squee451
Members-
Posts
9 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by squee451
-
I'm infected with something unsure what
squee451 replied to squee451's topic in Resolved Malware Removal Logs
As far as I see you're clean. I remember seeing a program on this a while back and if I remember correctly it wasn't done that way. There was a 60 minute report on super using which did not involve Malware which I assumed you saw. Many poker players have found remote viewing software in their computer where they lost money in that manner, but I have not heard of a program covering it. I'm glad to hear that I'm clean. My internet problem is one of unusually high lag on my particular computer while my friend's laptop functions fine with the same connection, in particular reconnecting to poker sites has started taking far longer than it ever used to. I installed SXE injected and it's now uninstalled. I will not reinstall it again. Here is the log provided. Results of screen317's Security Check version 0.99.63 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 JavaFX 2.1.1 Java 6 Update 29 Java 7 Update 9 Java version out of Date! Adobe Flash Player 11.6.602.180 Adobe Reader 10.1.0 Adobe Reader out of Date! Mozilla Firefox (20.0.1) Google Chrome 26.0.1410.43 Google Chrome 26.0.1410.64 ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` -
I'm infected with something unsure what
squee451 replied to squee451's topic in Resolved Malware Removal Logs
The boot-up time for my computer has reduced drastically, seeming to indicate to me that a large number of adware programs were removed. However the internet problems do not seem to be completely fixed. Has everything I've been running been checking for the possibility of remote-viewing software discretely installed into my system? A number of top poker players have been suspicious of a hacking ring recently with many people losing tens of thousands of dollars before discovering the malware on the system and this is what I'm most afraid of. You have been an incredible help and I'll certainly be donating via paypal as you have really helped me out. One last question, what essential anti-virus programs would you suggest using? I was using Avast but am told to consider scrapping that and just using Microsoft Security Essentials. I run rkill and do a MBAM scam every couple of days as well. -
I'm infected with something unsure what
squee451 replied to squee451's topic in Resolved Malware Removal Logs
Log as requested. # AdwCleaner v2.300 - Logfile created 05/08/2013 at 13:50:58 # Updated 28/04/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Squee - SALVADORDALI # Boot Mode : Normal # Running from : C:\Users\Squee\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt Folder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com Folder Deleted : C:\Users\Squee\AppData\LocalLow\boost_interprocess Folder Deleted : C:\Users\Squee\AppData\Roaming\dvdvideosoftiehelpers ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1 Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1 Key Deleted : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD Key Deleted : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16476 [OK] Registry is clean. -\\ Mozilla Firefox v20.0.1 (en-US) File : C:\Users\Squee\AppData\Roaming\Mozilla\Firefox\Profiles\dp82b6ac.default-1367871585051\prefs.js [OK] File is clean. -\\ Google Chrome v26.0.1410.64 File : C:\Users\Squee\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [3517 octets] - [08/05/2013 12:41:14] AdwCleaner[R2].txt - [3577 octets] - [08/05/2013 13:50:22] AdwCleaner[s1].txt - [3576 octets] - [08/05/2013 13:50:58] ########## EOF - C:\AdwCleaner[s1].txt - [3636 octets] ########## -
I'm infected with something unsure what
squee451 replied to squee451's topic in Resolved Malware Removal Logs
Log as requested. # AdwCleaner v2.300 - Logfile created 05/08/2013 at 12:41:14 # Updated 28/04/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Squee - SALVADORDALI # Boot Mode : Normal # Running from : C:\Users\Squee\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt Folder Found : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com Folder Found : C:\Users\Squee\AppData\LocalLow\boost_interprocess Folder Found : C:\Users\Squee\AppData\Roaming\dvdvideosoftiehelpers ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\Crossrider Key Found : HKLM\Software\AVG Secure Search Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE Key Found : HKLM\SOFTWARE\Classes\dnUpdate Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1 Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1 Key Found : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD Key Found : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16476 [OK] Registry is clean. -\\ Mozilla Firefox v20.0.1 (en-US) File : C:\Users\Squee\AppData\Roaming\Mozilla\Firefox\Profiles\dp82b6ac.default-1367871585051\prefs.js [OK] File is clean. -\\ Google Chrome v26.0.1410.64 File : C:\Users\Squee\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [3392 octets] - [08/05/2013 12:41:14] ########## EOF - C:\AdwCleaner[R1].txt - [3452 octets] ########## -
I'm infected with something unsure what
squee451 replied to squee451's topic in Resolved Malware Removal Logs
Here is the C:combofix.txt file. ComboFix 13-05-07.02 - Squee 05/07/2013 23:16:19.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8099.4466 [GMT -7:00] Running from: c:\users\Squee\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ADS - windows: deleted 192 bytes in 1 streams. . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Hotspot Shield\HssIE\HsSIe.dll c:\program files (x86)\sXe Injected c:\program files (x86)\sXe Injected\chrome-extension_icpgjfneehieebagbmdbhnlpiopdcmna_0.localstorage c:\program files (x86)\sXe Injected\Chrome\chrome-extension_icpgjfneehieebagbmdbhnlpiopdcmna_0.localstorage c:\program files (x86)\sXe Injected\chromechange.exe c:\program files (x86)\sXe Injected\ddsxei.sys c:\program files (x86)\sXe Injected\default.reg c:\program files (x86)\sXe Injected\firechange.exe c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\background.html c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\background.js c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\example.html c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\icon128.png c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\icon19.png c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\icon200.png c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\manifest.json c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\options.css c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\options.html