Jump to content

battleconvention

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

 Content Type 

Everything posted by battleconvention

  1. battleconvention
    Thanks Maurice, I think I will just play it safe and nuke from orbit. Cheers.
  2. battleconvention
    Attach.txt ============================ . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 1/14/2012 7:19:21 PM System Uptime: 6/7/2012 5:10:16 PM (0 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | Z68X-UD5-B3 Processor: Intel® Core i5-2500K CPU @ 3.30GHz | Socket 1155 | 3292/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 119 GiB total, 54.191 GiB free. D: is FIXED (NTFS) - 931 GiB total, 670.863 GiB free. E: is CDROM () G: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: SM Bus Controller Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_50011458&REV_05\3&13C0B0C5&0&FB Manufacturer: Name: SM Bus Controller PNP Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_50011458&REV_05\3&13C0B0C5&0&FB Service: . Class GUID: Description: Universal Serial Bus (USB) Controller Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_50071458&REV_03\4&18803EC9&0&00E4 Manufacturer: Name: Universal Serial Bus (USB) Controller PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_50071458&REV_03\4&18803EC9&0&00E4 Service: . ==== System Restore Points =================== . RP124: 6/6/2012 10:42:22 PM - Installed GiPo@MoveOnBoot 1.9.5 RP125: 6/6/2012 11:20:59 PM - Removed GiPo@MoveOnBoot 1.9.5 . ==== Installed Programs ====================== . . ARMA 2 Operation Arrowhead Uninstall ArmA 2 Uninstall Battlefield 3™ BattlEye Uninstall Call of Pripyat Complete v1.0.2 Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Counter-Strike: Source Crystal Reports for Visual Studio Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Deus Ex: Human Revolution - The Missing Link Diablo III Driver Sweeper version 3.2.0 Endless Space ESET Online Scanner v3 ESN Sonar Google Chrome Grand Theft Auto IV Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2522890) Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2529927) Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2542054) Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2548139) Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2549864) Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2635973) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233) Java Auto Updater Java 7 Update 4 Left 4 Dead 2 Malwarebytes Anti-Malware version 1.61.0.1400 Max Payne 2: The Fall of Max Payne Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Application Error Reporting Microsoft ASP.NET MVC 2 Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools Microsoft Games for Windows - LIVE Redistributable Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight 3 SDK Microsoft Silverlight 4 SDK Microsoft SQL Server 2008 R2 Data-Tier Application Framework Microsoft SQL Server 2008 R2 Data-Tier Application Project Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server 2008 R2 Transact-SQL Language Service Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Database Publishing Wizard 1.4 Microsoft SQL Server System CLR Types Microsoft Sync Framework SDK v1.0 SP1 Microsoft Visual C++ Compilers 2010 Standard - enu - x86 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 Microsoft Visual F# 2.0 Runtime Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft Visual Studio 2010 Service Pack 1 Microsoft Visual Studio 2010 Ultimate - ENU Microsoft Visual Studio Macro Tools Morrowind AnimKit 2.1 (remove only) Mumble 1.2.3 Notepad++ NVIDIA PhysX NVIDIA Stereoscopic 3D Driver Origin Planescape Torment Python Tools for Visual Studio Realtek Ethernet Controller Driver Realtek High Definition Audio Driver REALTEK Wireless LAN Driver and Utility Rockstar Games Social Club S.T.A.L.K.E.R.: Call of Pripyat Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2644980) Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2645410) Security Update for Microsoft Visual Studio Macro Tools (KB2669970) Serious Sam 3: BFE Steam Team Fortress 2 TeamSpeak 3 Client The Elder Scrolls III: Morrowind The Elder Scrolls V: Skyrim The Witcher 2 The Witcher: Enhanced Edition Thief Gold Torchlight Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition VirtualCloneDrive Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU VLC media player 2.0.1 WCF RIA Services V1.0 SP1 . ==== Event Viewer Messages From Past Week ======== . 