Jump to content

ahhitsrain

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

 Content Type 

Posts posted by ahhitsrain

    scvhost.exe infected?

    in Resolved Malware Removal Logs

    Posted

    Results of screen317's Security Check version 0.99.56

    Windows 7 Service Pack 1 x64 (UAC is disabled!)

    Internet Explorer 9

    ``````````````Antivirus/Firewall Check:``````````````

    Windows Firewall Enabled!

    Windows Firewall Disabled!

    Kaspersky Internet Security

    Antivirus up to date!

    `````````Anti-malware/Other Utilities Check:`````````

    Spybot - Search & Destroy

    Malwarebytes Anti-Malware version 1.70.0.1100

    Java 6 Update 31

    Java version out of Date!

    Adobe Flash Player 11.5.502.146

    Adobe Reader 10.1.3 Adobe Reader out of Date!

    Mozilla Firefox (17.0.1)

    Google Chrome 21.0.1180.83

    Google Chrome 21.0.1180.89

    Google Chrome 22.0.1229.79

    Google Chrome 22.0.1229.92

    Google Chrome 22.0.1229.94

    Google Chrome 23.0.1271.64

    Google Chrome 23.0.1271.91

    Google Chrome 23.0.1271.95

    Google Chrome 23.0.1271.97

    ````````Process Check: objlist.exe by Laurent````````

    Malwarebytes Anti-Malware mbamservice.exe

    Malwarebytes Anti-Malware mbamgui.exe

    Kaspersky Lab Kaspersky Internet Security 2012 avp.exe

    Kaspersky Lab Kaspersky Internet Security 2012 x64 klwtblfs.exe

    `````````````````System Health check`````````````````

    Total Fragmentation on Drive C: 35% Defragment your hard drive soon! (Do NOT defrag if SSD!)

    ````````````````````End of Log``````````````````````

    scvhost.exe infected?

    in Resolved Malware Removal Logs

    Posted

    The scan has came out clean so it seems

    # AdwCleaner v2.105 - Logfile created 01/10/2013 at 00:08:20

    # Updated 08/01/2013 by Xplode

    # Operating system : Windows 7 Professional Service Pack 1 (64 bits)

    # User : Haro - HARO-PC

    # Boot Mode : Normal

    # Running from : C:\Users\Haro\Desktop\adwcleaner.exe

    # Option [search]

    ***** [services] *****

    ***** [Files / Folders] *****

    ***** [Registry] *****

    ***** [internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16455

    [OK] Registry is clean.

    -\\ Mozilla Firefox v17.0.1 (en-US)

    File : C:\Users\Haro\AppData\Roaming\Mozilla\Firefox\Profiles\05bek29r.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v23.0.1271.97

    File : C:\Users\Haro\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [805 octets] - [10/01/2013 00:08:20]

    ########## EOF - C:\AdwCleaner[R1].txt - [864 octets] ##########

    scvhost.exe infected?

    in Resolved Malware Removal Logs

    Posted

    <p> </p>

    <div>ComboFix 13-01-08.01 - Haro 09/01/2013  23:48:37.1.4 - x64</div>

    <div>Microsoft Windows 7 Professional   6.1.7601.1.1252.61.1033.18.8169.6452 [GMT 8:00]</div>

    <div>Running from: c:\users\Haro\Desktop\ComboFix.exe</div>

    <div>AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}</div>

    <div>FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}</div>

    <div>SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}</div>

    <div>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div>

    <div>.</div>

    <div>.</div>

    <div>(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))</div>

    <div>.</div>

    <div>.</div>

    <div>c:\programdata\DynuEncrypt.dll</div>

    <div>c:\users\Haro\AppData\Local\Temp\6bfc9bc0-9abb-43d6-a2d8-63788b3d3ecb\CliSecureRT64.dll</div>

    <div>.</div>

    <div>.</div>

    <div>(((((((((((((((((((((((((   Files Created from 2012-12-09 to 2013-01-09  )))))))))))))))))))))))))))))))</div>

    <div>.</div>

    <div>.</div>

    <div>2013-01-09 15:51 . 2013-01-09 15:51<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Default\AppData\Local\temp</div>

    <div>2013-01-09 13:15 . 2013-01-09 13:15<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\TDSSKiller_Quarantine</div>

    <div>2013-01-08 08:24 . 2012-08-21 05:01<span class="Apple-tab-span" style="white-space:pre"> </span>33240<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\GEARAspiWDM.sys</div>

    <div>2013-01-08 08:24 . 2013-01-08 08:24<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69</div>

    <div>2013-01-08 08:24 . 2013-01-08 08:24<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\iTunes</div>

    <div>2013-01-08 08:24 . 2013-01-08 08:24<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\iTunes</div>

    <div>2013-01-08 08:24 . 2013-01-08 08:24<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\iPod</div>

    <div>2013-01-05 13:58 . 2013-01-05 13:58<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\PCHEALTH</div>

    <div>2013-01-05 13:56 . 2013-01-05 13:56<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Microsoft Office</div>

    <div>2013-01-05 13:56 . 2013-01-05 13:56<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Microsoft Analysis Services</div>

    <div>2013-01-05 13:55 . 2013-01-05 13:55<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----r-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\MSOCache</div>

    <div>2013-01-03 03:48 . 2013-01-09 15:51<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Haro\AppData\Local\PMB Files</div>

    <div>2013-01-03 03:48 . 2013-01-08 10:55<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\PMB Files</div>

    <div>2012-12-25 04:46 . 2012-12-25 04:46<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Microsoft XNA</div>

    <div>2012-12-23 14:54 . 2012-12-23 14:54<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Haro\.swt</div>