c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\options.js c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\README.md c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\redirect.html c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\redirect.js c:\program files (x86)\sXe Injected\localstrike-search.xml c:\program files (x86)\sXe Injected\newtaburl_local.xpi c:\program files (x86)\sXe Injected\Preferences c:\program files (x86)\sXe Injected\search.ini c:\program files (x86)\sXe Injected\speeddial.ini c:\program files (x86)\sXe Injected\sXe-I EULA.txt c:\program files (x86)\sXe Injected\sXe Injected.exe c:\program files (x86)\sXe Injected\sXe Injected.txt c:\program files (x86)\sXe Injected\sXe.dll c:\program files (x86)\sXe Injected\TopSites.plist c:\program files (x86)\sXe Injected\uninstall.exe c:\program files (x86)\sXe Injected\uninstall.ini c:\program files (x86)\sXe Injected\Web Data c:\users\Squee\AppData\Local\Temp\_MEI43602\_ctypes.pyd c:\users\Squee\AppData\Local\Temp\_MEI43602\_elementtree.pyd c:\users\Squee\AppData\Local\Temp\_MEI43602\_hashlib.pyd c:\users\Squee\AppData\Local\Temp\_MEI43602\_multiprocessing.pyd c:\users\Squee\AppData\Local\Temp\_MEI43602\_socket.pyd c:\users\Squee\AppData\Local\Temp\_MEI43602\_ssl.pyd c:\users\Squee\AppData\Local\Temp\_MEI43602\pyexpat.pyd c:\users\Squee\AppData\Local\Temp\_MEI43602\pysqlite2._sqlite.pyd c:\users\Squee\AppData\Local\Temp\_MEI43602\python27.dll c:\users\Squee\AppData\Local\Temp\_MEI43602\pythoncom27.dll c:\users\Squee\AppData\Local\Temp\_MEI43602\PyWinTypes27.dll c:\users\Squee\AppData\Local\Temp\_MEI43602\select.pyd c:\users\Squee\AppData\Local\Temp\_MEI43602\unicodedata.pyd c:\users\Squee\AppData\Local\Temp\_MEI43602\win32api.pyd c:\users\Squee\AppData\Local\Temp\_MEI43602\win32com.shell.shell.pyd c:\users\Squee\AppData\Local\Temp\_MEI43602\win32crypt.pyd c:\users\Squee\AppData\Local\Temp\_MEI43602\win32event.pyd c:\users\Squee\AppData\Local\Temp\_MEI43602\win32file.pyd c:\users\Squee\AppData\Local\Temp\_MEI43602\win32inet.pyd c:\users\Squee\AppData\Local\Temp\_MEI43602\win32pdh.pyd c:\users\Squee\AppData\Local\Temp\_MEI43602\win32process.pyd c:\users\Squee\AppData\Local\Temp\_MEI43602\win32profile.pyd c:\users\Squee\AppData\Local\Temp\_MEI43602\win32security.pyd c:\users\Squee\AppData\Local\Temp\_MEI43602\win32ts.pyd c:\users\Squee\AppData\Local\Temp\_MEI43602\windows._cacheinvalidation.pyd c:\users\Squee\AppData\Local\Temp\_MEI43602\wx._controls_.pyd c:\users\Squee\AppData\Local\Temp\_MEI43602\wx._core_.pyd c:\users\Squee\AppData\Local\Temp\_MEI43602\wx._gdi_.pyd c:\users\Squee\AppData\Local\Temp\_MEI43602\wx._html2.pyd c:\users\Squee\AppData\Local\Temp\_MEI43602\wx._misc_.pyd c:\users\Squee\AppData\Local\Temp\_MEI43602\wx._windows_.pyd c:\users\Squee\AppData\Local\Temp\_MEI43602\wx._wizard.pyd c:\users\Squee\AppData\Local\Temp\_MEI43602\wxbase294u_net_vc90.dll c:\users\Squee\AppData\Local\Temp\_MEI43602\wxbase294u_vc90.dll c:\users\Squee\AppData\Local\Temp\_MEI43602\wxmsw294u_adv_vc90.dll c:\users\Squee\AppData\Local\Temp\_MEI43602\wxmsw294u_core_vc90.dll c:\users\Squee\AppData\Local\Temp\_MEI43602\wxmsw294u_html_vc90.dll c:\users\Squee\AppData\Local\Temp\_MEI43602\wxmsw294u_webview_vc90.dll c:\users\Squee\AppData\Roaming\Roaming c:\users\Squee\AppData\Roaming\Roaming\HoldemManager\config\FTPRushTables.xml . . ((((((((((((((((((((((((( Files Created from 2013-04-08 to 2013-05-08 ))))))))))))))))))))))))))))))) . . 2013-05-06 20:27 . 2013-05-06 20:27 388096 ----a-r- c:\users\Squee\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-05-06 20:27 . 2013-05-06 20:27 -------- d-----w- c:\program files (x86)\Trend Micro 2013-05-06 20:20 . 2013-05-06 20:20 -------- d-----w- c:\program files\Microsoft Silverlight 2013-05-06 20:20 . 2013-05-06 20:20 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2013-05-03 23:06 . 2009-12-23 23:51 135168 ----a-w- c:\windows\system32\drivers\ZTEusbnet.sys 2013-05-03 23:06 . 2009-11-04 23:44 119680 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys 2013-05-03 23:06 . 2009-11-04 23:44 119680 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys 2013-05-03 23:06 . 2009-11-04 23:43 119680 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys 2013-05-03 23:06 . 2013-05-08 05:57 -------- d-----w- c:\program files (x86)\Arnet Movil 2013-05-03 21:28 . 2013-05-03 21:28 -------- d-----w- c:\users\Squee\AppData\Local\Programs 2013-05-03 21:17 . 2013-05-03 21:17 -------- d-----w- c:\program files\CCleaner 2013-05-02 20:29 . 2013-05-03 23:06 -------- d-----w- c:\windows\SysWow64\SupportAppXL 2013-04-30 15:45 . 2013-04-30 17:22 -------- d-----w- C:\Stars Data 2013-04-28 02:25 . 2013-04-17 13:31 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A8DB17A-A0C0-48FC-A2B3-70531310A3C5}\mpengine.dll 2013-04-28 02:17 . 2013-03-06 22:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-04-28 02:17 . 2013-03-06 22:33 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-04-28 01:54 . 2013-04-28 01:54 -------- d-----w- c:\users\Squee\AppData\Roaming\TuneUp Software 2013-04-28 01:47 . 2013-04-28 01:47 -------- d-----w- c:\users\Squee\AppData\Local\Avg2013 2013-04-28 01:34 . 2008-07-12 15:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll 2013-04-28 01:34 . 2008-07-12 15:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll 2013-04-28 01:33 . 2008-07-12 15:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll 2013-04-28 00:47 . 2013-04-28 00:47 -------- d-----w- C:\Riot Games 2013-04-27 20:03 . 2013-04-27 20:03 -------- d-----w- c:\users\Squee\AppData\Roaming\NVIDIA 2013-04-27 19:59 . 2013-05-07 16:21 -------- d-----w- c:\program files (x86)\Pando Networks 2013-04-27 19:58 . 2013-04-27 19:58 -------- d-----w- c:\users\Squee\.swt 2013-04-27 01:36 . 2013-04-27 20:08 -------- d-----w- c:\program files (x86)\PSQLINSTALL 2013-04-26 19:36 . 2013-03-06 22:33 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-04-26 19:36 . 2013-03-06 22:33 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-04-26 19:36 . 2013-03-06 22:33 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-04-26 19:36 . 2013-03-06 22:33 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-04-26 19:36 . 2013-03-06 22:33 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-04-26 19:36 . 2013-03-06 22:33 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-04-26 19:36 . 2013-03-06 22:32 287840 ----a-w- c:\windows\system32\aswBoot.exe 2013-04-26 19:34 . 2013-03-06 22:32 41664 ----a-w- c:\windows\avastSS.scr 2013-04-26 19:34 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2013-04-26 19:33 . 2013-04-26 19:33 -------- d-----w- c:\programdata\AVAST Software 2013-04-26 19:33 . 