6/7/2012 5:07:18 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 6/7/2012 5:07:06 PM, Error: Application Popup [1060] - \??\C:\Combo-Fix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 6/7/2012 4:42:50 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 6/7/2012 4:40:33 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 6/7/2012 4:40:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 6/7/2012 4:40:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 6/7/2012 4:40:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 6/7/2012 4:40:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 6/7/2012 4:40:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ElbyCDIO MpFilter spldr Wanarpv6 6/7/2012 4:31:41 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 6/7/2012 4:18:10 PM, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s). 6/6/2012 9:29:21 PM, Error: Service Control Manager [7023] - The Microsoft Antimalware Service service terminated with the following error: %%-2147023878 6/6/2012 9:29:20 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found. 6/6/2012 9:27:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 6/6/2012 9:27:52 PM, Error: Application Popup [1060] - \??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 6/6/2012 9:26:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Application Experience service, but this action failed with the following error: An instance of the service is already running. 6/6/2012 9:26:27 PM, Error: Service Control Manager [7005] - The LoadUserProfile call failed with the following error: The RPC server is unavailable. 6/6/2012 9:25:53 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/6/2012 9:25:53 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/6/2012 9:25:53 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/6/2012 9:25:53 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/6/2012 9:25:53 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/6/2012 9:25:53 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/6/2012 9:25:53 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/6/2012 9:25:53 PM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/6/2012 9:25:53 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/6/2012 9:25:53 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/6/2012 9:25:53 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/6/2012 9:25:53 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/6/2012 9:25:53 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/6/2012 9:24:28 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 6/6/2012 9:24:28 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 6/6/2012 9:24:22 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 6/6/2012 9:24:21 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 6/6/2012 9:24:21 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 6/6/2012 9:22:16 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s). 6/6/2012 8:03:29 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running. 6/6/2012 8:02:29 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error: An instance of the service is already running. 6/6/2012 8:01:43 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 6/6/2012 8:01:43 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/6/2012 8:01:29 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s). 6/6/2012 8:01:29 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/6/2012 8:01:29 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/6/2012 7:56:25 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s). 6/6/2012 7:56:25 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 6/6/2012 7:56:25 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/6/2012 7:55:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} . ==== End Of File ===========================