    <div>2012-12-20 04:24 . 2012-12-20 04:24<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\NVIDIA Corporation</div>

    <div>2012-12-17 23:48 . 2012-12-17 23:48<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\ATI</div>

    <div>2012-12-17 23:48 . 2012-12-17 23:48<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\AMD APP</div>

    <div>2012-12-17 06:44 . 2012-12-17 06:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Haro\AppData\Local\Macromedia</div>

    <div>2012-12-17 06:42 . 2012-12-17 06:42<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Haro\AppData\Local\Mozilla</div>

    <div>2012-12-17 06:42 . 2012-12-17 06:42<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Mozilla Maintenance Service</div>

    <div>2012-12-12 03:29 . 2012-12-12 03:29<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Common Files\Skype</div>

    <div>.</div>

    <div>.</div>

    <div>.</div>

    <div>((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))</div>

    <div>.</div>

    <div>2013-01-09 08:42 . 2012-04-22 08:02<span class="Apple-tab-span" style="white-space:pre"> </span>74248<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\FlashPlayerCPLApp.cpl</div>

    <div>2013-01-09 08:42 . 2012-04-22 08:02<span class="Apple-tab-span" style="white-space:pre"> </span>697864<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\FlashPlayerApp.exe</div>

    <div>2012-12-14 08:49 . 2012-10-21 03:28<span class="Apple-tab-span" style="white-space:pre"> </span>24176<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div>

    <div>2012-10-30 16:05 . 2012-10-30 16:05<span class="Apple-tab-span" style="white-space:pre"> </span>821736<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\npDeployJava1.dll</div>

    <div>2012-10-30 16:05 . 2012-04-18 11:30<span class="Apple-tab-span" style="white-space:pre"> </span>746984<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\deployJava1.dll</div>

    <div>2012-10-30 14:03 . 2012-04-18 02:57<span class="Apple-tab-span" style="white-space:pre"> </span>637272<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\klif.sys</div>

    <div>2012-10-29 13:04 . 2012-08-08 04:24<span class="Apple-tab-span" style="white-space:pre"> </span>66395536<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\MRT.exe</div>

    <div>2012-10-18 18:25 . 2012-11-17 01:12<span class="Apple-tab-span" style="white-space:pre"> </span>3149824<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\win32k.sys</div>

    <div>.</div>

    <div>.</div>

    <div>(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))</div>

    <div>.</div>

    <div>.</div>

    <div>*Note* empty entries & legit default entries are not shown </div>

    <div>REGEDIT4</div>

    <div>.</div>

    <div>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>

    <div>"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]</div>

    <div>"c:\program files (x86)\NetMeter\NetMeter.exe"="c:\program files (x86)\NetMeter\NetMeter.exe" [2009-08-09 293888]</div>

    <div>"SteelSeries Engine"="c:\program files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe" [2012-07-04 235520]</div>

    <div>"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]</div>

    <div>"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-01-03 3093624]</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]</div>

    <div>"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]</div>

    <div>"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]</div>

    <div>"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-10-30 206448]</div>

    <div>"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]</div>

    <div>"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]</div>

    <div>"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]</div>

    <div>"Z1"="c:\users\Haro\Desktop\mbar-1.01.0.1011 (1)\mbar\mbar.exe" [2013-01-09 1342312]</div>

    <div>.</div>

    <div>c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\</div>

    <div>LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2012-10-31 522752]</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</div>

    <div>"ConsentPromptBehaviorAdmin"= 0 (0x0)</div>

    <div>"ConsentPromptBehaviorUser"= 3 (0x3)</div>

    <div>"EnableLUA"= 0 (0x0)</div>

    <div>"EnableUIADesktopToggle"= 0 (0x0)</div>

    <div>"PromptOnSecureDesktop"= 0 (0x0)</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]</div>

    <div>"DisableMonitoring"=dword:00000001</div>

    <div>.</div>

    <div>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]</div>

    <div>R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]</div>

    <div>R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]</div>

    <div>R3 ALSysIO;ALSysIO;c:\users\Haro\AppData\Local\Temp\ALSysIO64.sys [x]</div>

    <div>R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]</div>

    <div>R3 AthDfu;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]</div>

    <div>R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]</div>

    <div>R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]</div>

    <div>R3 Gun;Gun;f:\softnyxgame\GunBoundIS\Gun64.sys [2012-08-13 45176]</div>

    <div>R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]</div>

    <div>R3 rzudd;Razer Keyboard Driver;c:\windows\system32\DRIVERS\rzudd.sys [2012-06-18 97792]</div>

    <div>R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]</div>

    <div>R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]</div>

    <div>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-17 1255736]</div>

    <div>R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]</div>

    <div>R3 X6va005;X6va005;c:\users\Haro\AppData\Local\Temp\0052D96.tmp [x]</div>

    <div>R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]</div>

    <div>S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-08-27 297000]</div>

    <div>S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]</div>

    <div>S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]</div>

    <div>S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]</div>

    <div>S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]</div>

    <div>S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]</div>

    <div>S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]</div>

    <div>S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]</div>

    <div>S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]</div>

    <div>S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]</div>

    <div>S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]</div>

    <div>S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]</div>

    <div>S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys [2012-05-22 112128]</div>

    <div>S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]</div>

    <div>S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-09-30 80384]</div>

    <div>S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-09-30 180736]</div>

    <div>S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-09 539240]</div>

    <div>S3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys [2012-05-21 34944]</div>