2013-04-26 19:33 -------- d-----w- c:\program files\AVAST Software 2013-04-25 13:02 . 2013-04-25 13:02 -------- d-----w- c:\programdata\Citrix 2013-04-25 12:59 . 2013-04-30 16:53 -------- d-----w- c:\program files (x86)\Citrix 2013-04-25 12:57 . 2013-04-25 12:57 -------- d-----w- c:\users\Squee\AppData\Local\Citrix 2013-04-24 15:58 . 2013-05-07 16:22 -------- d-----w- c:\users\postgres 2013-04-24 15:56 . 2013-04-24 15:56 -------- d-----w- c:\program files\PostgreSQL 2013-04-24 15:32 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-24 07:13 . 2013-04-24 07:13 -------- d-----w- c:\users\Squee\AppData\Roaming\postgresql 2013-04-21 18:56 . 2013-04-21 18:56 -------- d-----w- c:\program files (x86)\TableNinjaFT 2013-04-14 14:36 . 2013-04-14 14:36 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-04-14 04:27 . 2013-04-26 19:32 -------- d-----w- C:\PTHands 2013-04-12 15:08 . 2013-04-22 02:05 -------- d-----w- c:\users\Squee\AppData\Local\PokerTracker 4 2013-04-12 15:08 . 2013-05-08 05:16 -------- d-----w- c:\program files (x86)\PokerTracker 4 2013-04-11 15:24 . 2013-04-11 15:24 -------- d-----w- c:\users\Squee\AppData\Roaming\Gyazo 2013-04-11 15:24 . 2013-04-11 15:24 -------- d-----w- c:\program files (x86)\Gyazo 2013-04-10 10:27 . 2013-04-10 10:27 0 ----a-w- c:\windows\SysWow64\shoAC4.tmp 2013-04-10 10:01 . 2013-02-22 06:17 85504 ----a-w- c:\windows\system32\jsproxy.dll 2013-04-10 00:00 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll 2013-04-10 00:00 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll 2013-04-10 00:00 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll 2013-04-10 00:00 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll 2013-04-10 00:00 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll 2013-04-10 00:00 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll 2013-04-09 23:59 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-04-09 23:54 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys 2013-04-09 23:53 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-09 23:53 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-04-09 23:53 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-04-09 23:53 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-04-09 23:53 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-04-09 23:53 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe 2013-04-08 20:20 . 2013-04-08 20:20 -------- d-----w- c:\users\Squee\AppData\Roaming\GMATPrep 2013-04-08 16:44 . 2013-04-08 16:44 -------- d-----w- c:\users\Squee\AppData\Roaming\BANDISOFT 2013-04-08 16:42 . 2013-04-08 16:43 -------- d-----w- c:\program files (x86)\Bandicam 2013-04-08 16:42 . 2013-04-08 16:42 -------- d-----w- c:\program files (x86)\BandiMPEG1 2013-04-08 16:38 . 2013-04-08 16:38 -------- d-----w- c:\windows\SysWow64\QuickTime 2013-04-08 16:38 . 2013-04-08 16:38 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared 2013-04-08 16:38 . 2013-04-15 18:26 -------- d-----w- c:\program files (x86)\TechSmith . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-10 10:04 . 2012-07-31 06:01 72702784 ----a-w- c:\windows\system32\MRT.exe 2013-04-04 21:50 . 2012-06-09 23:11 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-14 07:56 . 2013-03-09 00:02 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-14 07:56 . 2011-05-13 04:03 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-14 07:56 . 2013-03-14 07:56 16486616 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2013-03-12 08:10 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe 2013-02-12 05:45 . 2013-03-13 09:13 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-13 09:13 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-13 09:13 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-13 09:13 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-13 09:13 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 09:13 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-12 04:12 . 2013-03-26 11:04 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys 2012-06-22 09:01 . 2012-06-22 07:45 3993600 ----a-w- c:\program files (x86)\GUT514B.tmp . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-04-16 19662744] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-03-01 18642024] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288] "Cinema ProII AP"="c:\program files (x86)\MSI\Cinema ProII\CinemaProII.exe" [2011-01-25 200192] "Cinema ProII Controler"="c:\program files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe" [2010-06-25 1689600] "THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-18 1351680] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-03-01 161384] R3 aswVmm;aswVmm; [x] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] R3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\Drivers\HPM1210FAX.sys [2009-12-03 16384] R3 htcusbnet;HTC USB-NDIS miniport;c:\windows\system32\DRIVERS\htcusbnet.sys [2010-12-15 153600] R3 MGHwCtrl;MGHwCtrl;c:\program files\msi\msi Software Install\MGHwCtrl.sys [x] R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2009-12-03 20480] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys [2010-11-30 307304] R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-03-24 30720] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-22 1255736] R4 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 aswRvrt;aswRvrt; [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-05-21 27240] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;c:\program files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [2009-11-18 355840] S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2009-12-03 126520] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336] S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\S-Bar\MSIService.exe [2011-02-17 160768] S2 MSI Foundation Service;MSI Foundation Service;c:\program files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [2010-07-17 12800] S2 postgresql-x64-9.0;postgresql-x64-9.0 - PostgreSQL Server 9.0;C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-x64-9.0 -D C:/Program Files/PostgreSQL/9.0/data -w [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-04-15 3289208] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-02-09 378472] S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-03-06 3560288] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280] S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2010-09-08 129024] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-12-10 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-12-10 181248] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 412264] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-10 16:42 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-09 07:56] . 