jilow Posted July 24, 2012 ID:575414 Share Posted July 24, 2012 So I believe I have the virtumonde virus and the smithfraud-c virus. Which I believe are related. I got a virus from a friend browsing on my computer, and at first I thought I just had a virus called Incredibar. I believe I successfully removed that, but then I still had some symptoms. At the moment, I think i just have Virtumonde/smith-c virus, but they aren't really doing anything, (I can still use internet, no pop-ups, not slowing down my computer etc...), but they are there. Spybot sees them every time but can't fully remove them.Thanks for your help here are my attachments.DDS.txtAttach.txt Link to post Share on other sites More sharing options...
jilow Posted July 24, 2012 Author ID:575535 Share Posted July 24, 2012 Here's my MBAM log if desired:mbam-log-2012-07-24 (01-15-45).txt Link to post Share on other sites More sharing options...
MrCharlie Posted July 24, 2012 ID:575643 Share Posted July 24, 2012 Welcome to the forum.Before we proceed further, please uninstall or disable uTorrent and any other peer-to-peer filesharing app. Continued use of filesharing or ill-advised downloads will surely re-infect your system.Risks of File-Sharing Technology.P2P file sharing: Know the risksIt's also against our policy:http://forums.malwarebytes.org/index.php?showtopic=97700----------------------------------------Then........Please remove any usb or external drives from the computer before you run this scan!Please download and run RogueKiller to your desktop.For Windows XP, double-click to start.For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything!Don't run any other options, they're not all bad!!!!!!!Post back the report which should be located on your desktop.MrC Link to post Share on other sites More sharing options...
jilow Posted July 24, 2012 Author ID:576027 Share Posted July 24, 2012 I have Window 7 64 bit, and Rogue Killer didn't let me run as administrator, but it opened right away (after downloading it), and seemed to work. I followed all the other directions Here's the log, tell me if i need to re do it.RKreport1.txt Link to post Share on other sites More sharing options...
MrCharlie Posted July 25, 2012 ID:576042 Share Posted July 25, 2012 Please make sure system restore is running and create a new restore point before continuing.XP <===> Vista & W7XP users > please back up the registry using ERUNT.-----------------------------------------Please download and run TDSSKiller to your desktop as outlined below:Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.For Windows XP, double-click to start.For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.-------------------------Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.------------------------Click the Start Scan button.-----------------------If a suspicious object is detected, the default action will be Skip, click on ContinueIf you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please chooseSkip and click on Continue----------------------If malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.--------------------A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.-------------------Here's a summary of what to do if you would like to print it out:If a suspicious object is detected, the default action will be Skip, click on ContinueIf you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please chooseSkip and click on ContinueIf malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.MrC Link to post Share on other sites More sharing options...
jilow Posted July 25, 2012 Author ID:576325 Share Posted July 25, 2012 Should I be doing these actions all in Safe Mode? because I have not been.Here's the TDSSKiller report:10:14:53.0522 4592 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:3210:14:53.0896 4592 ============================================================10:14:53.0896 4592 Current date / time: 2012/07/25 10:14:53.089610:14:53.0896 4592 SystemInfo:10:14:53.0896 4592 10:14:53.0896 4592 OS Version: 6.1.7601 ServicePack: 1.010:14:53.0896 4592 Product type: Workstation10:14:53.0896 4592 ComputerName: NICK-PC10:14:53.0896 4592 UserName: Nick10:14:53.0896 4592 Windows directory: C:\Windows10:14:53.0896 4592 System windows directory: C:\Windows10:14:53.0896 4592 Running under WOW6410:14:53.0896 4592 Processor architecture: Intel x6410:14:53.0896 4592 Number of processors: 310:14:53.0896 4592 Page size: 0x100010:14:53.0896 4592 Boot type: Normal boot10:14:53.0896 4592 ============================================================10:14:54.0921 4592 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x50C0B, SectorsPerTrack: 0xE, TracksPerCylinder: 0x87, Type 'K0', Flags 0x0000004010:14:54.0931 4592 ============================================================10:14:54.0931 4592 \Device\Harddisk0\DR0:10:14:54.0931 4592 MBR partitions:10:14:54.0931 4592 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3200010:14:54.0931 4592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB80010:14:54.0931 4592 ============================================================10:14:54.0951 4592 C: <-> \Device\Harddisk0\DR0\Partition110:14:54.0951 4592 ============================================================10:14:54.0951 4592 Initialize success10:14:54.0951 4592 ============================================================10:15:18.0047 2316 ============================================================10:15:18.0047 2316 Scan started10:15:18.0047 2316 Mode: Manual; SigCheck; TDLFS; 10:15:18.0047 2316 ============================================================10:15:18.0455 2316 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE10:15:18.0536 2316 !SASCORE - ok10:15:18.0683 2316 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys10:15:18.0724 2316 1394ohci - ok10:15:18.0815 2316 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys10:15:18.0855 2316 ACPI - ok10:15:18.0871 2316 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys10:15:18.0945 2316 AcpiPmi - ok10:15:19.0042 2316 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe10:15:19.0066 2316 AdobeARMservice - ok10:15:19.0175 2316 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe10:15:19.0211 2316 AdobeFlashPlayerUpdateSvc - ok10:15:19.0269 2316 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys10:15:19.0290 2316 adp94xx - ok10:15:19.0352 2316 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys10:15:19.0377 2316 adpahci - ok10:15:19.0396 2316 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys10:15:19.0409 2316 adpu320 - ok10:15:19.0431 2316 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll10:15:19.0468 2316 AeLookupSvc - ok10:15:19.0512 2316 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys10:15:19.0543 2316 AFD - ok10:15:19.0590 2316 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys10:15:19.0601 2316 agp440 - ok10:15:19.0620 2316 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe10:15:19.0674 2316 ALG - ok10:15:19.0696 2316 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys10:15:19.0711 2316 aliide - ok10:15:19.0732 2316 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys10:15:19.0748 2316 amdide - ok10:15:19.0789 2316 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys10:15:19.0829 2316 AmdK8 - ok10:15:19.0856 2316 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys10:15:19.0884 2316 AmdPPM - ok10:15:19.0927 2316 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys10:15:19.0939 2316 amdsata - ok10:15:19.0958 2316 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys10:15:19.0971 2316 amdsbs - ok10:15:19.0999 2316 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys10:15:20.0008 2316 amdxata - ok10:15:20.0057 2316 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys10:15:20.0132 2316 AppID - ok10:15:20.0157 2316 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll10:15:20.0221 2316 AppIDSvc - ok10:15:20.0263 2316 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll10:15:20.0305 2316 Appinfo - ok10:15:20.0385 2316 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe10:15:20.0413 2316 Apple Mobile Device - ok10:15:20.0446 2316 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll10:15:20.0474 2316 AppMgmt - ok10:15:20.0520 2316 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys10:15:20.0538 2316 arc - ok10:15:20.0555 2316 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys10:15:20.0572 2316 arcsas - ok10:15:20.0596 2316 aswFsBlk (df59b8e8df0bd2e0e303778a3806a17d) C:\Windows\system32\drivers\aswFsBlk.sys10:15:20.0616 2316 aswFsBlk - ok10:15:20.0642 2316 aswMonFlt (f8e6ab4f876feff69250f2e0c29ef004) C:\Windows\system32\drivers\aswMonFlt.sys10:15:20.0657 2316 aswMonFlt - ok10:15:20.0679 2316 aswRdr (aa92bc4bcba40ca3aa3ffd1be24f0c09) C:\Windows\System32\Drivers\aswrdr2.sys10:15:20.0694 2316 aswRdr - ok10:15:20.0737 2316 aswSnx (f06e230e1e8ca9437a6474b7b551cd37) C:\Windows\system32\drivers\aswSnx.sys10:15:20.0757 2316 aswSnx - ok10:15:20.0781 2316 aswSP (3610ca74a69e380424f0452dec5c1317) C:\Windows\system32\drivers\aswSP.sys10:15:20.0794 2316 aswSP - ok10:15:20.0810 2316 aswTdi (87de3e31cb0091d22351349869324065) C:\Windows\system32\drivers\aswTdi.sys10:15:20.0821 2316 aswTdi - ok10:15:20.0849 2316 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys10:15:20.0916 2316 AsyncMac - ok10:15:20.0946 2316 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys10:15:20.0974 2316 atapi - ok10:15:21.0002 2316 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys10:15:21.0016 2316 AtiPcie - ok10:15:21.0083 2316 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll10:15:21.0144 2316 AudioEndpointBuilder - ok10:15:21.0149 2316 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll10:15:21.0181 2316 AudioSrv - ok10:15:21.0263 2316 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe10:15:21.0287 2316 avast! Antivirus - ok10:15:21.0357 2316 AVEO (9d1601a9891c4f3033e4999d823ec384) C:\Windows\system32\DRIVERS\dcnt.sys10:15:21.0424 2316 AVEO - ok10:15:21.0490 2316 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll10:15:21.0554 2316 AxInstSV - ok10:15:21.0602 2316 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys10:15:21.0639 2316 b06bdrv - ok10:15:21.0686 2316 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys10:15:21.0732 2316 b57nd60a - ok10:15:21.0804 2316 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll10:15:21.0861 2316 BDESVC - ok10:15:21.0883 2316 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys10:15:21.0963 2316 Beep - ok10:15:22.0063 2316 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll10:15:22.0135 2316 BFE - ok10:15:22.0199 2316 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll10:15:22.0249 2316 BITS - ok10:15:22.0286 2316 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys10:15:22.0317 2316 blbdrive - ok10:15:22.0426 2316 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe10:15:22.0442 2316 Bonjour Service - ok10:15:22.0476 2316 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys10:15:22.0489 2316 bowser - ok10:15:22.0513 2316 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys10:15:22.0532 2316 BrFiltLo - ok10:15:22.0544 2316 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys10:15:22.0558 2316 BrFiltUp - ok10:15:22.0609 2316 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll10:15:22.0683 2316 Browser - ok10:15:22.0709 2316 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys10:15:22.0746 2316 Brserid - ok10:15:22.0772 2316 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys10:15:22.0802 2316 BrSerWdm - ok10:15:22.0818 2316 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys10:15:22.0838 2316 BrUsbMdm - ok10:15:22.0868 2316 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys10:15:22.0901 2316 BrUsbSer - ok10:15:22.0953 2316 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys10:15:23.0045 2316 BTHMODEM - ok10:15:23.0183 2316 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll10:15:23.0274 2316 bthserv - ok10:15:23.0295 2316 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys10:15:23.0370 2316 cdfs - ok10:15:23.0428 2316 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys10:15:23.0477 2316 cdrom - ok10:15:23.0522 2316 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll10:15:23.0562 2316 CertPropSvc - ok10:15:23.0572 2316 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys10:15:23.0599 2316 circlass - ok10:15:23.0634 2316 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys10:15:23.0650 2316 CLFS - ok10:15:23.0702 2316 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe10:15:23.0737 2316 clr_optimization_v2.0.50727_32 - ok10:15:23.0800 2316 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe10:15:23.0833 2316 clr_optimization_v2.0.50727_64 - ok10:15:23.0926 2316 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe10:15:23.0955 2316 clr_optimization_v4.0.30319_32 - ok10:15:23.0981 2316 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe10:15:23.0997 2316 clr_optimization_v4.0.30319_64 - ok10:15:24.0027 2316 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys10:15:24.0054 