    <div>.</div>

    <div>.</div>

    <div>Contents of the 'Scheduled Tasks' folder</div>

    <div>.</div>

    <div>2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job</div>

    <div>- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 08:42]</div>

    <div>.</div>

    <div>2013-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3208197391-1747794391-1927213251-1000Core.job</div>

    <div>- c:\users\Haro\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-17 14:11]</div>

    <div>.</div>

    <div>2013-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3208197391-1747794391-1927213251-1000UA.job</div>

    <div>- c:\users\Haro\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-17 14:11]</div>

    <div>.</div>

    <div>.</div>

    <div>--------- X64 Entries -----------</div>

    <div>.</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>

    <div>"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]</div>

    <div>"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]</div>

    <div>"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]</div>

    <div>"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2779024]</div>

    <div>.</div>

    <div>------- Supplementary Scan -------</div>

    <div>.</div>

    <div>uLocal Page = c:\windows\system32\blank.htm</div>

    <div>mLocal Page = c:\windows\SysWOW64\blank.htm</div>

    <div>uInternet Settings,ProxyOverride = *.local</div>

    <div>IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm</div>

    <div>IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000</div>

    <div>IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105</div>

    <div>TCP: DhcpNameServer = 192.168.178.1</div>

    <div>FF - ProfilePath - c:\users\Haro\AppData\Roaming\Mozilla\Firefox\Profiles\05bek29r.default\</div>

    <div>FF - ExtSQL: 2012-12-17 14:43; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Haro\AppData\Roaming\Mozilla\Firefox\Profiles\05bek29r.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi</div>

    <div>.</div>

    <div>- - - - ORPHANS REMOVED - - - -</div>

    <div>.</div>

    <div>Wow6432Node-HKLM-Run-<NO NAME> - (no file)</div>

    <div>SafeBoot-65586372.sys</div>

    <div>AddRemove-PunkBusterSvc - f:\origin\Battlefield 3\pbsvc.exe</div>

    <div>.</div>

    <div>.</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]</div>

    <div>"ImagePath"="\??\c:\users\Haro\AppData\Local\Temp\0052D96.tmp"</div>

    <div>.</div>

    <div>--------------------- LOCKED REGISTRY KEYS ---------------------</div>

    <div>.</div>

    <div>[HKEY_USERS\S-1-5-21-3208197391-1747794391-1927213251-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i* *±,\OpenWithList]</div>

    <div>@Class="Shell"</div>

    <div>"a"="vlc.exe"</div>

    <div>"MRUList"="a"</div>

    <div>.</div>

    <div>[HKEY_USERS\S-1-5-21-3208197391-1747794391-1927213251-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]</div>

    <div>@Denied: (2) (LocalSystem)</div>

    <div>"Progid"="WindowsLiveMail.Email.1"</div>

    <div>.</div>

    <div>[HKEY_USERS\S-1-5-21-3208197391-1747794391-1927213251-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]</div>

    <div>@Denied: (2) (LocalSystem)</div>

    <div>"Progid"="WindowsLiveMail.VCard.1"</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]</div>

    <div>@Denied: (A 2) (Everyone)</div>

    <div>@="FlashBroker"</div>

    <div>"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]</div>

    <div>"Enabled"=dword:00000001</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]</div>

    <div>@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]</div>

    <div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]</div>

    <div>@Denied: (A 2) (Everyone)</div>

    <div>@="IFlashBroker5"</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]</div>

    <div>@="{00020424-0000-0000-C000-000000000046}"</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]</div>

    <div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div>

    <div>"Version"="1.0"</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]</div>

    <div>@Denied: (A 2) (Everyone)</div>

    <div>@="FlashBroker"</div>

    <div>"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]</div>

    <div>"Enabled"=dword:00000001</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]</div>

    <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]</div>

    <div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]</div>

    <div>@Denied: (A 2) (Everyone)</div>

    <div>@="Shockwave Flash Object"</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]</div>

    <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"</div>

    <div>"ThreadingModel"="Apartment"</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]</div>

    <div>@="0"</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]</div>

    <div>@="ShockwaveFlash.ShockwaveFlash.11"</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</div>

    <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]</div>

    <div>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]</div>

    <div>@="1.0"</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</div>

    <div>@="ShockwaveFlash.ShockwaveFlash"</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]</div>

    <div>@Denied: (A 2) (Everyone)</div>

    <div>@="Macromedia Flash Factory Object"</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]</div>

    <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"</div>

    <div>"ThreadingModel"="Apartment"</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]</div>

    <div>@="FlashFactory.FlashFactory.1"</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</div>

    <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]</div>

    <div>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]</div>

    <div>@="1.0"</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</div>

    <div>@="FlashFactory.FlashFactory"</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]</div>

    <div>@Denied: (A 2) (Everyone)</div>

    <div>@="IFlashBroker5"</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]</div>

    <div>@="{00020424-0000-0000-C000-000000000046}"</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]</div>

    <div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div>

    <div>"Version"="1.0"</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]</div>

    <div>@="?????????????????? v1"</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]</div>

    <div>@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]</div>

    <div>@="?????????????????? v2"</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]</div>

    <div>@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]</div>

    <div>@Denied: (A) (Everyone)</div>

    <div>"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]</div>

    <div>@Denied: (A) (Everyone)</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]</div>

    <div>"Key"="ActionsPane3"</div>

    <div>"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"</div>

    <div>.</div>

    <div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]</div>

    <div>@Denied: (Full) (Everyone)</div>

    <div>.</div>

    <div>Completion time: 2013-01-09  23:53:11</div>

    <div>ComboFix-quarantined-files.txt  2013-01-09 15:53</div>

    <div>.</div>

    <div>Pre-Run: 34,752,499,712 bytes free</div>

    <div>Post-Run: 34,474,479,616 bytes free</div>

    <div>.</div>

    <div>- - End Of File - - BE390DE3345B5DE8B0A11087831EE48E</div>

    <div> </div>

    scvhost.exe infected?