2013-05-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2345854699-2240584141-1096779826-1001Core.job - c:\users\Squee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 02:46] . 2013-05-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2345854699-2240584141-1096779826-1001UA.job - c:\users\Squee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 02:46] . 2013-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-26 10:47] . 2013-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-26 10:47] . 2013-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2345854699-2240584141-1096779826-1001Core.job - c:\users\Squee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-02 06:38] . 2013-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2345854699-2240584141-1096779826-1001UA.job - c:\users\Squee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-02 06:38] . 2013-01-28 c:\windows\Tasks\ROC_REG_JAN_DELETE.job - c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-23 21:16] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-03-06 22:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-14 11697768] "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://msi.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Free YouTube to MP3 Converter - c:\users\Squee\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm TCP: DhcpNameServer = 192.168.8.1 205.178.190.113 200.45.191.35 FF - ProfilePath - c:\users\Squee\AppData\Roaming\Mozilla\Firefox\Profiles\dp82b6ac.default-1367871585051\ FF - ExtSQL: 2013-04-11 20:35; afurladvisor@anchorfree.com; c:\program files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com FF - ExtSQL: 2013-04-27 19:17; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF FF - ExtSQL: 2013-05-06 08:43; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - ExtSQL: !HIDDEN! 2013-01-01 16:04; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . - - - - ORPHANS REMOVED - - - - . BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE.dll Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe AddRemove-sXe Injected - c:\program files (x86)\sXe Injected\uninstall.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-x64-9.0] "ImagePath"="C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-x64-9.0] "ImagePath"="C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*] "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe . ************************************************************************** . Completion time: 2013-05-08 00:01:24 - machine was rebooted ComboFix-quarantined-files.txt 2013-05-08 07:01 . Pre-Run: 150,287,925,248 bytes free Post-Run: 150,223,876,096 bytes free . - - End Of File - - 00FF83A07918A938C72A8FCEBB9839EE -
I'm infected with something unsure what
squee451 replied to squee451's topic in Resolved Malware Removal Logs
I dont think my system is functioning normally, yet MBAR failed to find any threats or fix hotspot shield error. It said my system was fine. Also fix damage failed to find any of the other system issues. The internet is running incredibly slowly and cutting in and out still and I don't have hotspot shield running or anything. Let me know if there is something else I should do. Malwarebytes Anti-Rootkit BETA 1.05.0.1001 www.malwarebytes.org Database version: v2013.05.07.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Squee :: SALVADORDALI [administrator] 5/7/2013 9:59:38 AM mbar-log-2013-05-07 (09-59-38).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 31674 Time elapsed: 29 minute(s), 17 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.05.0.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_29 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED CPU speed: 1.995000 GHz Memory total: 8492818432, free: 5292773376 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.05.0.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_29 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED CPU speed: 1.995000 GHz Memory total: 8492818432, free: 5284237312 ------------ Kernel report ------------ 05/06/2013 19:50:42 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\compbatt.sys \SystemRoot\system32\drivers\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\system32\DRIVERS\nvpciflt.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\System32\Drivers\aswRvrt.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\aswSnx.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\Drivers\aswTdi.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\Drivers\aswrdr2.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\drivers\blbdrive.sys \SystemRoot\System32\Drivers\aswSP.SYS \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\Drivers\nvBridge.kmd \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\system32\drivers\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\drivers\nusb3xhc.sys \SystemRoot\system32\drivers\USBD.SYS \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\athrx.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\drivers\ETD.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\drivers\CmBatt.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\drivers\intelppm.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\HssDrv.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\drivers\nusb3hub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\MBfilt64.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\udfs.sys \SystemRoot\System32\ATMFD.DLL \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\drivers\luafv.sys \??\C:\windows\system32\drivers\aswMonFlt.sys \SystemRoot\System32\Drivers\aswFsBlk.SYS \SystemRoot\system32\DRIVERS\Sftvollh.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\system32\DRIVERS\Sftfslh.sys \SystemRoot\system32\DRIVERS\Sftplaylh.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\Sftredirlh.sys \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\windows\system32\drivers\mbamchameleon.sys \??\C:\windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\Wldap32.dll \Windows\System32\imm32.dll \Windows\System32\iertutil.dll \Windows\System32\advapi32.dll \Windows\System32\sechost.dll \Windows\System32\usp10.dll \Windows\System32\shell32.dll \Windows\System32\lpk.dll \Windows\System32\msvcrt.dll \Windows\System32\setupapi.dll \Windows\System32\gdi32.dll \Windows\System32\clbcatq.dll \Windows\System32\difxapi.dll \Windows\System32\urlmon.dll \Windows\System32\imagehlp.dll \Windows\System32\ole32.dll \Windows\System32\comdlg32.dll \Windows\System32\msctf.dll \Windows\System32\normaliz.dll \Windows\System32\kernel32.dll \Windows\System32\oleaut32.dll \Windows\System32\psapi.dll \Windows\System32\rpcrt4.dll \Windows\System32\ws2_32.dll \Windows\System32\shlwapi.dll \Windows\System32\wininet.dll \Windows\System32\user32.dll \Windows\System32\nsi.dll \Windows\System32\comctl32.dll \Windows\System32\KernelBase.dll \Windows\System32\wintrust.dll \Windows\System32\devobj.dll \Windows\System32\crypt32.dll \Windows\System32\cfgmgr32.