2316 CmBatt - ok10:15:24.0113 2316 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys10:15:24.0149 2316 cmdide - ok10:15:24.0217 2316 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys10:15:24.0250 2316 CNG - ok10:15:24.0263 2316 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys10:15:24.0274 2316 Compbatt - ok10:15:24.0347 2316 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys10:15:24.0403 2316 CompositeBus - ok10:15:24.0422 2316 COMSysApp - ok10:15:24.0435 2316 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys10:15:24.0451 2316 crcdisk - ok10:15:24.0500 2316 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll10:15:24.0548 2316 CryptSvc - ok10:15:24.0633 2316 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys10:15:24.0688 2316 CSC - ok10:15:24.0733 2316 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll10:15:24.0781 2316 CscService - ok10:15:24.0810 2316 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll10:15:24.0863 2316 DcomLaunch - ok10:15:24.0901 2316 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll10:15:24.0943 2316 defragsvc - ok10:15:25.0041 2316 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys10:15:25.0113 2316 DfsC - ok10:15:25.0167 2316 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll10:15:25.0238 2316 Dhcp - ok10:15:25.0258 2316 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys10:15:25.0299 2316 discache - ok10:15:25.0325 2316 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys10:15:25.0335 2316 Disk - ok10:15:25.0384 2316 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll10:15:25.0408 2316 Dnscache - ok10:15:25.0446 2316 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll10:15:25.0486 2316 dot3svc - ok10:15:25.0521 2316 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll10:15:25.0563 2316 DPS - ok10:15:25.0614 2316 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys10:15:25.0627 2316 drmkaud - ok10:15:25.0653 2316 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys10:15:25.0665 2316 dtsoftbus01 - ok10:15:25.0734 2316 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys10:15:25.0754 2316 DXGKrnl - ok10:15:25.0769 2316 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll10:15:25.0812 2316 EapHost - ok10:15:25.0949 2316 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys10:15:26.0000 2316 ebdrv - ok10:15:26.0096 2316 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe10:15:26.0180 2316 EFS - ok10:15:26.0280 2316 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe10:15:26.0323 2316 ehRecvr - ok10:15:26.0343 2316 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe10:15:26.0405 2316 ehSched - ok10:15:26.0488 2316 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys10:15:26.0519 2316 elxstor - ok10:15:26.0552 2316 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys10:15:26.0578 2316 ErrDev - ok10:15:26.0636 2316 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll10:15:26.0668 2316 EventSystem - ok10:15:26.0702 2316 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys10:15:26.0731 2316 exfat - ok10:15:26.0750 2316 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys10:15:26.0792 2316 fastfat - ok10:15:26.0876 2316 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe10:15:26.0919 2316 Fax - ok10:15:26.0928 2316 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys10:15:26.0951 2316 fdc - ok10:15:26.0998 2316 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll10:15:27.0067 2316 fdPHost - ok10:15:27.0078 2316 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll10:15:27.0149 2316 FDResPub - ok10:15:27.0163 2316 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys10:15:27.0174 2316 FileInfo - ok10:15:27.0185 2316 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys10:15:27.0235 2316 Filetrace - ok10:15:27.0315 2316 FlipShare Service (b8602c90d3c427d8a86ce60437615cf5) C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe10:15:27.0334 2316 FlipShare Service - ok10:15:27.0428 2316 FlipShareServer (ac5fb7094f31534594cae48306972cbd) C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe10:15:27.0459 2316 FlipShareServer ( UnsignedFile.Multi.Generic ) - warning10:15:27.0459 2316 FlipShareServer - detected UnsignedFile.Multi.Generic (1)10:15:27.0584 2316 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys10:15:27.0616 2316 flpydisk - ok10:15:27.0668 2316 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys10:15:27.0689 2316 FltMgr - ok10:15:27.0725 2316 FLxHCIc (e35f19855192d025da41e8dfa318206a) C:\Windows\system32\DRIVERS\FLxHCIc.sys10:15:27.0737 2316 FLxHCIc - ok10:15:27.0833 2316 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll10:15:27.0883 2316 FontCache - ok10:15:27.0983 2316 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe10:15:28.0005 2316 FontCache3.0.0.0 - ok10:15:28.0022 2316 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys10:15:28.0039 2316 FsDepends - ok10:15:28.0080 2316 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys10:15:28.0095 2316 Fs_Rec - ok10:15:28.0169 2316 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys10:15:28.0214 2316 fvevol - ok10:15:28.0236 2316 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys10:15:28.0252 2316 gagp30kx - ok10:15:28.0291 2316 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys10:15:28.0304 2316 GEARAspiWDM - ok10:15:28.0368 2316 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll10:15:28.0417 2316 gpsvc - ok10:15:28.0434 2316 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys10:15:28.0452 2316 hcw85cir - ok10:15:28.0518 2316 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys10:15:28.0553 2316 HdAudAddService - ok10:15:28.0587 2316 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys10:15:28.0628 2316 HDAudBus - ok10:15:28.0644 2316 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys10:15:28.0695 2316 HidBatt - ok10:15:28.0707 2316 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys10:15:28.0725 2316 HidBth - ok10:15:28.0744 2316 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys10:15:28.0762 2316 HidIr - ok10:15:28.0793 2316 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll10:15:28.0862 2316 hidserv - ok10:15:28.0931 2316 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys10:15:28.0963 2316 HidUsb - ok10:15:29.0046 2316 HiPatchService (5a457c3d00c1c701230a12aa1580114d) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe10:15:29.0058 2316 HiPatchService ( UnsignedFile.Multi.Generic ) - warning10:15:29.0058 2316 HiPatchService - detected UnsignedFile.Multi.Generic (1)10:15:29.0101 2316 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll10:15:29.0190 2316 hkmsvc - ok10:15:29.0246 2316 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll10:15:29.0286 2316 HomeGroupListener - ok10:15:29.0330 2316 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll10:15:29.0358 2316 HomeGroupProvider - ok10:15:29.0398 2316 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys10:15:29.0416 2316 HpSAMD - ok10:15:29.0471 2316 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys10:15:29.0530 2316 HTTP - ok10:15:29.0585 2316 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys10:15:29.0617 2316 hwpolicy - ok10:15:29.0658 2316 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys10:15:29.0677 2316 i8042prt - ok10:15:29.0699 2316 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys10:15:29.0715 2316 iaStorV - ok10:15:30.0067 2316 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe10:15:30.0098 2316 idsvc - ok10:15:30.0129 2316 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys10:15:30.0140 2316 iirsp - ok10:15:30.0202 2316 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll10:15:30.0253 2316 IKEEXT - ok10:15:30.0367 2316 IntcAzAudAddService (e9befd8c6a1db3b544b61647dda35f62) C:\Windows\system32\drivers\RTKVHD64.sys10:15:30.0400 2316 IntcAzAudAddService - ok10:15:30.0524 2316 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys10:15:30.0553 2316 intelide - ok10:15:30.0581 2316 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys10:15:30.0620 2316 intelppm - ok10:15:30.0653 2316 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll10:15:30.0708 2316 IPBusEnum - ok10:15:30.0743 2316 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys10:15:30.0781 2316 IpFilterDriver - ok10:15:30.0849 2316 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll10:15:30.0893 2316 iphlpsvc - ok10:15:30.0924 2316 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys10:15:30.0991 2316 IPMIDRV - ok10:15:31.0024 2316 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys10:15:31.0076 2316 IPNAT - ok10:15:31.0180 2316 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe10:15:31.0210 2316 iPod Service - ok10:15:31.0235 2316 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys10:15:31.0262 2316 IRENUM - ok10:15:31.0312 2316 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys10:15:31.0348 2316 isapnp - ok10:15:31.0414 2316 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys10:15:31.0428 2316 iScsiPrt - ok10:15:31.0446 2316 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys10:15:31.0457 2316 kbdclass - ok10:15:31.0470 2316 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys10:15:31.0496 2316 kbdhid - ok10:15:31.0527 2316 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe10:15:31.0540 2316 KeyIso - ok10:15:31.0576 2316 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys10:15:31.0587 2316 KSecDD - ok10:15:31.0604 2316 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys10:15:31.0616 2316 KSecPkg - ok10:15:31.0654 2316 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys10:15:31.0691 2316 ksthunk - ok10:15:31.0724 2316 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll10:15:31.0763 2316 KtmRm - ok10:15:31.0816 2316 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll10:15:31.0860 2316 LanmanServer - ok10:15:31.0899 2316 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll10:15:31.0961 2316 LanmanWorkstation - ok10:15:31.0989 2316 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys10:15:32.0036 2316 lltdio - ok10:15:32.0083 2316 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll10:15:32.0152 2316 lltdsvc - ok10:15:32.0166 2316 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll10:15:32.0196 2316 lmhosts - ok10:15:32.0226 2316 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys10:15:32.0238 2316 LSI_FC - ok10:15:32.0258 2316 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys10:15:32.0270 2316 LSI_SAS - ok10:15:32.0281 2316 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys10:15:32.0292 2316 LSI_SAS2 - ok10:15:32.0312 2316 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys10:15:32.0325 2316 LSI_SCSI - ok10:15:32.0351 2316 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys10:15:32.0391 2316 luafv - ok10:15:32.0425 2316 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll10:15:32.0488 2316 Mcx2Svc - ok10:15:32.0502 2316 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys10:15:32.0518 2316 megasas - ok10:15:32.0539 2316 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys10:15:32.0554 2316 MegaSR - ok10:15:32.0581 2316 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll10:15:32.0611 2316 MMCSS - ok10:15:32.0625 2316 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys10:15:32.0664 2316 Modem - ok10:15:32.0685 2316 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys10:15:32.0707 2316 monitor - ok10:15:32.0757 2316 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys10:15:32.0794 2316 mouclass - ok10:15:32.0810 2316 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys10:15:32.0833 2316 mouhid - ok10:15:32.0877 2316 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys10:15:32.0889 2316 mountmgr - ok10:15:32.0936 2316 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys10:15:32.0979 2316 mpio - ok10:15:32.0995 2316 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys10:15:33.0037 2316 mpsdrv - ok10:15:33.0099 2316 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll10:15:33.0146 2316 MpsSvc - ok10:15:33.0182 2316 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys10:15:33.0206 2316 MRxDAV - ok10:15:33.0377 2316 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys10:15:33.0424 2316 mrxsmb - ok10:15:33.0453 2316 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys10:15:33.0486 2316 mrxsmb10 - ok10:15:33.0521 2316 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys10:15:33.0547 2316 mrxsmb20 - ok10:15:33.0585 2316 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys10:15:33.0596 2316 msahci - ok10:15:33.0629 2316 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys10:15:33.0642 2316 msdsm - ok10:15:33.0679 2316 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe10:15:33.0703 2316 MSDTC - ok10:15:33.0726 2316 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys10:15:33.0754 2316 Msfs - ok10:15:33.0783 2316 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys10:15:33.0868 2316 mshidkmdf - ok10:15:33.0884 2316 