    in Resolved Malware Removal Logs

    Posted

    Hello MrCharlie, thanks for helping me

    here is the following log for RK

    RogueKiller V8.4.3 [Jan 8 2013] by Tigzy

    mail : tigzyRK<at>gmail<dot>com

    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Website : http://tigzy.geekstogo.com/roguekiller.php

    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User : Haro [Admin rights]

    Mode : Scan -- Date : 01/09/2013 23:07:22

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 9 ¤¤¤

    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

    [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

    [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

    [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND

    [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤

    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 www.007guard.com

    127.0.0.1 007guard.com

    127.0.0.1 008i.com

    127.0.0.1 www.008k.com

    127.0.0.1 008k.com

    127.0.0.1 www.00hq.com

    127.0.0.1 00hq.com

    127.0.0.1 010402.com

    127.0.0.1 www.032439.com

    127.0.0.1 032439.com

    127.0.0.1 www.0scan.com

    127.0.0.1 0scan.com

    127.0.0.1 www.1000gratisproben.com

    127.0.0.1 1000gratisproben.com

    127.0.0.1 1001namen.com

    127.0.0.1 www.1001namen.com

    127.0.0.1 100888290cs.com

    127.0.0.1 www.100888290cs.com

    127.0.0.1 www.100sexlinks.com

    127.0.0.1 100sexlinks.com

    [...]

    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: SAMSUNG SSD 830 Series ATA Device +++++

    --- User ---

    [MBR] 03d2e079e209e5f460fdfd8140bf07ec

    [bSP] d914afe430ba5015513313572218e2f4 : Windows 7/8 MBR Code

    Partition table:

    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 122102 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    +++++ PhysicalDrive1: WDC WD1001FALS-00J7B0 ATA Device +++++

    --- User ---

    [MBR] 0b901b21f15bb2d6b2e06344c42a9b0f

    [bSP] 986d4a0fa06cd0867514ad9abe05d92d : Windows 7/8 MBR Code

    Partition table:

    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953866 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    +++++ PhysicalDrive2: INTEL SSDSC2CW120A ATA Device +++++

    --- User ---

    [MBR] cead2f00ee2ebdb5a4f83e35472248fa

    [bSP] 776e62644e39c187bff85d3ca08aab0e : Windows 7/8 MBR Code

    Partition table:

    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    +++++ PhysicalDrive3: WDC WD20EARX-00PASB0 ATA Device +++++

    --- User ---

    [MBR] 87fe8528c24e0b40c6da30c325a4dd08

    [bSP] aa7694d1b9f0f78e254992e4e1866f04 : Windows 7/8 MBR Code

    Partition table:

    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    Finished : << RKreport[1]_S_01092013_02d2307.txt >>

    RKreport[1]_S_01092013_02d2307.txt

    scvhost.exe infected?

    in Resolved Malware Removal Logs

    Posted

    Hello,

    there was an unusual balloon notification coming from malwarebytes that said:

    BLOCK 80.82.70.245 (Type: outgoing, Port: 54105, Process: svchost.exe)

    am i infected with something? or is this normal?

    Here are the relevant logs, many thanks for your assistance

    Malwarebytes Anti-Malware (PRO) 1.70.0.1100

    www.malwarebytes.org

    Database version: v2013.01.09.05

    Windows XP Service Pack 3 x64 NTFS

    Internet Explorer 9.0.8112.16421

    Haro :: HARO-PC [administrator]

    Protection: Enabled

    9/01/2013 10:02:41 PM

    mbam-log-2013-01-09 (22-02-41).txt

    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 284643

    Time elapsed: 51 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 0

    (No malicious items detected)

    (end)

    DDS (Ver_2012-11-20.01) - NTFS_AMD64

    Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 1.6.0_31

    Run by Haro at 21:56:59 on 2013-01-09

    Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.8169.2861 [GMT 8:00]

    .

    AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

    SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

    .

    ============== Running Processes ===============

    .

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\system32\atiesrxx.exe

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\system32\atieclxx.exe

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    C:\Windows\system32\taskhost.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

    C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

    C:\Windows\SysWOW64\PnkBstrA.exe

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Windows\system32\svchost.exe -k bthsvcs

    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

    C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

    C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

    C:\Program Files (x86)\NetMeter\NetMeter.exe

    C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe

    C:\Program Files (x86)\Skype\Phone\Skype.exe

    C:\Program Files (x86)\LOLReplay\LOLRecorder.exe

    C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Windows\System32\svchost.exe -k LocalServicePeerNet

    C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Winamp\winamp.exe

    C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe

    C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Windows\system32\wuauclt.exe

    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

    C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Windows\system32\NOTEPAD.EXE

    C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Windows\System32\cscript.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uURLSearchHooks: SearchHook Class: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

    mWinlogon: Userinit = userinit.exe,

    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

    BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

    BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

    BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

    BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

    uRun: [Google Update] "C:\Users\Haro\AppData\Local\Google\Update\GoogleUpdate.exe" /c

    uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

    uRun: [C:\Program Files (x86)\NetMeter\NetMeter.exe] C:\Program Files (x86)\NetMeter\NetMeter.exe

    uRun: [steelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe

    uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

    uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

    mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

    mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"

    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    mRun: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE

    mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe

    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

    mPolicies-Explorer: NoActiveDesktop = dword:1

    mPolicies-Explorer: NoActiveDesktopChanges = dword:1

    mPolicies-Explorer: NoDriveTypeAutoRun = dword:12

    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

    mPolicies-System: ConsentPromptBehaviorUser = dword:3

    mPolicies-System: EnableLUA = dword:0

    mPolicies-System: EnableUIADesktopToggle = dword:0

    mPolicies-System: PromptOnSecureDesktop = dword:0

    IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

    IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

    .