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8007ad5790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa800783b050 Lower Device Driver Name: \Driver\iaStor\ Driver name found: iaStor Initialization returned 0x0 Load Function returned 0x0 ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.05.0.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_29 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED CPU speed: 1.995000 GHz Memory total: 8492818432, free: 6769156096 ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.05.0.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_29 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED CPU speed: 1.995000 GHz Memory total: 8492818432, free: 6586028032 ------------ Kernel report ------------ 05/07/2013 09:24:19 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\compbatt.sys \SystemRoot\system32\drivers\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\system32\DRIVERS\nvpciflt.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\System32\Drivers\aswRvrt.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\aswSnx.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\Drivers\aswTdi.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\Drivers\aswrdr2.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\drivers\blbdrive.sys \SystemRoot\System32\Drivers\aswSP.SYS \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\Drivers\nvBridge.kmd \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\system32\drivers\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\drivers\nusb3xhc.sys \SystemRoot\system32\drivers\USBD.SYS \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\athrx.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\drivers\ETD.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\drivers\CmBatt.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\drivers\intelppm.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\HssDrv.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\drivers\nusb3hub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\MBfilt64.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\udfs.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\drivers\luafv.sys \??\C:\windows\system32\drivers\aswMonFlt.sys \SystemRoot\System32\Drivers\aswFsBlk.SYS \SystemRoot\system32\DRIVERS\Sftvollh.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\system32\DRIVERS\Sftfslh.sys \SystemRoot\system32\DRIVERS\Sftplaylh.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\Sftredirlh.sys \??\C:\windows\system32\drivers\mbamchameleon.sys \??\C:\windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\Wldap32.dll \Windows\System32\difxapi.dll \Windows\System32\iertutil.dll \Windows\System32\imm32.dll \Windows\System32\oleaut32.dll \Windows\System32\sechost.dll \Windows\System32\psapi.dll \Windows\System32\usp10.dll \Windows\System32\msctf.dll \Windows\System32\nsi.dll \Windows\System32\clbcatq.dll \Windows\System32\lpk.dll \Windows\System32\msvcrt.dll \Windows\System32\shlwapi.dll \Windows\System32\kernel32.dll \Windows\System32\rpcrt4.dll \Windows\System32\imagehlp.dll \Windows\System32\ws2_32.dll \Windows\System32\gdi32.dll \Windows\System32\wininet.dll \Windows\System32\advapi32.dll \Windows\System32\user32.dll \Windows\System32\ole32.dll \Windows\System32\normaliz.dll \Windows\System32\shell32.dll \Windows\System32\setupapi.dll \Windows\System32\comdlg32.dll \Windows\System32\urlmon.dll \Windows\System32\wintrust.dll \Windows\System32\cfgmgr32.dll \Windows\System32\KernelBase.dll \Windows\System32\devobj.dll \Windows\System32\comctl32.dll \Windows\System32\crypt32.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8007ad0790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa80078d4050 Lower Device Driver Name: \Driver\iaStor\ Driver name found: iaStor Initialization returned 0x0 Load Function returned 0x0 Downloaded database version: v2013.05.07.06 Downloaded database version: v2013.05.01.01 Initializing... Done! <<<2>>> Device number: 0, partition: 3 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8007ad0790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8007ad01e0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007ad0790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80078d4050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a00bc8d420, 0xfffffa8007ad0790, 0xfffffa8006ba1090 Lower DeviceData: 0xfffff8a00bc3f480, 0xfffffa80078d4050, 0xfffffa8006b80310 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\windows\system32\drivers... <<<2>>> Device number: 0, partition: 3 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 93219FD1 Partition information: Partition 0 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 23068672 Partition 1 type is Other (0x27) Partition is ACTIVE. Partition starts at LBA: 23070720 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 23275520 Numsec = 736178636 Partition 3 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 759454156 Numsec = 490807524 Disk Size: 640135028736 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)... Done! Performing system, memory and registry scan... Done! Scan finished ======================================= -
I'm infected with something unsure what
squee451 replied to squee451's topic in Resolved Malware Removal Logs
I am an internet poker player by trade, and my friend and I are worried a number of us have had malware installed to allow remote viewing of our screens. If there's any other info you need or programs I should won please let me know. -
I'm infected with something unsure what
squee451 replied to squee451's topic in Resolved Malware Removal Logs
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Squee [Admin rights] Mode : Scan -- Date : 05/06/2013 16:23:34 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 8 ¤¤¤ [TASK][sUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 [7] -> FOUND [TASK][sUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 [7] -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD6400BEVT-22A0RT0 +++++ --- User --- [MBR] 875d2fd20b4739fa01e23abe7cfecf25 [bSP] 84a8717883c93f14835bcc369c6824c1 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 11264 Mo 1 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 23070720 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 23275520 | Size: 359462 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 759454156 | Size: 239652 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_05062013_02d1623.txt >> RKreport[1]_S_05062013_02d1623.txt -