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys10:15:33.0895 2316 msisadrv - ok10:15:33.0922 2316 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll10:15:33.0962 2316 MSiSCSI - ok10:15:33.0964 2316 msiserver - ok10:15:33.0986 2316 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys10:15:34.0021 2316 MSKSSRV - ok10:15:34.0038 2316 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys10:15:34.0078 2316 MSPCLOCK - ok10:15:34.0081 2316 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys10:15:34.0121 2316 MSPQM - ok10:15:34.0160 2316 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys10:15:34.0175 2316 MsRPC - ok10:15:34.0190 2316 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys10:15:34.0200 2316 mssmbios - ok10:15:34.0217 2316 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys10:15:34.0250 2316 MSTEE - ok10:15:34.0263 2316 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys10:15:34.0275 2316 MTConfig - ok10:15:34.0288 2316 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys10:15:34.0299 2316 Mup - ok10:15:34.0337 2316 mv91xx (8db5861a8db19abaf430fcd001ef5e93) C:\Windows\system32\DRIVERS\mv91xx.sys10:15:34.0351 2316 mv91xx - ok10:15:34.0416 2316 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll10:15:34.0476 2316 napagent - ok10:15:34.0515 2316 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys10:15:34.0552 2316 NativeWifiP - ok10:15:34.0610 2316 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys10:15:34.0639 2316 NDIS - ok10:15:34.0654 2316 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys10:15:34.0682 2316 NdisCap - ok10:15:34.0703 2316 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys10:15:34.0740 2316 NdisTapi - ok10:15:34.0768 2316 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys10:15:34.0833 2316 Ndisuio - ok10:15:34.0874 2316 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys10:15:34.0931 2316 NdisWan - ok10:15:34.0962 2316 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys10:15:34.0991 2316 NDProxy - ok10:15:35.0007 2316 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys10:15:35.0045 2316 NetBIOS - ok10:15:35.0089 2316 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys10:15:35.0146 2316 NetBT - ok10:15:35.0178 2316 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe10:15:35.0190 2316 Netlogon - ok10:15:35.0223 2316 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll10:15:35.0262 2316 Netman - ok10:15:35.0281 2316 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll10:15:35.0318 2316 netprofm - ok10:15:35.0401 2316 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe10:15:35.0420 2316 NetTcpPortSharing - ok10:15:35.0450 2316 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys10:15:35.0465 2316 nfrd960 - ok10:15:35.0520 2316 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll10:15:35.0584 2316 NlaSvc - ok10:15:35.0598 2316 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys10:15:35.0626 2316 Npfs - ok10:15:35.0647 2316 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll10:15:35.0676 2316 nsi - ok10:15:35.0682 2316 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys10:15:35.0728 2316 nsiproxy - ok10:15:35.0816 2316 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys10:15:35.0852 2316 Ntfs - ok10:15:35.0964 2316 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys10:15:36.0024 2316 Null - ok10:15:36.0073 2316 NVHDA (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys10:15:36.0084 2316 NVHDA - ok10:15:36.0636 2316 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys10:15:36.0798 2316 nvlddmkm - ok10:15:36.0929 2316 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys10:15:36.0969 2316 nvraid - ok10:15:36.0984 2316 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys10:15:37.0001 2316 nvstor - ok10:15:37.0054 2316 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe10:15:37.0079 2316 nvsvc - ok10:15:37.0155 2316 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe10:15:37.0183 2316 nvUpdatusService - ok10:15:37.0297 2316 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys10:15:37.0311 2316 nv_agp - ok10:15:37.0345 2316 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys10:15:37.0369 2316 ohci1394 - ok10:15:37.0402 2316 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll10:15:37.0437 2316 p2pimsvc - ok10:15:37.0462 2316 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll10:15:37.0481 2316 p2psvc - ok10:15:37.0504 2316 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys10:15:37.0518 2316 Parport - ok10:15:37.0548 2316 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys10:15:37.0560 2316 partmgr - ok10:15:37.0574 2316 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll10:15:37.0602 2316 PcaSvc - ok10:15:37.0645 2316 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys10:15:37.0658 2316 pci - ok10:15:37.0669 2316 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys10:15:37.0679 2316 pciide - ok10:15:37.0701 2316 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys10:15:37.0714 2316 pcmcia - ok10:15:37.0750 2316 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys10:15:37.0783 2316 pcw - ok10:15:37.0840 2316 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys10:15:37.0905 2316 PEAUTH - ok10:15:37.0972 2316 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll10:15:38.0011 2316 PeerDistSvc - ok10:15:38.0072 2316 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe10:15:38.0092 2316 PerfHost - ok10:15:38.0248 2316 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll10:15:38.0301 2316 pla - ok10:15:38.0333 2316 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll10:15:38.0364 2316 PlugPlay - ok10:15:38.0390 2316 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll10:15:38.0414 2316 PNRPAutoReg - ok10:15:38.0438 2316 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll10:15:38.0454 2316 PNRPsvc - ok10:15:38.0479 2316 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll10:15:38.0523 2316 PolicyAgent - ok10:15:38.0554 2316 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll10:15:38.0597 2316 Power - ok10:15:38.0658 2316 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys10:15:38.0734 2316 PptpMiniport - ok10:15:38.0830 2316 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys10:15:38.0867 2316 Processor - ok10:15:38.0952 2316 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll10:15:38.0991 2316 ProfSvc - ok10:15:39.0011 2316 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe10:15:39.0031 2316 ProtectedStorage - ok10:15:39.0075 2316 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys10:15:39.0119 2316 Psched - ok10:15:39.0196 2316 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys10:15:39.0229 2316 ql2300 - ok10:15:39.0323 2316 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys10:15:39.0334 2316 ql40xx - ok10:15:39.0363 2316 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll10:15:39.0388 2316 QWAVE - ok10:15:39.0400 2316 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys10:15:39.0415 2316 QWAVEdrv - ok10:15:39.0426 2316 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys10:15:39.0467 2316 RasAcd - ok10:15:39.0500 2316 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys10:15:39.0529 2316 RasAgileVpn - ok10:15:39.0545 2316 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll10:15:39.0585 2316 RasAuto - ok10:15:39.0619 2316 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys10:15:39.0652 2316 Rasl2tp - ok10:15:39.0700 2316 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll10:15:39.0733 2316 RasMan - ok10:15:39.0770 2316 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys10:15:39.0813 2316 RasPppoe - ok10:15:39.0836 2316 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys10:15:39.0873 2316 RasSstp - ok10:15:39.0914 2316 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys10:15:39.0974 2316 rdbss - ok10:15:39.0987 2316 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys10:15:40.0009 2316 rdpbus - ok10:15:40.0023 2316 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys10:15:40.0050 2316 RDPCDD - ok10:15:40.0096 2316 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys10:15:40.0126 2316 RDPDR - ok10:15:40.0145 2316 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys10:15:40.0184 2316 RDPENCDD - ok10:15:40.0199 2316 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys10:15:40.0226 2316 RDPREFMP - ok10:15:40.0293 2316 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys10:15:40.0333 2316 RdpVideoMiniport - ok10:15:40.0372 2316 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys10:15:40.0391 2316 RDPWD - ok10:15:40.0447 2316 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys10:15:40.0484 2316 rdyboost - ok10:15:40.0507 2316 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll10:15:40.0561 2316 RemoteAccess - ok10:15:40.0598 2316 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll10:15:40.0660 2316 RemoteRegistry - ok10:15:40.0748 2316 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll10:15:40.0812 2316 RpcEptMapper - ok10:15:40.0825 2316 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe10:15:40.0838 2316 RpcLocator - ok10:15:40.0887 2316 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll10:15:40.0920 2316 RpcSs - ok10:15:40.0952 2316 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys10:15:40.0981 2316 rspndr - ok10:15:41.0015 2316 RTL8167 (f65f171165fbb613f7aa3cc78e8cab42) C:\Windows\system32\DRIVERS\Rt64win7.sys10:15:41.0042 2316 RTL8167 - ok10:15:41.0067 2316 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys10:15:41.0088 2316 s3cap - ok10:15:41.0106 2316 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe10:15:41.0118 2316 SamSs - ok10:15:41.0207 2316 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS10:15:41.0215 2316 SASDIFSV - ok10:15:41.0239 2316 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS10:15:41.0248 2316 SASKUTIL - ok10:15:41.0284 2316 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys10:15:41.0296 2316 sbp2port - ok10:15:41.0325 2316 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll10:15:41.0365 2316 SCardSvr - ok10:15:41.0394 2316 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys10:15:41.0459 2316 scfilter - ok10:15:41.0527 2316 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll10:15:41.0581 2316 Schedule - ok10:15:41.0621 2316 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll10:15:41.0676 2316 SCPolicySvc - ok10:15:41.0719 2316 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll10:15:41.0751 2316 SDRSVC - ok10:15:41.0853 2316 SDScannerService (43d29ecb8137eeae30b0970bbc7a5500) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe10:15:41.0876 2316 SDScannerService - ok10:15:41.0937 2316 SDUpdateService (6b859b122e85c2c833e6d8c5dc4b07f3) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe10:15:41.0961 2316 SDUpdateService - ok10:15:41.0990 2316 SDWSCService (59dce6783f9ed27eb72c81466e363bf8) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe10:15:42.0000 2316 SDWSCService - ok10:15:42.0091 2316 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys10:15:42.0120 2316 secdrv - ok10:15:42.0151 2316 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll10:15:42.0193 2316 seclogon - ok10:15:42.0207 2316 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll10:15:42.0242 2316 SENS - ok10:15:42.0251 2316 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll10:15:42.0276 2316 SensrSvc - ok10:15:42.0297 2316 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys10:15:42.0318 2316 Serenum - ok10:15:42.0335 2316 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys10:15:42.0349 2316 Serial - ok10:15:42.0396 2316 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys10:15:42.0416 2316 sermouse - ok10:15:42.0458 2316 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll10:15:42.0498 2316 SessionEnv - ok10:15:42.0523 2316 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys10:15:42.0545 2316 sffdisk - ok10:15:42.0556 2316 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys10:15:42.0582 2316 sffp_mmc - ok10:15:42.0594 2316 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys10:15:42.0615 2316 sffp_sd - ok10:15:42.0635 2316 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys10:15:42.0653 2316 sfloppy - ok10:15:42.0686 2316 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll10:15:42.0732 2316 SharedAccess - ok10:15:42.0773 2316 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll10:15:42.0814 2316 ShellHWDetection - ok10:15:42.0824 2316 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys10:15:42.0835 2316 SiSRaid2 - ok10:15:42.0848 2316 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys10:15:42.0860 2316 SiSRaid4 - ok10:15:42.0923 2316 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe10:15:42.0961 2316 SkypeUpdate - ok10:15:42.0989 2316 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys10:15:43.0050 2316 Smb - ok10:15:43.0092 2316 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe10:15:43.0115 2316 SNMPTRAP - ok10:15:43.0125 2316 