    INFO: HKCU has more than 50 listed domains.

    If you wish to scan all of them, select the 'Force scan all domains' option.

    .

    .

    INFO: HKLM has more than 50 listed domains.

    If you wish to scan all of them, select the 'Force scan all domains' option.

    .

    DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab

    DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    TCP: NameServer = 192.168.178.1

    TCP: Interfaces\{3303F4EE-6C92-416C-B094-821818E3B852} : DHCPNameServer = 192.168.178.1

    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    SSODL: WebCheck - <orphaned>

    x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll

    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

    x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll

    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

    x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"

    x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

    x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

    x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll

    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll

    .

    INFO: x64-HKLM has more than 50 listed domains.

    If you wish to scan all of them, select the 'Force scan all domains' option.

    .

    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

    x64-Notify: klogon - C:\Windows\System32\klogon.dll

    x64-SSODL: WebCheck - <orphaned>

    Hosts: 127.0.0.1 www.spywareinfo.com

    .

    ================= FIREFOX ===================

    .

    FF - ProfilePath - C:\Users\Haro\AppData\Roaming\Mozilla\Firefox\Profiles\05bek29r.default\

    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll

    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

    FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

    FF - plugin: C:\Users\Haro\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

    FF - plugin: C:\Windows\System32\npDeployJava1.dll

    FF - plugin: C:\Windows\System32\npmproxy.dll

    FF - plugin: C:\Windows\System32\npOGPPlugin.dll

    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

    FF - plugin: C:\Windows\SysWOW64\npOGPPlugin.dll

    FF - ExtSQL: 2012-12-17 14:43; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Haro\AppData\Roaming\Mozilla\Firefox\Profiles\05bek29r.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

    .

    ============= SERVICES / DRIVERS ===============

    .

    R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-8-28 297000]

    R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2011-3-4 11864]

    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2011-3-10 29488]

    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-28 239616]

    R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-10-27 52896]

    R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 206448]

    R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]

    R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2012-7-4 21992]

    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-21 398184]

    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-21 682344]

    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]

    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2010-10-27 301680]

    R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2010-10-27 203624]

    R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2010-10-27 156520]

    R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2010-10-27 279152]

    R3 busenum;SteelBusSvc;C:\Windows\System32\drivers\SteelBus64.sys [2012-5-23 112128]

    R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]

    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-21 24176]

    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-9-30 80384]

    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-9-30 180736]

    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

    R3 SAlphamHid;SteelHIDSvc;C:\Windows\System32\drivers\SAlpham64.sys [2012-5-21 34944]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

    S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2010-10-27 38248]

    S3 AthDfu;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2010-10-27 55336]

    S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2010-10-27 58992]

    S3 Gun;Gun;F:\SoftnyxGame\GunboundIS\Gun64.sys [2012-8-13 45176]

    S3 rzudd;Razer Keyboard Driver;C:\Windows\System32\drivers\rzudd.sys [2012-6-18 97792]

    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]

    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-4-18 59392]

    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]

    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-18 1255736]

    S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]

    S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

    .

    =============== Created Last 30 ================

    .

    2013-01-09 13:15:43 -------- d-----w- C:\TDSSKiller_Quarantine

    2013-01-09 05:49:43 -------- d-----w- C:\Users\Haro\AppData\Local\{36F40DE1-D475-4CEB-B96F-B2A7E2C477AF}

    2013-01-08 17:49:20 -------- d-----w- C:\Users\Haro\AppData\Local\{1F3CBD54-C7C4-49CD-B52B-E2DEC3F5E0C4}

    2013-01-08 08:24:52 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

    2013-01-08 08:24:47 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

    2013-01-08 08:24:47 -------- d-----w- C:\Program Files\iTunes

    2013-01-08 08:24:47 -------- d-----w- C:\Program Files\iPod

    2013-01-08 08:24:47 -------- d-----w- C:\Program Files (x86)\iTunes

    2013-01-08 05:11:48 -------- d-----w- C:\Users\Haro\AppData\Local\{80382736-3917-4333-9180-62FACB85D1DA}

    2013-01-07 17:11:25 -------- d-----w- C:\Users\Haro\AppData\Local\{864539B2-EA31-41E2-B1C2-65485417B1B8}

    2013-01-07 04:37:06 -------- d-----w- C:\Users\Haro\AppData\Local\{6F23DED4-91AE-4E0C-A857-218576CCA19B}

    2013-01-06 16:36:41 -------- d-----w- C:\Users\Haro\AppData\Local\{E961DFAF-7B09-4127-92CF-E0FFAD11A5B5}

    2013-01-06 04:36:19 -------- d-----w- C:\Users\Haro\AppData\Local\{B574EF6A-42C9-4FF6-B553-A71F8AC30B6E}

    2013-01-05 14:58:03 -------- d-----w- C:\Users\Haro\AppData\Local\{87F0A5D0-0235-48BB-9693-7F36E7088B9E}

    2013-01-05 13:58:25 -------- d-----w- C:\Windows\PCHEALTH

    2013-01-05 13:56:09 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

    2013-01-05 02:57:52 -------- d-----w- C:\Users\Haro\AppData\Local\{917BD89B-A418-4FB1-B5D2-B4C3FAA891DC}