  3. battleconvention
    DDS.txt =============== . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.0 Run by Administrator at 17:30:56 on 2012-06-07 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8175.6485 [GMT -4:00] . AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\SDK\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\SDK\Java\jre7\bin\jp2ssv.dll BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll mRun: [VirtualCloneDrive] "C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe" /s mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll LSP: mswsock.dll TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{1C0CDC4B-6030-44ED-AFDD-E1642EF5B5DB} : DhcpNameServer = 192.168.137.1 TCP: Interfaces\{24449817-EC1D-43A2-8048-1FD7B8FF55A5} : DhcpNameServer = 75.75.75.75 75.75.76.76 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\SDK\Java\jre7\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\SDK\Java\jre7\bin\jp2ssv.dll BHO-X64: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe" /s mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-4-6 1262400] R2 Realtek11nSU;Realtek11nSU;C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2012-2-2 36864] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-8 382272] R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S1 cwicqzyc;cwicqzyc;\??\C:\Windows\system32\drivers\cwicqzyc.sys --> C:\Windows\system32\drivers\cwicqzyc.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] SUnknown szibgdku;szibgdku; [x] . =============== Created Last 30 ================ . 2012-06-07 21:14:01 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-07 21:14:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-07 21:11:36 50000 ----a-w- C:\Windows\System32\drivers\cwicqzyc.sys 2012-06-07 21:10:53 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AA0849C3-4A69-42D6-91E9-7297C3D012D9}\offreg.dll 2012-06-07 21:10:46 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AA0849C3-4A69-42D6-91E9-7297C3D012D9}\mpengine.dll 2012-06-07 21:10:23 -------- d-sh--w- C:\$RECYCLE.BIN 2012-06-07 17:16:47 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-06-07 17:16:46 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5B20673A-1486-488B-9F35-AE442B51D755}\mpengine.dll 2012-06-07 01:26:00 98816 ----a-w- C:\Windows\sed.exe 2012-06-07 01:26:00 518144 ----a-w- C:\Windows\SWREG.exe 2012-06-07 01:26:00 256000 ----a-w- C:\Windows\PEV.exe 2012-06-07 01:26:00 208896 ----a-w- C:\Windows\MBR.exe 2012-06-06 22:30:23 -------- d-----w- C:\Program Files (x86)\ESET 2012-06-06 22:10:25 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Malwarebytes 2012-06-06 22:10:06 -------- d-----w- C:\ProgramData\Malwarebytes 2012-06-06 21:56:06 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Bitcoin 2012-06-06 21:29:43 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FC46EB50-1D19-4B67-8E0E-7655C1A9195A}\gapaengine.dll 2012-06-06 21:28:46 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2012-06-06 21:28:45 -------- d-----w- C:\Program Files\Microsoft Security Client 2012-06-06 21:11:53 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-06-04 16:22:46 -------- d-----w- C:\Users\Administrator\AppData\Local\Chromium 2012-06-04 16:20:42 -------- d-----w- C:\Program Files (x86)\Rockstar Games 2012-05-30 22:00:49 -------- d-----w- C:\Users\Administrator\android-sdks 2012-05-30 22:00:28 -------- d-----w- C:\Users\Administrator\.android 2012-05-20 01:13:36 -------- d-----w- C:\Users\Administrator\AppData\Roaming\.doomseeker 