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys10:15:43.0135 2316 spldr - ok10:15:43.0184 2316 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe10:15:43.0219 2316 Spooler - ok10:15:43.0366 2316 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe10:15:43.0443 2316 sppsvc - ok10:15:43.0537 2316 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll10:15:43.0623 2316 sppuinotify - ok10:15:43.0682 2316 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys10:15:43.0706 2316 srv - ok10:15:43.0735 2316 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys10:15:43.0758 2316 srv2 - ok10:15:43.0775 2316 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys10:15:43.0789 2316 srvnet - ok10:15:43.0816 2316 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll10:15:43.0865 2316 SSDPSRV - ok10:15:43.0882 2316 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll10:15:43.0913 2316 SstpSvc - ok10:15:43.0956 2316 ss_bbus (ef806d212d34b0e173baeb3564d53e37) C:\Windows\system32\DRIVERS\ss_bbus.sys10:15:43.0988 2316 ss_bbus - ok10:15:44.0002 2316 ss_bmdfl (08b1b34abebeb6ac2dea06900c56411e) C:\Windows\system32\DRIVERS\ss_bmdfl.sys10:15:44.0035 2316 ss_bmdfl - ok10:15:44.0055 2316 ss_bmdm (71a9da6beaa4cb54dfb827fb78600a5d) C:\Windows\system32\DRIVERS\ss_bmdm.sys10:15:44.0073 2316 ss_bmdm - ok10:15:44.0148 2316 stdriver (c270c64b4f6ca87dac2d7f68ed57a141) C:\Windows\system32\DRIVERS\stdriver64.sys10:15:44.0174 2316 stdriver - ok10:15:44.0209 2316 Steam Client Service - ok10:15:44.0290 2316 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe10:15:44.0303 2316 Stereo Service - ok10:15:44.0330 2316 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys10:15:44.0340 2316 stexstor - ok10:15:44.0419 2316 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll10:15:44.0471 2316 stisvc - ok10:15:44.0519 2316 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys10:15:44.0530 2316 storflt - ok10:15:44.0540 2316 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys10:15:44.0550 2316 storvsc - ok10:15:44.0583 2316 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys10:15:44.0609 2316 swenum - ok10:15:44.0655 2316 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll10:15:44.0707 2316 swprv - ok10:15:44.0719 2316 Synth3dVsc - ok10:15:44.0816 2316 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll10:15:44.0860 2316 SysMain - ok10:15:44.0965 2316 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll10:15:45.0015 2316 TabletInputService - ok10:15:45.0061 2316 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll10:15:45.0112 2316 TapiSrv - ok10:15:45.0130 2316 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll10:15:45.0161 2316 TBS - ok10:15:45.0300 2316 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys10:15:45.0350 2316 Tcpip - ok10:15:45.0523 2316 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys10:15:45.0553 2316 TCPIP6 - ok10:15:45.0613 2316 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys10:15:45.0667 2316 tcpipreg - ok10:15:45.0694 2316 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys10:15:45.0711 2316 TDPIPE - ok10:15:45.0730 2316 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys10:15:45.0755 2316 TDTCP - ok10:15:45.0802 2316 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys10:15:45.0851 2316 tdx - ok10:15:45.0882 2316 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys10:15:45.0893 2316 TermDD - ok10:15:45.0949 2316 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll10:15:45.0997 2316 TermService - ok10:15:46.0024 2316 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll10:15:46.0056 2316 Themes - ok10:15:46.0084 2316 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll10:15:46.0113 2316 THREADORDER - ok10:15:46.0137 2316 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll10:15:46.0173 2316 TrkWks - ok10:15:46.0227 2316 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe10:15:46.0289 2316 TrustedInstaller - ok10:15:46.0323 2316 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys10:15:46.0357 2316 tssecsrv - ok10:15:46.0384 2316 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys10:15:46.0396 2316 TsUsbFlt - ok10:15:46.0399 2316 tsusbhub - ok10:15:46.0448 2316 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys10:15:46.0509 2316 tunnel - ok10:15:46.0527 2316 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys10:15:46.0539 2316 uagp35 - ok10:15:46.0577 2316 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys10:15:46.0607 2316 udfs - ok10:15:46.0631 2316 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe10:15:46.0646 2316 UI0Detect - ok10:15:46.0688 2316 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys10:15:46.0721 2316 uliagpkx - ok10:15:46.0771 2316 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys10:15:46.0794 2316 umbus - ok10:15:46.0824 2316 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys10:15:46.0849 2316 UmPass - ok10:15:46.0892 2316 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll10:15:46.0933 2316 UmRdpService - ok10:15:46.0972 2316 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll10:15:47.0022 2316 upnphost - ok10:15:47.0063 2316 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys10:15:47.0075 2316 USBAAPL64 - ok10:15:47.0112 2316 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys10:15:47.0144 2316 usbccgp - ok10:15:47.0182 2316 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys10:15:47.0204 2316 usbcir - ok10:15:47.0221 2316 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys10:15:47.0252 2316 usbehci - ok10:15:47.0291 2316 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys10:15:47.0319 2316 usbhub - ok10:15:47.0335 2316 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys10:15:47.0362 2316 usbohci - ok10:15:47.0383 2316 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys10:15:47.0405 2316 usbprint - ok10:15:47.0441 2316 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys10:15:47.0463 2316 usbscan - ok10:15:47.0502 2316 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS10:15:47.0545 2316 USBSTOR - ok10:15:47.0567 2316 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys10:15:47.0585 2316 usbuhci - ok10:15:47.0645 2316 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys10:15:47.0686 2316 usbvideo - ok10:15:47.0705 2316 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll10:15:47.0751 2316 UxSms - ok10:15:47.0771 2316 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe10:15:47.0783 2316 VaultSvc - ok10:15:47.0815 2316 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys10:15:47.0825 2316 vdrvroot - ok10:15:47.0888 2316 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe10:15:47.0931 2316 vds - ok10:15:47.0961 2316 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys10:15:47.0975 2316 vga - ok10:15:47.0987 2316 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys10:15:48.0060 2316 VgaSave - ok10:15:48.0065 2316 VGPU - ok10:15:48.0116 2316 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys10:15:48.0141 2316 vhdmp - ok10:15:48.0173 2316 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys10:15:48.0189 2316 viaide - ok10:15:48.0209 2316 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys10:15:48.0229 2316 vmbus - ok10:15:48.0242 2316 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys10:15:48.0269 2316 VMBusHID - ok10:15:48.0291 2316 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys10:15:48.0307 2316 volmgr - ok10:15:48.0355 2316 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys10:15:48.0371 2316 volmgrx - ok10:15:48.0420 2316 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys10:15:48.0463 2316 volsnap - ok10:15:48.0497 2316 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys10:15:48.0509 2316 vsmraid - ok10:15:48.0595 2316 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe10:15:48.0664 2316 VSS - ok10:15:48.0784 2316 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys10:15:48.0839 2316 vwifibus - ok10:15:48.0897 2316 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll10:15:48.0955 2316 W32Time - ok10:15:48.0974 2316 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys10:15:49.0010 2316 WacomPen - ok10:15:49.0066 2316 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys10:15:49.0139 2316 WANARP - ok10:15:49.0143 2316 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys10:15:49.0171 2316 Wanarpv6 - ok10:15:49.0242 2316 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe10:15:49.0272 2316 WatAdminSvc - ok10:15:49.0364 2316 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe10:15:49.0389 2316 wbengine - ok10:15:49.0478 2316 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll10:15:49.0523 2316 WbioSrvc - ok10:15:49.0565 2316 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll10:15:49.0605 2316 wcncsvc - ok10:15:49.0627 2316 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll10:15:49.0641 2316 WcsPlugInService - ok10:15:49.0682 2316 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys10:15:49.0692 2316 Wd - ok10:15:49.0722 2316 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys10:15:49.0733 2316 WDC_SAM - ok10:15:49.0767 2316 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys10:15:49.0788 2316 Wdf01000 - ok10:15:49.0804 2316 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll10:15:49.0832 2316 WdiServiceHost - ok10:15:49.0834 2316 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll10:15:49.0852 2316 WdiSystemHost - ok10:15:49.0897 2316 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll10:15:49.0936 2316 WebClient - ok10:15:49.0954 2316 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll10:15:49.0992 2316 Wecsvc - ok10:15:50.0004 2316 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll10:15:50.0049 2316 wercplsupport - ok10:15:50.0066 2316 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll10:15:50.0097 2316 WerSvc - ok10:15:50.0137 2316 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys10:15:50.0195 2316 WfpLwf - ok10:15:50.0210 2316 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys10:15:50.0221 2316 WIMMount - ok10:15:50.0255 2316 WinDefend - ok10:15:50.0266 2316 WinHttpAutoProxySvc - ok10:15:50.0310 2316 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll10:15:50.0369 2316 Winmgmt - ok10:15:50.0480 2316 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll10:15:50.0538 2316 WinRM - ok10:15:50.0655 2316 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll10:15:50.0697 2316 Wlansvc - ok10:15:50.0874 2316 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE10:15:50.0918 2316 wlidsvc - ok10:15:50.0976 2316 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys10:15:51.0024 2316 WmiAcpi - ok10:15:51.0074 2316 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe10:15:51.0105 2316 wmiApSrv - ok10:15:51.0150 2316 WMPNetworkSvc - ok10:15:51.0164 2316 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll10:15:51.0184 2316 WPCSvc - ok10:15:51.0223 2316 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll10:15:51.0260 2316 WPDBusEnum - ok10:15:51.0273 2316 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys10:15:51.0316 2316 ws2ifsl - ok10:15:51.0331 2316 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll10:15:51.0364 2316 wscsvc - ok10:15:51.0367 2316 WSearch - ok10:15:51.0485 2316 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll10:15:51.0534 2316 wuauserv - ok10:15:51.0661 2316 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys10:15:51.0708 2316 WudfPf - ok10:15:51.0741 2316 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys10:15:51.0790 2316 WUDFRd - ok10:15:51.0824 2316 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll10:15:51.0854 2316 wudfsvc - ok10:15:51.0878 2316 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll10:15:51.0908 2316 WwanSvc - ok10:15:51.0923 2316 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR010:15:52.0149 2316 \Device\Harddisk0\DR0 - ok10:15:52.0156 2316 Boot (0x1200) (55ff69306b09d9915325cfb33e812ba5) \Device\Harddisk0\DR0\Partition010:15:52.0159 2316 \Device\Harddisk0\DR0\Partition0 - ok10:15:52.0185 2316 Boot (0x1200) (e2468ccd69a9cccdc988e86dbbdd6889) \Device\Harddisk0\DR0\Partition110:15:52.0187 2316 \Device\Harddisk0\DR0\Partition1 - ok10:15:52.0187 2316 ============================================================10:15:52.0187 2316 Scan finished10:15:52.0187 2316 ============================================================10:15:52.0201 4620 Detected object count: 210:15:52.0201 4620 Actual detected object count: 210:16:52.0932 4620 FlipShareServer ( UnsignedFile.Multi.Generic ) - skipped by user10:16:52.0932 4620 FlipShareServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:16:52.0932 4620 HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user10:16:52.0932 4620 HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip Link to post Share on other sites More sharing options...
jilow Posted July 25, 2012 Author ID:576329 Share Posted July 25, 2012 If you prefer an attachment: TDSSKiller report:TDSSKillerReport.txt Link to post Share on other sites More sharing options...