    2013-01-04 02:40:08 -------- d-----w- C:\Users\Haro\AppData\Local\{27B77A80-63E2-4A24-98A3-6F066CEF4680}

    2013-01-03 03:48:26 -------- d-----w- C:\Users\Haro\AppData\Local\PMB Files

    2013-01-03 03:48:25 -------- d-----w- C:\ProgramData\PMB Files

    2013-01-03 02:24:24 -------- d-----w- C:\Users\Haro\AppData\Local\{B7290A15-9BC1-4A57-9769-F2D194417716}

    2013-01-02 10:35:13 -------- d-----w- C:\Users\Haro\AppData\Local\{665E2D6C-1D1F-4D51-BBD5-26029F44277A}

    2013-01-01 22:35:00 -------- d-----w- C:\Users\Haro\AppData\Local\{C71098B9-13BB-4688-879F-ECD4546471A1}

    2013-01-01 02:55:25 -------- d-----w- C:\Users\Haro\AppData\Local\{DEC77550-8C03-45AD-9F10-CE84868A7911}

    2012-12-31 07:56:31 -------- d-----w- C:\Users\Haro\AppData\Local\{36B1A09B-F55F-401C-B497-7B435E9ED09A}

    2012-12-30 19:56:04 -------- d-----w- C:\Users\Haro\AppData\Local\{F7C6FFED-3224-4AC4-BC6E-9309D5159BA5}

    2012-12-30 03:28:08 -------- d-----w- C:\Users\Haro\AppData\Local\{4AB4DBF2-C2DF-4291-8891-DB0E71B27999}

    2012-12-29 15:27:22 -------- d-----w- C:\Users\Haro\AppData\Local\{45F0248A-ACCD-42E1-A7BA-D67AEFF24031}

    2012-12-29 03:27:00 -------- d-----w- C:\Users\Haro\AppData\Local\{9889C343-98E4-4D34-9AE5-679F7490EF6A}

    2012-12-28 15:26:37 -------- d-----w- C:\Users\Haro\AppData\Local\{8BA434AD-83D8-4CFB-9DA6-4B5FB54D7FF1}

    2012-12-28 00:57:54 -------- d-----w- C:\Users\Haro\AppData\Local\{5FDC3914-406A-4DF1-ADD7-232C6B4CEF1E}

    2012-12-27 06:11:44 -------- d-----w- C:\Users\Haro\AppData\Local\{4DB9EB7E-D89A-4734-B316-075C6C88D87D}

    2012-12-26 14:11:56 -------- d-----w- C:\Users\Haro\AppData\Local\{066CC873-8B87-4787-8F0F-BEA5724A5897}

    2012-12-26 01:45:58 -------- d-----w- C:\Users\Haro\AppData\Local\{E9BAC422-C40D-4466-8DA1-4EE60F6EACDA}

    2012-12-25 04:46:26 -------- d-----w- C:\Windows\SysWow64\directx

    2012-12-25 04:46:10 -------- d-----w- C:\Program Files (x86)\Microsoft XNA

    2012-12-25 02:56:05 -------- d-----w- C:\Users\Haro\AppData\Local\{84289E84-D1B5-4A5A-9C1D-0132C7184292}

    2012-12-24 14:55:42 -------- d-----w- C:\Users\Haro\AppData\Local\{C3A81E06-87F0-4D83-9F88-20FC9F300BB4}

    2012-12-24 02:34:12 -------- d-----w- C:\Users\Haro\AppData\Local\{EA2649E4-AA7E-4DB0-8F05-AAF1EDE478BD}

    2012-12-23 14:54:06 -------- d-----w- C:\Users\Haro\.swt

    2012-12-23 14:33:37 -------- d-----w- C:\Users\Haro\AppData\Local\{8DE4655F-5E5F-4709-9D6B-C101059F09FC}

    2012-12-23 02:33:25 -------- d-----w- C:\Users\Haro\AppData\Local\{40F9B5A0-9883-4144-B7FD-0DF61F3B5BA9}

    2012-12-22 03:11:51 -------- d-----w- C:\Users\Haro\AppData\Local\{819EAD95-1AFC-4931-86D8-71611D5CB46C}

    2012-12-21 15:11:27 -------- d-----w- C:\Users\Haro\AppData\Local\{3F6E520C-41ED-4A61-9EA5-723FDDBEDC92}

    2012-12-21 02:34:12 -------- d-----w- C:\Users\Haro\AppData\Local\{5E7EE51E-FB0C-4B65-BB23-1DF729F129F6}

    2012-12-20 14:33:38 -------- d-----w- C:\Users\Haro\AppData\Local\{A6F9935E-96DF-4EB9-A669-4AC14319B8BC}

    2012-12-20 04:24:32 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation

    2012-12-20 02:33:28 -------- d-----w- C:\Users\Haro\AppData\Local\{8C44A21D-7400-4514-9CC4-CCA0F3F147EF}

    2012-12-19 13:35:40 -------- d-----w- C:\Users\Haro\AppData\Local\{CB9BAF72-9D7E-481C-97A9-C8BD68EA57CF}

    2012-12-19 01:35:29 -------- d-----w- C:\Users\Haro\AppData\Local\{FBEB5042-7D54-4810-8A95-9DD79AF8B9DA}

    2012-12-18 12:49:42 -------- d-----w- C:\Users\Haro\AppData\Local\{0D375A03-BE79-4402-8321-F91222ABD718}

    2012-12-18 00:49:20 -------- d-----w- C:\Users\Haro\AppData\Local\{AD1ECA6C-5582-491D-91C2-5362B3B53F79}

