program Files (x86)\HanReportForClient.dll 2009-08-11 04:33:44 651264 ----a-w- C:\Program Files (x86)\HanReportForClientD.dll . ============= FINISH: 15:16:23.13 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 1/7/2005 8:20:43 AM System Uptime: 5/10/2012 3:10:56 PM (0 hours ago) . Motherboard: ASUSTeK Computer INC. | | P8P67 PRO Processor: Intel® Core i5-2500K CPU @ 3.30GHz | LGA1155 | 3301/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 466 GiB total, 53.278 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Photosmart D110 series Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Photosmart D110 series PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . Class GUID: Description: PCI Simple Communications Controller Device ID: PCI\VEN_8086&DEV_1C3A&SUBSYS_844D1043&REV_04\3&11583659&0&B0 Manufacturer: Name: PCI Simple Communications Controller PNP Device ID: PCI\VEN_8086&DEV_1C3A&SUBSYS_844D1043&REV_04\3&11583659&0&B0 Service: . Class GUID: Description: Device ID: USB\VID_0CF3&PID_3000\6&F57D961&0&7 Manufacturer: Name: PNP Device ID: USB\VID_0CF3&PID_3000\6&F57D961&0&7 Service: . Class GUID: Description: Universal Serial Bus (USB) Controller Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_03\4&12102E1&0&00E4 Manufacturer: Name: Universal Serial Bus (USB) Controller PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_03\4&12102E1&0&00E4 Service: . Class GUID: Description: SM Bus Controller Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_844D1043&REV_04\3&11583659&0&FB Manufacturer: Name: SM Bus Controller PNP Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_844D1043&REV_04\3&11583659&0&FB Service: . Class GUID: Description: Universal Serial Bus (USB) Controller Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_03\4&1E524C1D&0&00E1 Manufacturer: Name: Universal Serial Bus (USB) Controller PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_03\4&1E524C1D&0&00E1 Service: . ==== System Restore Points =================== . RP145: 5/9/2012 2:34:43 AM - Scheduled Checkpoint . ==== Installed Programs ====================== . Adobe Flash Player 10 Plugin Adobe Reader X (10.1.0) Adobe Shockwave Player 11.5 Aion Alice Madness Returns Amazon Games & Software Downloader And Yet It Moves 1.2.0 Apple Application Support Apple Software Update Aquaria Assassin's Creed Assassin's Creed II Atom Zombie Smasher µTorrent Audiosurf Avid Codecs LE Batman: Arkham Asylum GOTY Edition BCWipe 3.0 Beat Hazard BioShock Black Prophecy Braid BufferChm Charles Cogs Crayon Physics Deluxe version 55 Creative ALchemy Creative Audio Control Panel Creative Console Launcher Creative MediaSource 5 Creative Software AutoUpdate Creative Sound Blaster Properties x64 Edition Creative WaveStudio 7 CrimeCraft GangWars Curse Client D110 Day of Defeat: Source Destinations DeviceDiscovery Diablo III Beta Dota 2 Dragonsphere EasyBits GO EVEREST Ultimate Edition Fallout Fiddler2 FINAL FANTASY XI: Chains of Promathia FINAL FANTASY XI: Rise of the Zilart FINAL FANTASY XI: Treasures of Aht Urhgan FINAL FANTASY XI: Wings of the Goddess Gish Global Agenda Launcher GOM Player GOMTV Streamer Google Chrome Google Talk Plugin HandBrake 0.9.5 Hellgate HPAppStudio HPPhotoGadget ioquake3 Java Auto Updater Java 6 Update 22 Java 6 Update 30 KarosOnline Killing Floor LastPass (uninstall only) League of Legends Magicka Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft Games for Windows - LIVE Microsoft Games for Windows - LIVE Redistributable Microsoft Office Excel Viewer Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft XNA Framework Redistributable 3.1 Microsoft XNA Framework Redistributable 4.0 mIRC Mozilla Firefox (en-US) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mumble 1.2.3 Music Manager NCsoft Launcher Need For Speed™ World NVIDIA PhysX NVIDIA Stereoscopic 3D Driver OpenAL OpenOffice.org 3.3 Orcs Must Die! Origin Pando Media Booster Plants vs. Zombies: Game of the Year Pokemon World Online version 1.73 Portal 2 PS_AIO_07_D110_SW_Min Quake III Arena QuickPar 0.9 QuickTime QuickTransfer Revenge of the Titans RIFT Saints Row: The Third Scan Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Sequence Skype Toolbars Skype™ 5.3 SmartWebPrinting Spiral Knights Spotify Star Wars: The Old Republic StarCraft II Status Steam Steel Storm - Burning Retribution (remove only) System Requirements Lab CYRI Team Fortress 2 Terraria The Elder Scrolls V: Skyrim Toolbox TrayApp Treasure Adventure Game Ubisoft Game Launcher Ultima 4 - Quest of the Avatar Unity Web Player Universal Extractor 1.6 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Visual Studio 2008 x64 Redistributables VLC media player 1.1.9 VVVVVV version 2.0 WebReg Win7codecs World of Warcraft World of Warcraft Beta World of Warcraft Public Test Worms Ultimate Mayhem Xiph.Org Open Codecs 0.85.17777 YouTube Downloader 3.4 YouTube Downloader Toolbar v5.6 . ==== Event Viewer Messages From Past Week ======== . 5/10/2012 12:24:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Hi-Rez Studios Authenticate and Update Service service to connect. 5/10/2012 12:24:10 PM, Error: Service Control Manager [7000] - The Hi-Rez Studios Authenticate and Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File =========================== Hope these help! DDS.txt Attach DDS.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.