My computer has been running quite slowly and disconnecting/cutting from the internet. I'm attaching the dds and attach files. I'm following this topic but don't see an option for immediate e-mail notification. I'll check back every few days. Thanks for helping me with this. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.9.2 Run by Squee at 13:33:01 on 2013-05-06 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8099.5090 [GMT -7:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\nvvsvc.exe C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\windows\system32\nvvsvc.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe C:\windows\SysWOW64\svchost.exe -k hpdevmgmt C:\windows\system32\HPSIsvc.exe C:\Program Files (x86)\S-Bar\MSIService.exe C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe C:\windows\System32\svchost.exe -k HPZ12 C:\windows\System32\svchost.exe -k HPZ12 C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe C:\Program Files\PostgreSQL\9.0\bin\postgres.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files\PostgreSQL\9.0\bin\postgres.exe C:\Program Files\PostgreSQL\9.0\bin\postgres.exe C:\Program Files\PostgreSQL\9.0\bin\postgres.exe C:\Program Files\PostgreSQL\9.0\bin\postgres.exe C:\Program Files\PostgreSQL\9.0\bin\postgres.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\windows\system32\svchost.exe -k HPService C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\system32\SearchIndexer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Elantech\ETDCtrlHelper.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe C:\windows\SysWOW64\ctfmon.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\windows\system32\msiexec.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\windows\System32\svchost.exe -k swprv C:\windows\system32\taskeng.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uDefault_Page_URL = hxxp://msi.msn.com mStart Page = hxxp://msi.msn.com mWinlogon: Userinit = userinit.exe BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [Google Update] "C:\Users\Squee\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [Cinema ProII AP] C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe mRun: [Cinema ProII Controler] C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r mRun: [updReg] C:\windows\UpdReg.EXE mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Free YouTube to MP3 Converter - C:\Users\Squee\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: NameServer = 192.168.8.1 205.178.190.113 200.45.191.35 TCP: Interfaces\{4D7A1332-C307-4A03-ADA8-087620EBDF0B} : DHCPNameServer = 192.168.8.1 205.178.190.113 200.45.191.35 TCP: Interfaces\{4D7A1332-C307-4A03-ADA8-087620EBDF0B}\2456C6B696E6F5E4F575962756C6563737F5341344933364 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{4D7A1332-C307-4A03-ADA8-087620EBDF0B}\54E434F42554935493648383 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{4D7A1332-C307-4A03-ADA8-087620EBDF0B}\74964786 : DHCPNameServer = 192.168.2.1 75.75.75.75 75.75.76.76 TCP: Interfaces\{4D7A1332-C307-4A03-ADA8-087620EBDF0B}\7596649602C4F6370205C6164716E6F637023243 : DHCPNameServer = 192.168.8.1 205.178.190.113 200.45.191.35 TCP: Interfaces\{4D7A1332-C307-4A03-ADA8-087620EBDF0B}\8456273786 : DHCPNameServer = 192.168.2.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe x64-Run: [THXCfg64] C:\windows\System32\RunDLL32.exe C:\windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64 x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Squee\AppData\Roaming\Mozilla\Firefox\Profiles\dp82b6ac.default-1367871585051\ FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Squee\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll FF - plugin: C:\Users\Squee\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: C:\Users\Squee\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Squee\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Users\Squee\AppData\Roaming\Mozilla\plugins\npo1d.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-04-11 20:35; afurladvisor@anchorfree.com; C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com FF - ExtSQL: 2013-04-27 19:17; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF FF - ExtSQL: 2013-05-06 08:43; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - ExtSQL: !HIDDEN! 2013-01-01 16:04; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;aswRvrt;C:\windows\System32\drivers\aswRvrt.sys [2013-4-27 65336] R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2012-2-19 27240] R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2013-4-26 1025808] R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2013-4-26 377920] R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2013-4-26 33400] R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2013-4-26 80816] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-4-27 45248] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [2009-11-18 355840] R2 HPSIService;HP SI Service;C:\windows\System32\HPSIsvc.exe [2012-3-3 126520] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-1 13336] R2 Micro Star SCM;Micro Star SCM;C:\Program Files (x86)\S-Bar\MSIService.exe [2011-2-17 160768] R2 MSI Foundation Service;MSI Foundation Service;C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [2010-7-16 12800] R2 postgresql-x64-9.0;postgresql-x64-9.0 - PostgreSQL Server 9.0;C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N "postgresql-x64-9.0" -D "C:/Program Files/PostgreSQL/9.0/data" -w --> C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-x64-9.0 [?] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-4-15 3289208] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-2-9 378472] R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-4-8 3560288] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-1 2656280] R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208] R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2011-3-1 129024] R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-3-1 317440] R3 MBfilt;MBfilt;C:\windows\System32\drivers\MBfilt64.sys [2011-3-1 32344] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-12-9 80384] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-12-9 181248] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-3-1 412264] R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384] S3 aswVmm;aswVmm;C:\windows\System32\drivers\aswVmm.sys [2013-4-27 178624] S3 HP1210FAX;HP1210MFP FAX;C:\windows\System32\drivers\HPM1210FAX.sys [2012-3-3 16384] S3 htcusbnet;HTC USB-NDIS miniport;C:\windows\System32\drivers\htcusbnet.sys [2012-2-2 153600] S3 mvusbews;USB EWS Device;C:\windows\System32\drivers\mvusbews.sys [2012-3-3 20480] S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUVStor.sys [2011-3-1 307304] S3 tapoas;TAP-Win32 Adapter OAS;C:\windows\System32\drivers\tapoas.sys [2011-3-23 30720] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-4-25 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-1-22 1255736] S4 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-05-06 20:27:23 388096 ----a-r- C:\Users\Squee\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-05-06 20:27:23 -------- d-----w- C:\Program Files (x86)\Trend Micro 2013-05-03 23:06:20 135168 ----a-w- C:\windows\System32\drivers\ZTEusbnet.sys 2013-05-03 23:06:20 119680 ----a-w- C:\windows\System32\drivers\ZTEusbser6k.sys 2013-05-03 23:06:20 119680 ----a-w- C:\windows\System32\drivers\ZTEusbnmea.sys 2013-05-03 23:06:20 119680 ----a-w- C:\windows\System32\drivers\ZTEusbmdm6k.sys 2013-05-03 23:06:03 -------- d-----w- C:\Program Files (x86)\Arnet Movil 2013-05-03 21:28:10 -------- d-----w- C:\Users\Squee\AppData\Local\Programs 2013-05-03 21:17:34 -------- d-----w- C:\Program Files\CCleaner 2013-05-02 20:29:06 -------- d-----w- C:\windows\SysWow64\SupportAppXL 2013-04-30 15:45:02 -------- d-----w- C:\Stars Data 2013-04-28 02:25:29 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0A8DB17A-A0C0-48FC-A2B3-70531310A3C5}\mpengine.dll 2013-04-28 02:17:53 65336 ----a-w- C:\windows\System32\drivers\aswRvrt.sys 2013-04-28 02:17:53 178624 ----a-w- C:\windows\System32\drivers\aswVmm.sys 2013-04-28 01:54:02 -------- d-----w- C:\Users\Squee\AppData\Roaming\TuneUp Software 2013-04-28 01:47:34 -------- d-----w- C:\Users\Squee\AppData\Local\Avg2013 2013-04-28 01:34:28 1493528 ----a-w- C:\windows\SysWow64\D3DCompiler_39.dll 2013-04-28 01:34:26 467984 ----a-w- C:\windows\SysWow64\d3dx10_39.dll 2013-04-28 01:33:59 3851784 ----a-w- C:\windows\SysWow64\D3DX9_39.dll 2013-04-28 00:47:20 -------- d-----w- C:\Riot Games 2013-04-27 20:03:19 -------- d-----w- C:\Users\Squee\AppData\Roaming\NVIDIA 2013-04-27 19:59:37 -------- d-----w- C:\Program Files (x86)\Pando Networks 2013-04-27 19:58:57 -------- d-----w- C:\Users\Squee\.swt 2013-04-27 01:36:52 -------- d-----w- C:\Program Files (x86)\PSQLINSTALL 2013-04-26 19:36:39 70992 ----a-w- C:\windows\System32\drivers\aswRdr2.sys 2013-04-26 19:36:37 1025808 ----a-w- C:\windows\System32\drivers\aswSnx.sys 2013-04-26 19:36:29 80816 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys 2013-04-26 19:34:12 41664 ----a-w- C:\windows\avastSS.scr 2013-04-26 19:33:11 -------- d-----w- C:\ProgramData\AVAST Software 2013-04-26 19:33:11 -------- d-----w- C:\Program Files\AVAST Software 2013-04-25 13:02:01 -------- d-----w- C:\ProgramData\Citrix 2013-04-25 12:59:01 -------- d-----w- C:\Program Files (x86)\Citrix 2013-04-25 12:57:17 -------- d-----w- C:\Users\Squee\AppData\Local\Citrix 2013-04-24 15:56:54 -------- d-----w- C:\Program Files\PostgreSQL 2013-04-24 15:32:25 1656680 ----a-w- C:\windows\System32\drivers\ntfs.sys 2013-04-24 07:13:53 -------- d-----w- C:\Users\Squee\AppData\Roaming\postgresql 2013-04-21 18:56:11 -------- d-----w- C:\Program Files (x86)\TableNinjaFT 2013-04-15 22:32:30 6128760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2013-04-15 22:32:30 6128760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2013-04-14 04:27:56 -------- d-----w- C:\PTHands 2013-04-12 15:08:30 -------- d-----w- C:\Users\Squee\AppData\Local\PokerTracker 4 2013-04-12 15:08:06 -------- d-----w- C:\Program Files (x86)\PokerTracker 4 2013-04-11 15:24:50 -------- d-----w- C:\Users\Squee\AppData\Roaming\Gyazo 2013-04-11 15:24:21 -------- d-----w- C:\Program Files (x86)\Gyazo 2013-04-10 10:27:12 0 ----a-w- C:\windows\SysWow64\shoAC4.tmp 2013-04-10 00:00:05 3717632 ----a-w- C:\windows\System32\mstscax.dll 2013-04-10 00:00:04 44032 ----a-w- C:\windows\System32\tsgqec.dll 2013-04-10 00:00:04 36864 ----a-w- C:\windows\SysWow64\tsgqec.dll 2013-04-10 00:00:04 3217408 ----a-w- C:\windows\SysWow64\mstscax.dll 2013-04-10 00:00:04 158720 ----a-w- C:\windows\System32\aaclient.dll 2013-04-10 00:00:04 131584 ----a-w- C:\windows\SysWow64\aaclient.dll 2013-04-09 23:59:37 3153408 ----a-w- C:\windows\System32\win32k.sys 2013-04-09 23:54:01 223752 ----a-w- C:\windows\System32\drivers\fvevol.sys 2013-04-09 23:53:59 5550424 ----a-w- C:\windows\System32\ntoskrnl.exe 2013-04-09 23:53:57 3968856 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2013-04-09 23:53:57 3913560 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2013-04-09 23:53:56 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll 2013-04-09 23:53:56 43520 ----a-w- C:\windows\System32\csrsrv.dll 2013-04-09 23:53:56 112640 ----a-w- C:\windows\System32\smss.exe 2013-04-08 20:20:21 -------- d-----w- C:\Users\Squee\AppData\Roaming\GMATPrep 2013-04-08 16:44:03 -------- d-----w- C:\Users\Squee\AppData\Roaming\BANDISOFT 2013-04-08 16:42:55 -------- d-----w- C:\Program Files (x86)\Bandicam 2013-04-08 16:42:53 -------- d-----w- C:\Program Files (x86)\BandiMPEG1 2013-04-08 16:38:51 -------- d-----w- C:\windows\SysWow64\QuickTime 2013-04-08 16:38:17 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared . ==================== Find3M ==================== . 2013-04-04 21:50:32 25928 ----a-w- C:\windows\System32\drivers\mbam.sys 2013-03-14 07:56:37 73432 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-14 07:56:37 693976 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2013-03-14 07:56:01 16486616 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe 2013-03-12 08:10:56 282744 ------w- C:\windows\System32\MpSigStub.exe 2013-02-22 06:27:49 2312704 ----a-w- C:\windows\System32\jscript9.dll 2013-02-22 06:20:51 1392128 ----a-w- C:\windows\System32\wininet.dll 2013-02-22 06:19:37 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2013-02-22 06:15:48 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2013-02-22 06:15:23 599040 ----a-w- C:\windows\System32\vbscript.dll 2013-02-22 06:12:41 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2013-02-22 03:46:00 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll 2013-02-22 03:38:00 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2013-02-22 03:37:50 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2013-02-22 03:34:17 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2013-02-22 03:34:03 420864 ----a-w- C:\windows\SysWow64\vbscript.dll 2013-02-22 03:31:46 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2013-02-12 05:45:24 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45:22 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45:22 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45:22 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48:31 474112 ----a-w- C:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll 2013-02-12 04:12:05 19968 ----a-w- C:\windows\System32\drivers\usb8023.sys 2012-06-22 09:01:02 3993600 ----a-w- C:\Program Files (x86)\GUT514B.tmp . ============= FINISH: 13:37:20.09 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 4/22/2011 7:02:13 AM System Uptime: 5/6/2013 8:42:48 AM (5 hours ago) . Motherboard: Micro-Star International | | GE620/FX620DX Processor: Intel® Core i7-2630QM CPU @ 2.00GHz | SOCKET 0 | 1880/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 351 GiB total, 141.122 GiB free. D: is FIXED (NTFS) - 234 GiB total, 124.061 GiB free. E: is CDROM (UDF) . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Photosmart C4500 series Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Photosmart C4500 series PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Description: Photosmart C4500 series Device ID: ROOT\IMAGE\0001 Manufacturer: HP Name: Photosmart C4500 series PNP Device ID: ROOT\IMAGE\0001 Service: StillCam . ==== System Restore Points =================== . RP157: 5/3/2013 4:04:48 PM - Removed Arnet Móvil RP158: 5/3/2013 4:05:58 PM - Instalado Arnet Móvil RP157: 5/5/2013 7:01:08 PM - Windows Backup RP158: 5/6/2013 12:40:40 PM - Removed Microsoft Silverlight RP159: 5/6/2013 1:15:17 PM - Removed Microsoft Silverlight RP160: 5/6/2013 1:27:17 PM - Installed HiJackThis . ==== Installed Programs ====================== . 64 Bit HP CIO Components Installer 888poker Absolute Poker Adobe Download Assistant Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.0) AOL Messaging Toolbar Apple Application Support Apple Mobile Device Support Apple Software Update Arnet Móvil Atheros Client Installation Program avast! Free Antivirus Bandicam Bandisoft MPEG-1 Decoder Battery Calibration Bestpoker Avatar Bing Bar Bonjour BufferChm BurnRecovery C4500 Camtasia Studio 7 CCleaner Cinema ProII Setup Complément Messenger Contrôle ActiveX Windows Live Mesh pour connexions à distance Control ActiveX de Windows Live Mesh para conexiones remotas Copy Counter-Strike 1.6 D3DX10 Destinations DeviceDiscovery Diablo III DivX Setup Download Updater (AOL LLC) EasyFace2 EasyViewer ETDWare PS/2-x64 7.0.5.15_WHQL Facebook Video Calling 1.2.0.287 Free YouTube to MP3 Converter version 3.11.36.1201 Full Tilt Poker Galerie de photos Windows Live Galería fotográfica de Windows Live GOM Player Google Chrome Google Drive Google Talk Plugin Google Update Helper GPBaseService2 Gyazo 1.0 Heroes of Newerth HiJackThis Holdem Manager Holdem Manager 2 HP Customer Participation Program 13.0 HP Imaging Device Functions 13.0 HP LaserJet Professional M1130-M1210 MFP Series HP LaserJet Professional M1210 MFP Series Fax Installer HP Photosmart C4500 All-In-One Driver Software 13.0 Rel. 4 HP Photosmart Essential 3.5 HP Smart Web Printing 4.51 HP Solution Center 13.0 HP Update HPPhotoGadget HPPhotoSmartDiscLabelContent1 HPPhotosmartEssential HPProductAssistant HPSSupply i-Charger Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology iTunes Java 7 Update 9 Java Auto Updater Java 6 Update 29 JavaFX 2.1.1 Junk Mail filter update League of Legends Lock Poker Malwarebytes Anti-Malware version 1.65.1.1000 MarketResearch Mesh Runtime Messenger Companion Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 20.0.1 (x86 en-US) Mozilla Maintenance Service MSI HOUSE msi Software Install MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Network64 NVIDIA 3D Vision Controller Driver NVIDIA 3D Vision Controller Driver 275.33 NVIDIA 3D Vision Driver 267.04 NVIDIA Control Panel 275.33 NVIDIA Graphics Driver 275.33 NVIDIA Install Application NVIDIA Optimus 1.3.5 NVIDIA PhysX NVIDIA PhysX System Software 9.10.0514 NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.3.5 NVIDIA Update Components PartyPoker Poker PokerStars PokerStove version 1.24 PokerTracker 4 (remove only) PostgreSQL 9.0 PS_AIO_04_C4500_Software_Min QuickTime Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Realtek USB 2.0 Reader Driver Renesas Electronics USB 3.0 Host Controller Driver S-Bar Scan Scan To Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Shop for HP Supplies Skype Click to Call Skype™ 6.3 SmartWebPrinting SolutionCenter Status Steam SuperGeek Free JPG to PDF Converter 2.3.1 sXe Injected TableNinja TableNinjaFT TeamViewer 8 THX TruStudio Pro Titan Poker Toolbox TrayApp UnloadSupport Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) VC80CRTRedist - 8.0.50727.6195 Visual Studio 2008 x64 Redistributables VLC media player 1.1.9 WebReg Windows Live Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR archiver WModem Driver Installer . ==== Event Viewer Messages From Past Week ======== . 5/6/2013 8:43:51 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 5/6/2013 12:27:26 PM, Error: Service Control Manager [7031] - The TeamViewer 8 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 2000 milliseconds: Restart the service. 5/4/2013 4:09:57 PM, Error: Service Control Manager [7023] - The Diagnostic System Host service terminated with the following error: The requested control is not valid for this service. 5/2/2013 8:15:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 5/2/2013 2:07:10 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 5/2/2013 2:04:26 PM, Error: Service Control Manager [7022] - The NVIDIA Update Service Daemon service hung on starting. 5/2/2013 2:00:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect. 5/2/2013 2:00:09 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/2/2013 1:58:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the postgresql-x64-9.0 - PostgreSQL Server 9.0 service to connect. 5/2/2013 1:58:46 PM, Error: Service Control Manager [7000] - The postgresql-x64-9.0 - PostgreSQL Server 9.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/2/2013 1:58:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MSI Foundation Service service to connect. 5/2/2013 1:58:15 PM, Error: Service Control Manager [7000] - The MSI Foundation Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/1/2013 8:27:26 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 4/30/2013 9:54:55 AM, Error: Service Control Manager [7034] - The HP LaserJet Professional M1210 MFP Series Receive Fax Service service terminated unexpectedly. It has done this 1 time(s). . ==== End Of File ===========================