    2012-12-17 23:48:36 -------- d-----w- C:\Program Files (x86)\AMD APP

    2012-12-17 12:48:46 -------- d-----w- C:\Users\Haro\AppData\Local\{16957AD8-AD9C-4A6F-B87B-DF2B842FE0A8}

    2012-12-17 06:44:16 -------- d-----w- C:\Users\Haro\AppData\Local\Macromedia

    2012-12-17 00:48:24 -------- d-----w- C:\Users\Haro\AppData\Local\{6553AB3E-3FA7-4CA9-A607-A8BB09448364}

    2012-12-16 15:32:50 -------- d-----w- C:\Users\Haro\AppData\Local\{794FF2A6-024A-4755-9517-AA2D3F40D2FD}

    2012-12-16 03:32:28 -------- d-----w- C:\Users\Haro\AppData\Local\{E57D5483-126A-415E-A12A-CB80AE5C079C}

    2012-12-15 15:31:52 -------- d-----w- C:\Users\Haro\AppData\Local\{03496FF9-F290-4894-84A6-039B09EBE56E}

    2012-12-15 03:31:18 -------- d-----w- C:\Users\Haro\AppData\Local\{6F9991DF-6B19-47A0-B3E4-B7ED69E5D828}

    2012-12-14 15:30:55 -------- d-----w- C:\Users\Haro\AppData\Local\{E1757AC7-F648-461A-B79A-AB800D7012B5}

    2012-12-14 01:32:52 -------- d-----w- C:\Users\Haro\AppData\Local\{B4DBF27B-1DC4-42A5-835D-A7CDFF13AF38}

    2012-12-13 02:00:10 -------- d-----w- C:\Users\Haro\AppData\Local\{266A18CB-3A91-4374-97A9-664099D430E6}

    2012-12-12 03:33:31 -------- d-----w- C:\Users\Haro\AppData\Local\{1EF23F0A-C507-4B74-95FD-83E444721C4C}

    2012-12-11 15:32:58 -------- d-----w- C:\Users\Haro\AppData\Local\{938AF9B9-33D3-429D-9B55-79AE84EA6461}

    2012-12-11 03:10:05 -------- d-----w- C:\Users\Haro\AppData\Local\{7A12A63F-84D0-4C85-A9BE-38C820798AC9}

    2012-12-10 15:09:31 -------- d-----w- C:\Users\Haro\AppData\Local\{F9A34C13-7049-4D8C-940A-1FB394F340FC}

    .

    ==================== Find3M ====================

    .

    2013-01-09 08:42:25 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

    2013-01-09 08:42:25 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

    2012-12-14 08:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

    2012-10-30 16:05:18 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

    2012-10-30 16:05:18 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

    2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys

    .

    ============= FINISH: 21:57:11.60 ===============

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2012-11-20.01)

    .

    Microsoft Windows 7 Professional

    Boot Device: \Device\HarddiskVolume1

    Install Date: 17/04/2012 9:53:27 PM

    System Uptime: 9/01/2013 9:18:16 PM (0 hours ago)

    .

    Motherboard: ASUSTeK COMPUTER INC. | | P8P67

    Processor: Intel® Core i5-2500K CPU @ 3.30GHz | LGA1155 | 3301/100mhz

    .

    ==== Disk Partitions =========================

    .

    C: is FIXED (NTFS) - 112 GiB total, 26.509 GiB free.

    D: is CDROM ()

    E: is FIXED (NTFS) - 1863 GiB total, 1359.184 GiB free.

    F: is FIXED (NTFS) - 932 GiB total, 322.413 GiB free.

    R: is FIXED (NTFS) - 119 GiB total, 30.672 GiB free.

    .

    ==== Disabled Device Manager Items =============

    .

    Class GUID: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}

    Description: Virtual Bluetooth Support

    Device ID: BTHENUM\{CBECAB40-A2C8-4AB3-ADC1-DE0FE95D8600}_LOCALMFG&0000\8&2E9958BA&0&000000000000_00000000

    Manufacturer: Atheros Communications

    Name: Virtual Bluetooth Support

    PNP Device ID: BTHENUM\{CBECAB40-A2C8-4AB3-ADC1-DE0FE95D8600}_LOCALMFG&0000\8&2E9958BA&0&000000000000_00000000

    Service: AthBTPort

    .

    Class GUID: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}

    Description: Bluetooth LWFLT Device

    Device ID: BTHENUM\{DD533152-01F4-435C-ABFE-984BC21A2A65}_LOCALMFG&0000\8&2E9958BA&0&000000000000_00000000

    Manufacturer: Atheros Communications

    Name: Bluetooth LWFLT Device

    PNP Device ID: BTHENUM\{DD533152-01F4-435C-ABFE-984BC21A2A65}_LOCALMFG&0000\8&2E9958BA&0&000000000000_00000000

    Service: BTATH_LWFLT

    .

    ==== System Restore Points ===================

    .

    RP94: 5/01/2013 9:55:44 PM - Installed Microsoft Office Professional 2010

    RP95: 8/01/2013 4:24:24 PM - Installed iTunes

    .

    ==== Installed Programs ======================

    .