2012-05-19 23:59:53 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-05-19 23:59:53 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-05-19 15:07:47 -------- d-----w- C:\Users\Administrator\AppData\Local\ArmA 2 OA 2012-05-19 00:50:48 -------- d-----w- C:\Users\Administrator\AppData\Local\ArmA 2 2012-05-16 16:35:33 -------- d-----w- C:\Users\Administrator\AppData\Roaming\NVIDIA 2012-05-15 22:18:29 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Mumble 2012-05-15 22:18:29 -------- d-----w- C:\Users\Administrator\AppData\Local\Mumble 2012-05-15 22:18:10 -------- d-----w- C:\Program Files (x86)\Mumble 2012-05-14 23:21:39 -------- d-----w- C:\ProgramData\VS 2012-05-14 03:02:11 -------- d-----w- C:\Users\Administrator\AppData\Roaming\xpce 2012-05-13 01:11:44 -------- d-----w- C:\Users\Administrator\AppData\Local\Runic Games 2012-05-10 12:46:14 902656 ----a-w- C:\Windows\System32\d2d1.dll 2012-05-10 12:46:14 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2012-05-10 12:46:14 1139200 ----a-w- C:\Windows\System32\FntCache.dll 2012-05-10 02:20:02 2871808 ----a-w- C:\Windows\explorer.exe 2012-05-10 02:20:02 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe 2012-05-10 02:20:00 509952 ----a-w- C:\Windows\System32\ntshrui.dll 2012-05-10 02:20:00 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll 2012-05-10 00:31:29 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8 2012-05-10 00:31:11 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services 2012-05-10 00:30:57 -------- d-----w- C:\Users\Administrator\AppData\Local\Microsoft Help 2012-05-09 19:15:09 -------- d-----w- C:\Users\Administrator\.idlerc 2012-05-09 00:26:20 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe . ==================== Find3M ==================== . 2012-05-30 21:36:05 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll 2012-05-30 21:36:05 660368 ----a-w- C:\Windows\System32\deployJava1.dll 2012-05-12 15:02:23 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-05-12 15:02:23 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-05-12 14:58:51 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2012-05-09 03:54:41 889664 ----a-w- C:\Windows\System32\nvvsvc.exe 2012-05-09 03:54:35 63296 ----a-w- C:\Windows\System32\nvshext.dll 2012-05-09 03:54:35 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll 2012-05-09 03:54:35 118080 ----a-w- C:\Windows\System32\nvmctray.dll 2012-05-09 03:54:30 2619385 ----a-w- C:\Windows\System32\nvcoproc.bin 2012-05-09 03:54:02 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll 2012-05-09 03:41:06 6151488 ----a-w- C:\Windows\System32\nvcpl.dll 2012-04-18 17:08:08 31040 ----a-w- C:\Windows\System32\nvhdap64.dll 2012-04-18 17:08:03 188736 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys 2012-04-18 17:08:02 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll 2012-04-11 03:24:50 2987520 ----a-w- C:\Windows\System32\python27.dll 2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys 2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-03-21 00:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2012-03-21 00:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys 2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys . ============= FINISH: 17:31:06.49 ===============
  4. battleconvention
    I successfully removed half of this trojan, specifically the part residing in C:/Windows/Installer/, but two pesky files keep coming back every reboot: C:/Windows/assembly/GAC_32/Desktop.ini C:/Windows/assembly/GAC_64/Desktop.ini MalwareBytes can't find anything malicious: ============================================ Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.07.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Administrator :: VALHALLA [administrator] Protection: Disabled 6/7/2012 5:23:42 PM mbam-log-2012-06-07 (17-23-42).