MrCharlie Posted July 25, 2012 ID:576335 Share Posted July 25, 2012 When you go to post a log, click the "More Reply Options" in the lower right of the screen, then post in the new window that comes up.-----------------------------------That log was clean........Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingc...to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed.Please include the C:\ComboFix.txt in your next reply for further review.---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
jilow Posted July 25, 2012 Author ID:576403 Share Posted July 25, 2012 My audio is now disabled for some reason: but here's the report:ComboFix 12-07-26.03 - Nick 07/25/2012 11:28:28.1.3 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2470 [GMT -5:00]Running from: c:\users\Nick\Desktop\ComboFix.exeSP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Nick\AppData\Local\Temp\{B6F7E23D-66A0-48E0-B17A-BBA0AB40612B}\fpb.tmp..((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))))..2012-07-25 16:34 . 2012-07-25 16:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2012-07-24 13:26 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7871D5DA-D396-464F-87A8-351E8C7AD1AB}\mpengine.dll2012-07-22 10:16 . 2012-07-25 16:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy2012-07-22 08:05 . 2012-07-22 08:05 -------- d-----w- c:\users\Nick\AppData\Roaming\SUPERAntiSpyware.com2012-07-22 08:04 . 2012-07-22 08:05 -------- d-----w- c:\program files\SUPERAntiSpyware2012-07-22 08:04 . 2012-07-22 08:04 -------- d-----w- c:\programdata\SUPERAntiSpyware.com2012-07-22 08:03 . 2012-07-22 08:03 -------- d-----w- c:\users\Nick\AppData\Roaming\Malwarebytes2012-07-22 08:02 . 2012-07-22 08:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2012-07-22 08:02 . 2012-07-22 08:02 -------- d-----w- c:\programdata\Malwarebytes2012-07-22 08:02 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys2012-07-22 07:56 . 2012-07-22 07:56 -------- d-----w- c:\users\Nick\AppData\Local\ElevatedDiagnostics2012-07-22 07:53 . 2012-07-25 16:35 -------- d-----w- c:\windows\system32\wbem\repository2012-07-22 02:32 . 2012-07-22 02:32 -------- d-----w- c:\users\Nick\AppData\Roaming\Apple Computer2012-07-22 02:32 . 2012-07-22 02:32 -------- d-----w- c:\users\Nick\AppData\Local\Apple Computer2012-07-22 02:32 . 2008-04-17 17:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll2012-07-22 02:32 . 2012-07-22 07:49 -------- dc----w- c:\windows\system32\DRVSTORE2012-07-22 02:32 . 2009-05-18 18:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys2012-07-22 02:09 . 2012-07-22 07:30 -------- d-----w- c:\programdata\Tarma Installer2012-07-22 02:09 . 2012-07-22 02:09 447 ----a-w- C:\user.js2012-07-22 02:06 . 2012-07-22 02:06 -------- d-----w- c:\users\Nick\AppData\Roaming\Binary Fortress Software2012-07-22 02:06 . 2012-07-22 07:49 -------- d-----w- c:\program files (x86)\iTunes Sync2012-07-12 19:43 . 2012-07-12 19:43 -------- d-----w- c:\programdata\McAfee2012-07-11 23:07 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys2012-07-11 23:05 . 2012-06-02 11:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb2012-07-11 23:05 . 2012-06-02 08:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb2012-07-11 12:32 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys2012-07-11 12:32 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys2012-07-11 12:32 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll2012-07-11 12:32 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll2012-07-11 12:32 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll2012-07-11 12:32 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys2012-07-11 12:32 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll2012-07-11 12:32 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll2012-07-11 12:32 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll2012-07-11 12:32 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll2012-06-30 19:48 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll2012-06-30 19:48 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-07-12 18:31 . 2012-01-17 22:57 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2012-07-12 18:31 . 2011-12-27 20:31 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-07-11 23:05 . 2012-01-01 03:49 59701280 ----a-w- c:\windows\system32\MRT.exe2012-07-03 16:21 . 2012-03-29 07:45 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys2012-07-03 16:21 . 2011-12-27 20:16 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys2012-07-03 16:21 . 2011-12-27 20:16 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys2012-07-03 16:21 . 2011-12-27 20:16 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys2012-07-03 16:21 . 2011-12-27 20:16 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2012-07-03 16:21 . 2011-12-27 20:16 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys2012-07-03 16:21 . 2011-12-27 20:15 41224 ----a-w- c:\windows\avastSS.scr2012-07-03 16:21 . 2011-12-27 20:15 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe2012-07-03 16:21 . 2011-12-27 20:16 285328 ----a-w- c:\windows\system32\aswBoot.exe2012-06-02 22:19 . 2012-06-18 21:18 38424 ----a-w- c:\windows\system32\wups.dll2012-06-02 22:19 . 2012-06-18 21:18 2428952 ----a-w- c:\windows\system32\wuaueng.dll2012-06-02 22:19 . 2012-06-18 21:18 57880 ----a-w- c:\windows\system32\wuauclt.exe2012-06-02 22:19 . 2012-06-18 21:18 44056 ----a-w- c:\windows\system32\wups2.dll2012-06-02 22:19 . 2012-06-18 21:18 701976 ----a-w- c:\windows\system32\wuapi.dll2012-06-02 22:15 . 2012-06-18 21:18 2622464 ----a-w- c:\windows\system32\wucltux.dll2012-06-02 22:15 . 2012-06-18 21:18 99840 ----a-w- c:\windows\system32\wudriver.dll2012-06-02 20:19 . 2012-06-18 21:18 186752 ----a-w- c:\windows\system32\wuwebv.dll2012-06-02 20:15 . 2012-06-18 21:18 36864 ----a-w- c:\windows\system32\wuapp.exe2012-05-31 17:25 . 2011-12-27 20:14 279656 ------w- c:\windows\system32\MpSigStub.exe2012-05-31 12:50 . 2012-05-31 12:50 268672 ----a-w- c:\windows\system32\drivers\dcnt.sys2012-05-15 10:48 . 2012-05-23 02:48 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll2012-05-15 10:48 . 2012-05-23 02:48 8139072 ----a-w- c:\windows\system32\nvcuda.dll2012-05-15 10:48 . 2012-05-23 02:48 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll2012-05-15 10:48 . 2012-05-23 02:48 364352 ----a-w- c:\windows\system32\nvdecodemft.dll2012-05-15 10:48 . 2012-05-23 02:48 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll2012-05-15 10:48 . 2012-05-23 02:48 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll2012-05-15 10:48 . 2012-05-23 02:48 2681664 ----a-w- c:\windows\system32\nvcuvid.dll2012-05-15 10:48 . 2012-05-23 02:48 25743168 ----a-w- c:\windows\system32\nvoglv64.dll2012-05-15 10:48 . 2012-05-23 02:48 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll2012-05-15 10:48 . 2012-05-23 02:48 25248064 ----a-w- c:\windows\system32\nvcompiler.dll2012-05-15 10:48 . 2012-05-23 02:48 246592 ----a-w- c:\windows\system32\nvinitx.dll2012-05-15 10:48 . 2012-05-23 02:48 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll2012-05-15 10:48 . 2012-05-23 02:48 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll2012-05-15 10:48 . 2012-05-23 02:48 202048 ----a-w- c:\windows\SysWow64\nvinit.dll2012-05-15 10:48 . 2012-05-23 02:48 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll2012-05-15 10:48 . 2012-05-23 02:48 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll2012-05-15 10:48 . 2012-05-23 02:48 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll2012-05-15 10:48 . 2012-05-23 02:48 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys2012-05-15 10:48 . 2012-02-21 23:06 949056 ----a-w- c:\windows\system32\nvumdshimx.dll2012-05-15 10:48 . 2012-02-21 23:06 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll2012-05-15 10:48 . 2012-02-21 23:06 68928 ----a-w- c:\windows\system32\OpenCL.dll2012-05-15 10:48 . 2012-02-21 23:06 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll2012-05-15 10:48 . 2011-12-27 19:47 2741568 ----a-w- c:\windows\system32\nvapi64.dll2012-05-15 10:48 . 2011-12-27 19:47 1738048 ----a-w- c:\windows\system32\nvdispco64.dll2012-05-15 10:48 . 2011-12-27 19:47 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll2012-05-15 10:48 . 2011-12-27 19:47 1468224 ----a-w- c:\windows\system32\nvgenco64.dll2012-05-15 10:48 . 2011-12-27 19:47 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll2012-05-15 09:29 . 2011-12-27 19:43 889664 ----a-w- c:\windows\system32\nvvsvc.exe2012-05-15 09:29 . 2011-12-27 19:43 63296 ----a-w- c:\windows\system32\nvshext.dll2012-05-15 09:29 . 2011-12-27 19:43 118080 ----a-w- c:\windows\system32\nvmctray.dll2012-05-15 09:29 . 2012-02-21 23:07 2621723 ----a-w- c:\windows\system32\nvcoproc.bin2012-05-15 09:29 . 2011-12-27 19:43 3149632 ----a-w- c:\windows\system32\nvsvc64.dll2012-05-15 09:28 . 2011-12-27 19:43 6151488 ----a-w- c:\windows\system32\nvcpl.dll2012-05-15 07:21 . 2012-05-15 07:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe2012-05-04 11:06 . 2012-06-13 05:29 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe2012-05-04 10:03 . 2012-06-13 05:29 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2012-05-04 10:03 . 2012-06-13 05:29 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2012-05-01 05:40 . 2012-06-13 05:29 209920 ----a-w- c:\windows\system32\profsvc.dll2012-04-28 05:32 . 2012-06-13 05:28 1112064 ----a-w- c:\windows\system32\rdpcorets.dll2012-04-28 03:55 . 2012-06-13 05:28 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-12-27 1242448]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696].c:\users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 127488]R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 18944]R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 161280]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-29 1255736]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2009-12-25 297512]S1 aswSnx;aswSnx; [x]S1 aswSP;aswSP; [x]S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-27 279616]S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]S2 aswFsBlk;aswFsBlk; [x]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 1085440]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]S3 AVEO;UVC Driver;c:\windows\system32\DRIVERS\dcnt.sys [2012-05-31 268672]S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2010-04-18 108032]S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-30 236544]S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys [2012-04-02 103512]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.Contents of the 'Scheduled Tasks' folder.2012-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-01-17 18:31].2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2254465956-1817959628-1643263793-1000Core.job- c:\users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-26 00:32].2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2254465956-1817959628-1643263793-1000UA.job- c:\users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-26 00:32]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-08 10060832].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"LoadAppInit_DLLs"=0x0.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = https://www.google.com/mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localTCP: DhcpNameServer = 192.168.2.1..--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2254465956-1817959628-1643263793-1000\Software\SecuROM\License information*]"datasecu"=hex:95,76,1b,f7,82,e1,0a,38,21,a6,f0,57,5e,37,3d,15,54,b7,7b,59,2e, c4,64,b0,a5,3b,82,89,e9,6e,0e,5b,d1,eb,c9,b0,19,2f,d6,9e,3d,cd,0f,82,55,a2,\"rkeysecu"=hex:0f,b3,89,f2,66,b2,cb,b8,b7,13,e4,f4,b1,60,8d,8b.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files\AVAST Software\Avast\AvastSvc.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe.**************************************************************************.Completion time: 2012-07-25 11:40:20 - machine was rebootedComboFix-quarantined-files.txt 2012-07-25 16:40.Pre-Run: 178,210,603,008 bytes freePost-Run: 177,885,929,472 bytes free.- - End Of File - - C931C64A7DCE57B542853B375764BAA2CombFixReport.txt Link to post Share on other sites More sharing options...
jilow Posted July 25, 2012 Author ID:576406 Share Posted July 25, 2012 Audio is back on now, and i've now re-enabled my Windows Defender, Avast, and other shields. Link to post Share on other sites More sharing options...
MrCharlie Posted July 25, 2012 ID:576447 Share Posted July 25, 2012 Good.....Please Update and run a Quick Scan with MBAM, post the report.Make sure that everything is checked, and click Remove Selected.Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
jilow Posted July 25, 2012 Author ID:576568 Share Posted July 25, 2012 So here's what's going on now. I still have no symptoms, but my Windows 7 doesn't recognize the fact I have anti virus software (but it's been doin' that ever since my first post here), and it really wants me to scan with Windows Defender, that's about it. Oh, and spybot keeps seeing odd files, like Smitfraud-c (I didn't do anything with the spybot scan i just wanted to see if the odd file names still showed up):Anyway here's my MBAM log:1mbam-log-2012-07-25 (15-03-24).txt Link to post Share on other sites More sharing options...
jilow Posted July 25, 2012 Author ID:576575 Share Posted July 25, 2012 Sorry, updated MBAM, log still came clean but here's a better MBAM scan:2mbam-log-2012-07-25 (15-29-04).txt Link to post Share on other sites More sharing options...