    Adobe Flash Player 11 ActiveX

    Adobe Flash Player 11 Plugin

    Adobe Reader X (10.1.3)

    AMD Accelerated Video Transcoding

    AMD APP SDK Runtime

    AMD Catalyst Install Manager

    AMD Drag and Drop Transcoding

    AMD Media Foundation Decoders

    Apple Application Support

    Apple Mobile Device Support

    Apple Software Update

    AVM FRITZ!Box Info

    AVM FRITZ!Box Printer

    Bastion

    Battlelog Web Plugins

    Bluetooth Win7 Suite (64)

    Bonjour

    Browser Configuration Utility

    Canon IJ Network Scanner Selector EX

    Canon IJ Network Tool

    Canon MG4100 series MP Drivers

    Canon MP Navigator EX 5.0

    Canon My Printer

    Catalyst Control Center

    Catalyst Control Center - Branding

    Catalyst Control Center Graphics Previews Common

    Catalyst Control Center InstallProxy

    Catalyst Control Center Localization All

    ccc-utility64

    CCC Help Chinese Standard

    CCC Help Chinese Traditional

    CCC Help Czech

    CCC Help Danish

    CCC Help Dutch

    CCC Help English

    CCC Help Finnish

    CCC Help French

    CCC Help German

    CCC Help Greek

    CCC Help Hungarian

    CCC Help Italian

    CCC Help Japanese

    CCC Help Korean

    CCC Help Norwegian

    CCC Help Polish

    CCC Help Portuguese

    CCC Help Russian

    CCC Help Spanish

    CCC Help Swedish

    CCC Help Thai

    CCC Help Turkish

    Counter-Strike: Global Offensive

    CPUID HWMonitor 1.19

    D3DX10

    Definition update for Microsoft Office 2010 (KB982726)

    Diablo III

    Dota 2

    DragonNest

    EPSON TX120 NX120 Series Printer Uninstall

    ESN Sonar

    Far Cry® 3

    Fraps (remove only)

    GOM Player

    GOMTV Streamer

    Google Chrome

    Guild Wars 2

    GunboundIS

    Hi-Rez Studios Authenticate and Update Service

    HiJackThis

    Intel® Management Engine Components

    iTunes

    Java Auto Updater

    Java 6 Update 31

    Junk Mail filter update

    Kaspersky Internet Security 2012

    League of Legends

    Left 4 Dead 2

    LOLReplay

    Malwarebytes Anti-Malware version 1.70.0.1100

    MapleStory

    marvell 91xx console driver

    Mass Effect™ 3

    Microsoft .NET Framework 4 Client Profile

    Microsoft .NET Framework 4 Extended

    Microsoft Application Error Reporting

    Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)

    Microsoft Office 2010 Service Pack 1 (SP1)

    Microsoft Office Access MUI (English) 2010

    Microsoft Office Access Setup Metadata MUI (English) 2010

    Microsoft Office Excel MUI (English) 2010

    Microsoft Office Office 64-bit Components 2010

    Microsoft Office OneNote MUI (English) 2010

    Microsoft Office Outlook MUI (English) 2010

    Microsoft Office PowerPoint MUI (English) 2010

    Microsoft Office Professional 2010

    Microsoft Office Proof (English) 2010

    Microsoft Office Proof (French) 2010

    Microsoft Office Proof (Spanish) 2010

    Microsoft Office Proofing (English) 2010

    Microsoft Office Publisher MUI (English) 2010

    Microsoft Office Shared 64-bit MUI (English) 2010

    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

    Microsoft Office Shared MUI (English) 2010

    Microsoft Office Shared Setup Metadata MUI (English) 2010

    Microsoft Office Single Image 2010

    Microsoft Office Word MUI (English) 2010

    Microsoft Silverlight

    Microsoft SQL Server 2005 Compact Edition [ENU]

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

    Microsoft XML Parser

    Microsoft XNA Framework Redistributable 3.1

    Mozilla Firefox 17.0.1 (x86 en-US)

    Mozilla Maintenance Service

    MSVCRT

    MSVCRT_amd64

    MSXML 4.0 SP2 (KB954430)

    MSXML 4.0 SP2 (KB973688)

    Mumble 1.2.3

    Need for Speed™ Most Wanted

    Nero 8 Essentials

    neroxml

    NetMeter 1.1.4 BETA

    Nexon Game Manager

    NVIDIA PhysX

    Origin

    Pando Media Booster

    PlanetSide 2

    PunkBuster Services

    Razer Synapse 2.0

    Realtek Ethernet Controller Driver

    Realtek High Definition Audio Driver

    Renesas Electronics USB 3.0 Host Controller Driver

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

    Skype™ 6.0

    Spybot - Search & Destroy

    StarCraft II

    Steam

    SteelSeries Engine

    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

    Update for Microsoft .NET Framework 4 Extended (KB2468871)

    Update for Microsoft .NET Framework 4 Extended (KB2533523)

    Update for Microsoft .NET Framework 4 Extended (KB2600217)

    VCRedistSetup

    VLC media player 2.0.4

    Winamp

    Winamp Application Detect

    Windows Live Communications Platform

    Windows Live Essentials

    Windows Live ID Sign-in Assistant

    Windows Live Installer

    Windows Live Language Selector

    Windows Live Mail

    Windows Live Messenger

    Windows Live MIME IFilter

    Windows Live Movie Maker

    Windows Live Photo Common

    Windows Live Photo Gallery

    Windows Live PIMT Platform

    Windows Live SOXE

    Windows Live SOXE Definitions

    Windows Live UX Platform

    Windows Live UX Platform Language Pack

    Windows Live Writer

    Windows Live Writer Resources

    Worms Reloaded

    .

    ==== Event Viewer Messages From Past Week ========

    .

    9/01/2013 9:19:23 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

    9/01/2013 9:19:20 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

    9/01/2013 9:19:20 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

    9/01/2013 9:19:20 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

    8/01/2013 4:25:23 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.

    8/01/2013 4:24:23 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    2/01/2013 6:33:04 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

    .

    ==== End Of File ===========================

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.