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 224521 Time elapsed: 20 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ====================================== Avira finds the two files every reboot, seems like it can't delete them: ========================== Avira Free Antivirus Report file date: Wednesday, June 06, 2012 22:24 Scanning for 3802583 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available. Licensee : Avira AntiVir Personal - Free Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows 7 Ultimate Windows version : (Service Pack 1) [6.1.7601] Boot mode : Normally booted Username : Administrator Computer name : VALHALLA Version information: BUILD.DAT : 12.0.0.1125 41829 Bytes 5/2/2012 17:40:00 AVSCAN.EXE : 12.3.0.15 466896 Bytes 5/2/2012 04:48:51 AVSCAN.DLL : 12.3.0.15 54736 Bytes 5/2/2012 19:31:39 LUKE.DLL : 12.3.0.15 68304 Bytes 5/2/2012 05:31:47 AVSCPLR.DLL : 12.3.0.14 97032 Bytes 5/2/2012 04:13:36 AVREG.DLL : 12.3.0.17 232200 Bytes 6/7/2012 00:14:08 VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 00:18:34 VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 05:23:21 VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 05:32:24 VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 15:58:50 VBASE004.VDF : 7.11.26.44 4329472 Bytes 3/28/2012 16:43:53 VBASE005.VDF : 7.11.29.136 2166272 Bytes 5/10/2012 00:13:52 VBASE006.VDF : 7.11.29.137 2048 Bytes 5/10/2012 00:13:52 VBASE007.VDF : 7.11.29.138 2048 Bytes 5/10/2012 00:13:53 VBASE008.VDF : 7.11.29.139 2048 Bytes 5/10/2012 00:13:53 VBASE009.VDF : 7.11.29.140 2048 Bytes 5/10/2012 00:13:53 VBASE010.VDF : 7.11.29.141 2048 Bytes 5/10/2012 00:13:53 VBASE011.VDF : 7.11.29.142 2048 Bytes 5/10/2012 00:13:53 VBASE012.VDF : 7.11.29.143 2048 Bytes 5/10/2012 00:13:53 VBASE013.VDF : 7.11.29.144 2048 Bytes 5/10/2012 00:13:53 VBASE014.VDF : 7.11.30.3 198144 Bytes 5/14/2012 00:13:54 VBASE015.VDF : 7.11.30.69 186368 Bytes 5/17/2012 00:13:54 VBASE016.VDF : 7.11.30.143 223744 Bytes 5/21/2012 00:13:55 VBASE017.VDF : 7.11.30.207 287744 Bytes 5/23/2012 00:13:55 VBASE018.VDF : 7.11.31.57 188416 Bytes 5/28/2012 00:13:55 VBASE019.VDF : 7.11.31.111 214528 Bytes 5/30/2012 00:13:56 VBASE020.VDF : 7.11.31.151 116736 Bytes 5/31/2012 00:13:56 VBASE021.VDF : 7.11.31.205 134144 Bytes 6/3/2012 00:13:56 VBASE022.VDF : 7.11.32.9 169472 Bytes 6/5/2012 00:13:58 VBASE023.VDF : 7.11.32.10 2048 Bytes 6/5/2012 00:13:58 VBASE024.VDF : 7.11.32.11 2048 Bytes 6/5/2012 00:13:58 VBASE025.VDF : 7.11.32.12 2048 Bytes 6/5/2012 00:13:58 VBASE026.VDF : 7.11.32.13 2048 Bytes 6/5/2012 00:13:58 VBASE027.VDF : 7.11.32.14 2048 Bytes 6/5/2012 00:13:58 VBASE028.VDF : 7.11.32.15 2048 Bytes 6/5/2012 00:13:58 VBASE029.VDF : 7.11.32.16 2048 Bytes 6/5/2012 00:13:58 VBASE030.VDF : 7.11.32.17 2048 Bytes 6/5/2012 00:13:58 VBASE031.VDF : 7.11.32.42 66048 Bytes 6/6/2012 00:13:59 Engine version : 8.2.10.80 AEVDF.DLL : 8.1.2.8 106867 Bytes 6/7/2012 00:14:07 AESCRIPT.DLL : 8.1.4.24 450939 Bytes 6/7/2012 00:14:07 AESCN.DLL : 8.1.8.2 131444 Bytes 2/16/2012 22:11:36 AESBX.DLL : 8.2.5.10 606580 Bytes 6/7/2012 00:14:07 AERDL.DLL : 8.1.9.15 639348 Bytes 1/21/2012 05:22:40 AEPACK.DLL : 8.2.16.16 807288 Bytes 6/7/2012 00:14:06 AEOFFICE.DLL : 8.1.2.28 201082 Bytes 4/26/2012 22:41:32 AEHEUR.DLL : 8.1.4.36 4874615 Bytes 6/7/2012 00:14:04 AEHELP.DLL : 8.1.21.0 254326 Bytes 6/7/2012 00:14:01 AEGEN.DLL : 8.1.5.28 422260 Bytes 4/26/2012 22:41:31 AEEXP.DLL : 8.1.0.44 82293 Bytes 6/7/2012 00:14:08 AEEMU.DLL : 8.1.3.0 393589 Bytes 1/21/2012 05:22:36 AECORE.DLL : 8.1.25.10 201080 Bytes 6/7/2012 00:14:01 AEBB.DLL : 8.1.1.0 53618 Bytes 1/21/2012 05:22:35 AVWINLL.DLL : 12.3.0.15 27344 Bytes 5/2/2012 04:59:21 AVPREF.DLL : 12.3.0.15 51920 Bytes 5/2/2012 04:44:31 AVREP.DLL : 12.3.0.15 179208 Bytes 5/2/2012 04:13:35 AVARKT.DLL : 12.3.0.15 211408 Bytes 5/2/2012 04:21:32 AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 5/2/2012 04:28:49 SQLITE3.DLL : 3.7.0.1 398288 Bytes 4/17/2012 03:11:02 AVSMTP.DLL : 12.3.0.15 63440 Bytes 5/2/2012 04:51:35 NETNT.DLL : 