MrCharlie Posted July 25, 2012 ID:576581 Share Posted July 25, 2012 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696].Avast is running.Check to see if WD is fully disabled:http://www.simplehel...r-in-windows-7/MrC Link to post Share on other sites More sharing options...
jilow Posted July 25, 2012 Author ID:576604 Share Posted July 25, 2012 I did another scan this time, I made sure Avast was set to Disable Permanently (until i manually re-enable it) and followed your link on Windows Defender. Here's the new ComboFix Report:ComboFix 12-07-26.04 - Nick 07/25/2012 16:05:31.3.3 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2804 [GMT -5:00]Running from: c:\users\Nick\Desktop\ComboFix.exeSP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))))..2012-07-25 21:13 . 2012-07-25 21:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2012-07-25 21:13 . 2012-07-25 21:13 -------- d-----w- c:\users\Default\AppData\Local\temp2012-07-25 20:21 . 2012-07-25 20:22 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy2012-07-24 13:26 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7871D5DA-D396-464F-87A8-351E8C7AD1AB}\mpengine.dll2012-07-22 10:16 . 2012-07-25 20:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy2012-07-22 08:05 . 2012-07-22 08:05 -------- d-----w- c:\users\Nick\AppData\Roaming\SUPERAntiSpyware.com2012-07-22 08:04 . 2012-07-22 08:05 -------- d-----w- c:\program files\SUPERAntiSpyware2012-07-22 08:04 . 2012-07-22 08:04 -------- d-----w- c:\programdata\SUPERAntiSpyware.com2012-07-22 08:03 . 2012-07-22 08:03 -------- d-----w- c:\users\Nick\AppData\Roaming\Malwarebytes2012-07-22 08:02 . 2012-07-22 08:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2012-07-22 08:02 . 2012-07-22 08:02 -------- d-----w- c:\programdata\Malwarebytes2012-07-22 08:02 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys2012-07-22 07:56 . 2012-07-22 07:56 -------- d-----w- c:\users\Nick\AppData\Local\ElevatedDiagnostics2012-07-22 07:53 . 2012-07-25 21:14 -------- d-----w- c:\windows\system32\wbem\repository2012-07-22 02:32 . 2012-07-22 02:32 -------- d-----w- c:\users\Nick\AppData\Roaming\Apple Computer2012-07-22 02:32 . 2012-07-22 02:32 -------- d-----w- c:\users\Nick\AppData\Local\Apple Computer2012-07-22 02:32 . 2008-04-17 17:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll2012-07-22 02:32 . 2012-07-22 07:49 -------- dc----w- c:\windows\system32\DRVSTORE2012-07-22 02:32 . 2009-05-18 18:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys2012-07-22 02:09 . 2012-07-22 07:30 -------- d-----w- c:\programdata\Tarma Installer2012-07-22 02:09 . 2012-07-22 02:09 447 ----a-w- C:\user.js2012-07-22 02:06 . 2012-07-22 02:06 -------- d-----w- c:\users\Nick\AppData\Roaming\Binary Fortress Software2012-07-22 02:06 . 2012-07-22 07:49 -------- d-----w- c:\program files (x86)\iTunes Sync2012-07-12 19:43 . 2012-07-12 19:43 -------- d-----w- c:\programdata\McAfee2012-07-11 23:07 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys2012-07-11 23:05 . 2012-06-02 11:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb2012-07-11 23:05 . 2012-06-02 08:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb2012-07-11 12:32 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys2012-07-11 12:32 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys2012-07-11 12:32 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll2012-07-11 12:32 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll2012-07-11 12:32 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll2012-07-11 12:32 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys2012-07-11 12:32 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll2012-07-11 12:32 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll2012-07-11 12:32 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll2012-07-11 12:32 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll2012-06-30 19:48 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll2012-06-30 19:48 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-07-12 18:31 . 2012-01-17 22:57 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2012-07-12 18:31 . 2011-12-27 20:31 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-07-11 23:05 . 2012-01-01 03:49 59701280 ----a-w- c:\windows\system32\MRT.exe2012-07-03 16:21 . 2012-03-29 07:45 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys2012-07-03 16:21 . 2011-12-27 20:16 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys2012-07-03 16:21 . 2011-12-27 20:16 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys2012-07-03 16:21 . 2011-12-27 20:16 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys2012-07-03 16:21 . 2011-12-27 20:16 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2012-07-03 16:21 . 2011-12-27 20:16 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys2012-07-03 16:21 . 2011-12-27 20:15 41224 ----a-w- c:\windows\avastSS.scr2012-07-03 16:21 . 2011-12-27 20:15 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe2012-07-03 16:21 . 2011-12-27 20:16 285328 ----a-w- c:\windows\system32\aswBoot.exe2012-06-02 22:19 . 2012-06-18 21:18 38424 ----a-w- c:\windows\system32\wups.dll2012-06-02 22:19 . 2012-06-18 21:18 2428952 ----a-w- c:\windows\system32\wuaueng.dll2012-06-02 22:19 . 2012-06-18 21:18 57880 ----a-w- c:\windows\system32\wuauclt.exe2012-06-02 22:19 . 2012-06-18 21:18 44056 ----a-w- c:\windows\system32\wups2.dll2012-06-02 22:19 . 2012-06-18 21:18 701976 ----a-w- c:\windows\system32\wuapi.dll2012-06-02 22:15 . 2012-06-18 21:18 2622464 ----a-w- c:\windows\system32\wucltux.dll2012-06-02 22:15 . 2012-06-18 21:18 99840 ----a-w- c:\windows\system32\wudriver.dll2012-06-02 20:19 . 2012-06-18 21:18 186752 ----a-w- c:\windows\system32\wuwebv.dll2012-06-02 20:15 . 2012-06-18 21:18 36864 ----a-w- c:\windows\system32\wuapp.exe2012-05-31 17:25 . 2011-12-27 20:14 279656 ------w- c:\windows\system32\MpSigStub.exe2012-05-31 12:50 . 2012-05-31 12:50 268672 ----a-w- c:\windows\system32\drivers\dcnt.sys2012-05-15 10:48 . 2012-05-23 02:48 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll2012-05-15 10:48 . 2012-05-23 02:48 8139072 ----a-w- c:\windows\system32\nvcuda.dll2012-05-15 10:48 . 2012-05-23 02:48 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll2012-05-15 10:48 . 2012-05-23 02:48 364352 ----a-w- c:\windows\system32\nvdecodemft.dll2012-05-15 10:48 . 2012-05-23 02:48 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll2012-05-15 10:48 . 2012-05-23 02:48 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll2012-05-15 10:48 . 2012-05-23 02:48 2681664 ----a-w- c:\windows\system32\nvcuvid.dll2012-05-15 10:48 . 2012-05-23 02:48 25743168 ----a-w- c:\windows\system32\nvoglv64.dll2012-05-15 10:48 . 2012-05-23 02:48 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll2012-05-15 10:48 . 2012-05-23 02:48 25248064 ----a-w- c:\windows\system32\nvcompiler.dll2012-05-15 10:48 . 2012-05-23 02:48 246592 ----a-w- c:\windows\system32\nvinitx.dll2012-05-15 10:48 . 2012-05-23 02:48 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll2012-05-15 10:48 . 2012-05-23 02:48 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll2012-05-15 10:48 . 2012-05-23 02:48 202048 ----a-w- c:\windows\SysWow64\nvinit.dll2012-05-15 10:48 . 2012-05-23 02:48 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll2012-05-15 10:48 . 2012-05-23 02:48 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll2012-05-15 10:48 . 2012-05-23 02:48 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll2012-05-15 10:48 . 2012-05-23 02:48 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys2012-05-15 10:48 . 2012-02-21 23:06 949056 ----a-w- c:\windows\system32\nvumdshimx.dll2012-05-15 10:48 . 2012-02-21 23:06 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll2012-05-15 10:48 . 2012-02-21 23:06 68928 ----a-w- c:\windows\system32\OpenCL.dll2012-05-15 10:48 . 2012-02-21 23:06 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll2012-05-15 10:48 . 2011-12-27 19:47 2741568 ----a-w- c:\windows\system32\nvapi64.dll2012-05-15 10:48 . 2011-12-27 19:47 1738048 ----a-w- c:\windows\system32\nvdispco64.dll2012-05-15 10:48 . 2011-12-27 19:47 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll2012-05-15 10:48 . 2011-12-27 19:47 1468224 ----a-w- c:\windows\system32\nvgenco64.dll2012-05-15 10:48 . 2011-12-27 19:47 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll2012-05-15 09:29 . 2011-12-27 19:43 889664 ----a-w- c:\windows\system32\nvvsvc.exe2012-05-15 09:29 . 2011-12-27 19:43 63296 ----a-w- c:\windows\system32\nvshext.dll2012-05-15 09:29 . 2011-12-27 19:43 118080 ----a-w- c:\windows\system32\nvmctray.dll2012-05-15 09:29 . 2012-02-21 23:07 2621723 ----a-w- c:\windows\system32\nvcoproc.bin2012-05-15 09:29 . 2011-12-27 19:43 3149632 ----a-w- c:\windows\system32\nvsvc64.dll2012-05-15 09:28 . 2011-12-27 19:43 6151488 ----a-w- c:\windows\system32\nvcpl.dll2012-05-15 07:21 . 2012-05-15 07:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe2012-05-04 11:06 . 2012-06-13 05:29 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe2012-05-04 10:03 . 2012-06-13 05:29 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2012-05-04 10:03 . 2012-06-13 05:29 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2012-05-01 05:40 . 2012-06-13 05:29 209920 ----a-w- c:\windows\system32\profsvc.dll2012-04-28 05:32 . 2012-06-13 05:28 1112064 ----a-w- c:\windows\system32\rdpcorets.dll2012-04-28 03:55 . 2012-06-13 05:28 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys..((((((((((((((((((((((((((((( SnapShot@2012-07-25_16.35.59 ))))))))))))))))))))))))))))))))))))))))).+ 2009-07-14 04:54 . 2012-07-25 21:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2009-07-14 04:54 . 2012-07-25 16:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2009-07-14 04:54 . 2012-07-25 16:35 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2009-07-14 04:54 . 2012-07-25 21:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2009-07-14 04:54 . 2012-07-25 16:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2009-07-14 04:54 . 2012-07-25 21:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2011-12-27 19:58 . 2012-07-25 21:05 47064 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin+ 2009-07-14 05:10 . 2012-07-25 21:05 42300 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin+ 2011-12-27 19:51 . 2012-07-25 21:05 11088 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2254465956-1817959628-1643263793-1000_UserData.bin- 2011-12-27 21:33 . 2012-07-25 12:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2011-12-27 21:33 . 2012-07-25 20:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2011-12-27 21:33 . 2012-07-25 20:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2011-12-27 21:33 . 2012-07-25 12:36 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2009-07-14 04:54 . 2012-07-25 12:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2009-07-14 04:54 . 2012-07-25 20:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2012-07-25 16:35 . 2012-07-25 16:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2012-07-25 21:14 . 2012-07-25 21:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2012-07-25 21:14 . 2012-07-25 21:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat- 2012-07-25 16:35 . 2012-07-25 16:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat+ 2009-07-14 02:36 . 2012-07-25 21:09 624162 c:\windows\system32\perfh009.dat- 2009-07-14 02:36 . 2012-07-25 16:17 624162 c:\windows\system32\perfh009.dat+ 2009-07-14 02:36 . 2012-07-25 21:09 106538 c:\windows\system32\perfc009.dat- 2009-07-14 02:36 . 2012-07-25 16:17 106538 c:\windows\system32\perfc009.dat- 2009-07-14 05:01 . 2012-07-25 16:34 276452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat+ 2009-07-14 05:01 . 2012-07-25 21:13 276452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat+ 2011-12-27 20:28 . 2012-07-25 21:13 4835808 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2254465956-1817959628-1643263793-1000-8192.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-12-27 1242448]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696].c:\users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 127488]R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 18944]R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 161280]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-29 1255736]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2009-12-25 297512]S1 aswSnx;aswSnx; [x]S1 aswSP;aswSP; [x]S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-27 279616]S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]S2 aswFsBlk;aswFsBlk; [x]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 1085440]S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]S3 AVEO;UVC Driver;c:\windows\system32\DRIVERS\dcnt.sys [2012-05-31 268672]S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2010-04-18 108032]S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-30 236544]S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys [2012-04-02 103512]..Contents of the 'Scheduled Tasks' folder.2012-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-01-17 18:31].2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2254465956-1817959628-1643263793-1000Core.job- c:\users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-26 00:32].2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2254465956-1817959628-1643263793-1000UA.job- c:\users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-26 00:32]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-08 10060832].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = https://www.google.com/mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localTCP: DhcpNameServer = 192.168.2.1..--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2254465956-1817959628-1643263793-1000\Software\SecuROM\License information*]"datasecu"=hex:95,76,1b,f7,82,e1,0a,38,21,a6,f0,57,5e,37,3d,15,54,b7,7b,59,2e, c4,64,b0,a5,3b,82,89,e9,6e,0e,5b,d1,eb,c9,b0,19,2f,d6,9e,3d,cd,0f,82,55,a2,\"rkeysecu"=hex:0f,b3,89,f2,66,b2,cb,b8,b7,13,e4,f4,b1,60,8d,8b.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files\AVAST Software\Avast\AvastSvc.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe.**************************************************************************.Completion time: 2012-07-25 16:19:15 - machine was rebootedComboFix-quarantined-files.txt 2012-07-25 21:19ComboFix2.txt 2012-07-25 16:40.Pre-Run: 177,887,883,264 bytes freePost-Run: 177,591,250,944 bytes free.- - End Of File - - A863B682C9434DE17D12C2A7645237D52ComboFix.txt Link to post Share on other sites More sharing options...