12.3.0.15 17104 Bytes 5/2/2012 05:33:29 RCIMAGE.DLL : 12.3.0.15 4450000 Bytes 5/2/2012 06:03:52 RCTEXT.DLL : 12.3.0.15 96720 Bytes 5/2/2012 19:40:44 Configuration settings for the scan: Jobname.............................: Quick system scan Configuration file..................: C:\program files (x86)\avira\antivir desktop\quicksysscan.avp Logging.............................: default Primary action......................: Interactive Secondary action....................: Ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: off Integrity checking of system files..: off Scan all files......................: Intelligent file selection Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: extended Start of the scan: Wednesday, June 06, 2012 22:24 Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'daemonu.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'VCDDaemon.exe' - '1' Module(s) have been scanned Scan process 'RtWlan.exe' - '1' Module(s) have been scanned Scan process 'RtlService.exe' - '1' Module(s) have been scanned Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'nvSCPAPISvr.exe' - '1' Module(s) have been scanned Starting to scan executable files (registry). C:\Program Files (x86)\VirtualCloneDrive\vcd-uninst.exe [WARNING] Invalid compressed data The registry was scanned ( '1539' files ). Starting the file scan: Begin scan in 'C:\Users\Administrator' C:\Users\Administrator\AppData\Local\Runic Games\b57cf3980b0a950fe29402e835a37ad35ea6fe3a.patchmanifest [WARNING] The file is password protected C:\Users\Administrator\AppData\Local\Runic Games\downloader.bundle [WARNING] The file is password protected C:\Users\Administrator\AppData\Local\Runic Games\ebcc9bf2230ce2822f7d305b5b4eca2a07a8ee0a.patchmanifest [WARNING] The file is password protected C:\Users\Administrator\AppData\Local\Runic Games\launcher.bundle [WARNING] The file is password protected C:\Users\Administrator\AppData\Local\Runic Games\patcher.bundle [WARNING] The file is password protected C:\Users\Administrator\Documents\asc.asc [WARNING] The archive is password protected Begin scan in 'C:\Windows' C:\Windows\assembly\GAC_32\Desktop.ini [DETECTION] Is the TR/ATRAPS.Gen2 Trojan C:\Windows\assembly\GAC_64\Desktop.ini [DETECTION] Is the TR/ATRAPS.Gen2 Trojan Begin scan in 'C:\Users\' C:\Users\Administrator\AppData\Local\Runic Games\b57cf3980b0a950fe29402e835a37ad35ea6fe3a.patchmanifest [WARNING] The file is password protected C:\Users\Administrator\AppData\Local\Runic Games\downloader.bundle [WARNING] The file is password protected C:\Users\Administrator\AppData\Local\Runic Games\ebcc9bf2230ce2822f7d305b5b4eca2a07a8ee0a.patchmanifest [WARNING] The file is password protected C:\Users\Administrator\AppData\Local\Runic Games\launcher.bundle [WARNING] The file is password protected C:\Users\Administrator\AppData\Local\Runic Games\patcher.bundle [WARNING] The file is password protected C:\Users\Administrator\Documents\asc.asc [WARNING] The archive is password protected Begin scan in 'C:\Program Files (x86)' C:\Program Files (x86)\VirtualCloneDrive\vcd-uninst.exe [WARNING] Invalid compressed data Beginning disinfection: C:\Windows\assembly\GAC_64\Desktop.ini [DETECTION] Is the TR/ATRAPS.Gen2 Trojan [WARNING] The file could not be copied to quarantine! [WARNING] The file could not be deleted! [NOTE] For the final repair, a restart of the computer is instigated. [NOTE] The file is scheduled for deleting after reboot. [NOTE] For the final repair, a restart of the computer is instigated. C:\Windows\assembly\GAC_32\Desktop.ini [DETECTION] Is the TR/ATRAPS.Gen2 Trojan [WARNING] The file could not be copied to quarantine! [WARNING] The file could not be deleted! [NOTE] For the final repair, a restart of the computer is instigated. [NOTE] The file is scheduled for deleting after reboot. [NOTE] For the final repair, a restart of the computer is instigated.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.