MrCharlie Posted July 25, 2012 ID:576607 Share Posted July 25, 2012 Well the log is clean but your av doesn't show up in the ComboFix header.Let me do some research and I'll get back to you. MrC Link to post Share on other sites More sharing options...
MrCharlie Posted July 25, 2012 ID:576616 Share Posted July 25, 2012 For now..............Please remove any usb or external drives from the computer before you run these scan!Please download Farbar Service Scanner and run it on the computer with the issue.Make sure the following options are checked:Internet ServicesWindows FirewallSystem RestoreSecurity CenterWindows UpdateWindows Defender[*]Press "Scan".[*]It will create a log (FSS.txt) in the same directory the tool is run.[*]Please copy and paste the log to your reply.MrC Link to post Share on other sites More sharing options...
jilow Posted July 26, 2012 Author ID:576952 Share Posted July 26, 2012 I have good news, While I disabled Windows Defender, and all my Anti-virus/anti-malware stuff. I totally forgot I have a firewall, Windows Wall, and I wasn't disabling it, because it doesn't even come to mind when i think of the Fire Walls I have. I now disabled that as well. And Ran ComboFix two more times to get some good scans (make sure I did it right). Here is my new combofix log, and Farbar Service Scanner log. The 4Combofix log is my most recent combofix scan and it's contents, in addition to being attached, have been copied and pasted. (I remember the 3ComboFix log as showing some malicious software, I was afk while 4ComboFix log was being done, I have no idea what results it gave back.) Thank you so much, I'm sorry for my incompetence .ComboFix 12-07-27.02 - Nick 07/26/2012 10:37:55.5.3 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2463 [GMT -5:00]Running from: c:\users\Nick\Desktop\ComboFix.exeSP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2012-06-26 to 2012-07-26 )))))))))))))))))))))))))))))))..2012-07-26 15:43 . 2012-07-26 15:43 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2012-07-26 15:43 . 2012-07-26 15:43 -------- d-----w- c:\users\Default\AppData\Local\temp2012-07-24 13:26 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7871D5DA-D396-464F-87A8-351E8C7AD1AB}\mpengine.dll2012-07-22 10:16 . 2012-07-25 20:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy2012-07-22 08:05 . 2012-07-22 08:05 -------- d-----w- c:\users\Nick\AppData\Roaming\SUPERAntiSpyware.com2012-07-22 08:04 . 2012-07-22 08:05 -------- d-----w- c:\program files\SUPERAntiSpyware2012-07-22 08:04 . 2012-07-22 08:04 -------- d-----w- c:\programdata\SUPERAntiSpyware.com2012-07-22 08:03 . 2012-07-22 08:03 -------- d-----w- c:\users\Nick\AppData\Roaming\Malwarebytes2012-07-22 08:02 . 2012-07-22 08:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2012-07-22 08:02 . 2012-07-22 08:02 -------- d-----w- c:\programdata\Malwarebytes2012-07-22 08:02 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys2012-07-22 07:56 . 2012-07-22 07:56 -------- d-----w- c:\users\Nick\AppData\Local\ElevatedDiagnostics2012-07-22 07:53 . 2012-07-26 15:44 -------- d-----w- c:\windows\system32\wbem\repository2012-07-22 02:32 . 2012-07-22 02:32 -------- d-----w- c:\users\Nick\AppData\Roaming\Apple Computer2012-07-22 02:32 . 2012-07-22 02:32 -------- d-----w- c:\users\Nick\AppData\Local\Apple Computer2012-07-22 02:32 . 2008-04-17 17:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll2012-07-22 02:32 . 2012-07-22 07:49 -------- dc----w- c:\windows\system32\DRVSTORE2012-07-22 02:32 . 2009-05-18 18:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys2012-07-22 02:09 . 2012-07-22 07:30 -------- d-----w- c:\programdata\Tarma Installer2012-07-22 02:09 . 2012-07-22 02:09 447 ----a-w- C:\user.js2012-07-22 02:06 . 2012-07-22 02:06 -------- d-----w- c:\users\Nick\AppData\Roaming\Binary Fortress Software2012-07-22 02:06 . 2012-07-22 07:49 -------- d-----w- c:\program files (x86)\iTunes Sync2012-07-12 19:43 . 2012-07-12 19:43 -------- d-----w- c:\programdata\McAfee2012-07-11 23:07 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys2012-07-11 23:05 . 2012-06-02 11:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb2012-07-11 23:05 . 2012-06-02 08:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb2012-07-11 12:32 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys2012-07-11 12:32 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys2012-07-11 12:32 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll2012-07-11 12:32 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll2012-07-11 12:32 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll2012-07-11 12:32 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys2012-07-11 12:32 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll2012-07-11 12:32 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll2012-07-11 12:32 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll2012-07-11 12:32 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll2012-06-30 19:48 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll2012-06-30 19:48 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-07-12 18:31 . 2012-01-17 22:57 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2012-07-12 18:31 . 2011-12-27 20:31 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-07-11 23:05 . 2012-01-01 03:49 59701280 ----a-w- c:\windows\system32\MRT.exe2012-07-03 16:21 . 2012-03-29 07:45 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys2012-07-03 16:21 . 2011-12-27 20:16 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys2012-07-03 16:21 . 2011-12-27 20:16 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys2012-07-03 16:21 . 2011-12-27 20:16 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys2012-07-03 16:21 . 2011-12-27 20:16 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2012-07-03 16:21 . 2011-12-27 20:16 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys2012-07-03 16:21 . 2011-12-27 20:15 41224 ----a-w- c:\windows\avastSS.scr2012-07-03 16:21 . 2011-12-27 20:15 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe2012-07-03 16:21 . 2011-12-27 20:16 285328 ----a-w- c:\windows\system32\aswBoot.exe2012-06-02 22:19 . 2012-06-18 21:18 38424 ----a-w- c:\windows\system32\wups.dll2012-06-02 22:19 . 2012-06-18 21:18 2428952 ----a-w- c:\windows\system32\wuaueng.dll2012-06-02 22:19 . 2012-06-18 21:18 57880 ----a-w- c:\windows\system32\wuauclt.exe2012-06-02 22:19 . 2012-06-18 21:18 44056 ----a-w- c:\windows\system32\wups2.dll2012-06-02 22:19 . 2012-06-18 21:18 701976 ----a-w- c:\windows\system32\wuapi.dll2012-06-02 22:15 . 2012-06-18 21:18 2622464 ----a-w- c:\windows\system32\wucltux.dll2012-06-02 22:15 . 2012-06-18 21:18 99840 ----a-w- c:\windows\system32\wudriver.dll2012-06-02 20:19 . 2012-06-18 21:18 186752 ----a-w- c:\windows\system32\wuwebv.dll2012-06-02 20:15 . 2012-06-18 21:18 36864 ----a-w- c:\windows\system32\wuapp.exe2012-05-31 17:25 . 2011-12-27 20:14 279656 ------w- c:\windows\system32\MpSigStub.exe2012-05-31 12:50 . 2012-05-31 12:50 268672 ----a-w- c:\windows\system32\drivers\dcnt.sys2012-05-15 10:48 . 2012-05-23 02:48 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll2012-05-15 10:48 . 2012-05-23 02:48 8139072 ----a-w- c:\windows\system32\nvcuda.dll2012-05-15 10:48 . 2012-05-23 02:48 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll2012-05-15 10:48 . 2012-05-23 02:48 364352 ----a-w- c:\windows\system32\nvdecodemft.dll2012-05-15 10:48 . 2012-05-23 02:48 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll2012-05-15 10:48 . 2012-05-23 02:48 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll2012-05-15 10:48 . 2012-05-23 02:48 2681664 ----a-w- c:\windows\system32\nvcuvid.dll2012-05-15 10:48 . 2012-05-23 02:48 25743168 ----a-w- c:\windows\system32\nvoglv64.dll2012-05-15 10:48 . 2012-05-23 02:48 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll2012-05-15 10:48 . 2012-05-23 02:48 25248064 ----a-w- c:\windows\system32\nvcompiler.dll2012-05-15 10:48 . 2012-05-23 02:48 246592 ----a-w- c:\windows\system32\nvinitx.dll2012-05-15 10:48 . 2012-05-23 02:48 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll2012-05-15 10:48 . 2012-05-23 02:48 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll2012-05-15 10:48 . 2012-05-23 02:48 202048 ----a-w- c:\windows\SysWow64\nvinit.dll2012-05-15 10:48 . 2012-05-23 02:48 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll2012-05-15 10:48 . 2012-05-23 02:48 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll2012-05-15 10:48 . 2012-05-23 02:48 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll2012-05-15 10:48 . 2012-05-23 02:48 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys2012-05-15 10:48 . 2012-02-21 23:06 949056 ----a-w- c:\windows\system32\nvumdshimx.dll2012-05-15 10:48 . 2012-02-21 23:06 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll2012-05-15 10:48 . 2012-02-21 23:06 68928 ----a-w- c:\windows\system32\OpenCL.dll2012-05-15 10:48 . 2012-02-21 23:06 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll2012-05-15 10:48 . 2011-12-27 19:47 2741568 ----a-w- c:\windows\system32\nvapi64.dll2012-05-15 10:48 . 2011-12-27 19:47 1738048 ----a-w- c:\windows\system32\nvdispco64.dll2012-05-15 10:48 . 2011-12-27 19:47 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll2012-05-15 10:48 . 2011-12-27 19:47 1468224 ----a-w- c:\windows\system32\nvgenco64.dll2012-05-15 10:48 . 2011-12-27 19:47 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll2012-05-15 09:29 . 2011-12-27 19:43 889664 ----a-w- c:\windows\system32\nvvsvc.exe2012-05-15 09:29 . 2011-12-27 19:43 63296 ----a-w- c:\windows\system32\nvshext.dll2012-05-15 09:29 . 2011-12-27 19:43 118080 ----a-w- c:\windows\system32\nvmctray.dll2012-05-15 09:29 . 2012-02-21 23:07 2621723 ----a-w- c:\windows\system32\nvcoproc.bin2012-05-15 09:29 . 2011-12-27 19:43 3149632 ----a-w- c:\windows\system32\nvsvc64.dll2012-05-15 09:28 . 2011-12-27 19:43 6151488 ----a-w- c:\windows\system32\nvcpl.dll2012-05-15 07:21 . 2012-05-15 07:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe2012-05-04 11:06 . 2012-06-13 05:29 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe2012-05-04 10:03 . 2012-06-13 05:29 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2012-05-04 10:03 . 2012-06-13 05:29 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2012-05-01 05:40 . 2012-06-13 05:29 209920 ----a-w- c:\windows\system32\profsvc.dll2012-04-28 05:32 . 2012-06-13 05:28 1112064 ----a-w- c:\windows\system32\rdpcorets.dll2012-04-28 03:55 . 2012-06-13 05:28 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys..((((((((((((((((((((((((((((( SnapShot@2012-07-25_16.35.59 ))))))))))))))))))))))))))))))))))))))))).+ 2009-07-14 04:54 . 2012-07-26 15:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2009-07-14 04:54 . 2012-07-25 16:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2009-07-14 04:54 . 2012-07-25 16:35 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2009-07-14 04:54 . 2012-07-26 15:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2009-07-14 04:54 . 2012-07-25 16:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2009-07-14 04:54 . 2012-07-26 15:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2011-12-27 19:58 . 2012-07-26 15:32 48112 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin+ 2009-07-14 05:10 . 2012-07-26 15:32 42476 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin+ 2011-12-27 19:51 . 2012-07-26 15:32 11232 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2254465956-1817959628-1643263793-1000_UserData.bin- 2011-12-27 21:33 . 2012-07-25 12:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2011-12-27 21:33 . 2012-07-26 05:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2011-12-27 21:33 . 2012-07-26 05:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2011-12-27 21:33 . 2012-07-25 12:36 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2009-07-14 04:54 . 2012-07-25 12:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2009-07-14 04:54 . 2012-07-26 05:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2012-07-25 16:35 . 2012-07-25 16:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2012-07-26 15:44 . 2012-07-26 15:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2012-07-26 15:44 . 2012-07-26 15:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat- 2012-07-25 16:35 . 2012-07-25 16:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat+ 2009-07-14 02:36 . 2012-07-26 15:36 624162 c:\windows\system32\perfh009.dat- 2009-07-14 02:36 . 2012-07-25 16:17 624162 c:\windows\system32\perfh009.dat+ 2009-07-14 02:36 . 2012-07-26 15:36 106538 c:\windows\system32\perfc009.dat- 2009-07-14 02:36 . 2012-07-25 16:17 106538 c:\windows\system32\perfc009.dat- 2009-07-14 05:01 . 2012-07-25 16:34 276452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat+ 2009-07-14 05:01 . 2012-07-26 15:43 276452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat+ 2011-12-27 20:28 . 2012-07-26 15:43 5785612 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2254465956-1817959628-1643263793-1000-8192.dat+ 2012-07-18 20:42 . 2012-07-18 20:42 7931392 c:\windows\Installer\33def1.msi.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-12-27 1242448]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696].c:\users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 127488]R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 18944]R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 161280]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-29 1255736]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2009-12-25 297512]S1 aswSnx;aswSnx; [x]S1 aswSP;aswSP; [x]S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-27 279616]S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]S2 aswFsBlk;aswFsBlk; [x]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 1085440]S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]S3 AVEO;UVC Driver;c:\windows\system32\DRIVERS\dcnt.sys [2012-05-31 268672]S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2010-04-18 108032]S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-30 236544]S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys [2012-04-02 103512]..Contents of the 'Scheduled Tasks' folder.2012-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-01-17 18:31].2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2254465956-1817959628-1643263793-1000Core.job- c:\users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-26 00:32].2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2254465956-1817959628-1643263793-1000UA.job- c:\users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-26 00:32]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-08 10060832].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = https://www.google.com/mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localTCP: DhcpNameServer = 192.168.2.1..--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2254465956-1817959628-1643263793-1000\Software\SecuROM\License information*]"datasecu"=hex:95,76,1b,f7,82,e1,0a,38,21,a6,f0,57,5e,37,3d,15,54,b7,7b,59,2e, c4,64,b0,a5,3b,82,89,e9,6e,0e,5b,d1,eb,c9,b0,19,2f,d6,9e,3d,cd,0f,82,55,a2,\"rkeysecu"=hex:0f,b3,89,f2,66,b2,cb,b8,b7,13,e4,f4,b1,60,8d,8b.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files\AVAST Software\Avast\AvastSvc.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe.**************************************************************************.Completion time: 2012-07-26 10:49:26 - machine was rebootedComboFix-quarantined-files.txt 2012-07-26 15:49ComboFix2.txt 2012-07-26 02:40ComboFix3.txt 2012-07-25 21:19ComboFix4.txt 2012-07-25 16:40.Pre-Run: 177,474,629,632 bytes freePost-Run: 177,579,679,744 bytes free.- - End Of File - - 868543279551458AC6B2C5474F3E1A00FSS1.txt3ComboFix.txt4ComboFix.txt Link to post Share on other sites More sharing options...
MrCharlie Posted July 26, 2012 ID:576958 Share Posted July 26, 2012 Looks Good, what problems remain? MrC Link to post Share on other sites More sharing options...
jilow Posted July 26, 2012 Author ID:576962 Share Posted July 26, 2012 check my 3 Combofix log (this one was taken a day before 4combofix log), if you wouldn't mind, I distinctly remember seeing Combofix detect something.I've pasted it here for your convienience, if you still see nothing, then i'll just open into safe mode, run my malwarebytes, Spybot search and destroy and Avast one at a time, and see if all will come up clean.: 3CombofixLogComboFix 12-07-26.04 - Nick 07/25/2012 21:29:07.4.3 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2639 [GMT -5:00]Running from: c:\users\Nick\Desktop\ComboFix.exeSP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2012-06-26 to 2012-07-26 )))))))))))))))))))))))))))))))..2012-07-26 02:34 . 2012-07-26 02:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2012-07-26 02:34 . 2012-07-26 02:34 -------- d-----w- c:\users\Default\AppData\Local\temp2012-07-24 13:26 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7871D5DA-D396-464F-87A8-351E8C7AD1AB}\mpengine.dll2012-07-22 10:16 . 2012-07-25 20:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy2012-07-22 08:05 . 2012-07-22 08:05 -------- d-----w- c:\users\Nick\AppData\Roaming\SUPERAntiSpyware.com2012-07-22 08:04 . 2012-07-22 08:05 -------- d-----w- c:\program files\SUPERAntiSpyware2012-07-22 08:04 . 2012-07-22 08:04 -------- d-----w- c:\programdata\SUPERAntiSpyware.com2012-07-22 08:03 . 2012-07-22 08:03 -------- d-----w- c:\users\Nick\AppData\Roaming\Malwarebytes2012-07-22 08:02 . 2012-07-22 08:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2012-07-22 08:02 . 2012-07-22 08:02 -------- d-----w- c:\programdata\Malwarebytes2012-07-22 08:02 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys2012-07-22 07:56 . 2012-07-22 07:56 -------- d-----w- c:\users\Nick\AppData\Local\ElevatedDiagnostics2012-07-22 07:53 . 2012-07-26 02:35 -------- d-----w- c:\windows\system32\wbem\repository2012-07-22 02:32 . 2012-07-22 02:32 -------- d-----w- c:\users\Nick\AppData\Roaming\Apple Computer2012-07-22 02:32 . 2012-07-22 02:32 -------- d-----w- c:\users\Nick\AppData\Local\Apple Computer2012-07-22 02:32 . 2008-04-17 17:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll2012-07-22 02:32 . 2012-07-22 07:49 -------- dc----w- c:\windows\system32\DRVSTORE2012-07-22 02:32 . 2009-05-18 18:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys2012-07-22 02:09 . 2012-07-22 07:30 -------- d-----w- c:\programdata\Tarma Installer2012-07-22 02:09 . 2012-07-22 02:09 447 ----a-w- C:\user.js2012-07-22 02:06 . 2012-07-22 02:06 -------- d-----w- c:\users\Nick\AppData\Roaming\Binary Fortress Software2012-07-22 02:06 . 2012-07-22 07:49 -------- d-----w- c:\program files (x86)\iTunes Sync2012-07-12 19:43 . 2012-07-12 19:43 -------- d-----w- c:\programdata\McAfee2012-07-11 23:07 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys2012-07-11 23:05 . 2012-06-02 11:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb2012-07-11 23:05 . 2012-06-02 08:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb2012-07-11 12:32 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys2012-07-11 12:32 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys2012-07-11 12:32 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll2012-07-11 12:32 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll2012-07-11 12:32 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll2012-07-11 12:32 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys2012-07-11 12:32 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll2012-07-11 12:32 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll2012-07-11 12:32 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll2012-07-11 12:32 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll2012-06-30 19:48 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll2012-06-30 19:48 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-07-12 18:31 . 2012-01-17 22:57 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2012-07-12 18:31 . 2011-12-27 20:31 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-07-11 23:05 . 2012-01-01 03:49 59701280 ----a-w- c:\windows\system32\MRT.exe2012-07-03 16:21 . 2012-03-29 07:45 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys2012-07-03 16:21 . 2011-12-27 20:16 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys2012-07-03 16:21 . 2011-12-27 20:16 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys2012-07-03 16:21 . 2011-12-27 20:16 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys2012-07-03 16:21 . 2011-12-27 20:16 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2012-07-03 16:21 . 2011-12-27 20:16 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys2012-07-03 16:21 . 2011-12-27 20:15 41224 ----a-w- c:\windows\avastSS.scr2012-07-03 16:21 . 2011-12-27 20:15 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe2012-07-03 16:21 . 2011-12-27 20:16 285328 ----a-w- c:\windows\system32\aswBoot.exe2012-06-02 22:19 . 2012-06-18 21:18 38424 ----a-w- c:\windows\system32\wups.dll2012-06-02 22:19 . 2012-06-18 21:18 2428952 ----a-w- c:\windows\system32\wuaueng.dll2012-06-02 22:19 . 2012-06-18 21:18 57880 ----a-w- c:\windows\system32\wuauclt.exe2012-06-02 22:19 . 2012-06-18 21:18 44056 ----a-w- c:\windows\system32\wups2.dll2012-06-02 22:19 . 2012-06-18 21:18 701976 ----a-w- c:\windows\system32\wuapi.dll2012-06-02 22:15 . 2012-06-18 21:18 2622464 ----a-w- c:\windows\system32\wucltux.dll2012-06-02 22:15 . 2012-06-18 21:18 99840 ----a-w- c:\windows\system32\wudriver.dll2012-06-02 20:19 . 2012-06-18 21:18 186752 ----a-w- c:\windows\system32\wuwebv.dll2012-06-02 20:15 . 2012-06-18 21:18 36864 ----a-w- c:\windows\system32\wuapp.exe2012-05-31 17:25 . 2011-12-27 20:14 279656 ------w- c:\windows\system32\MpSigStub.exe2012-05-31 12:50 . 2012-05-31 12:50 268672 ----a-w- c:\windows\system32\drivers\dcnt.sys2012-05-15 10:48 . 2012-05-23 02:48 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll2012-05-15 10:48 . 2012-05-23 02:48 8139072 ----a-w- c:\windows\system32\nvcuda.dll2012-05-15 10:48 . 2012-05-23 02:48 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll2012-05-15 10:48 . 2012-05-23 02:48 364352 ----a-w- c:\windows\system32\nvdecodemft.dll2012-05-15 10:48 . 2012-05-23 02:48 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll2012-05-15 10:48 . 2012-05-23 02:48 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll2012-05-15 10:48 . 2012-05-23 02:48 2681664 ----a-w- c:\windows\system32\nvcuvid.dll2012-05-15 10:48 . 2012-05-23 02:48 25743168 ----a-w- c:\windows\system32\nvoglv64.dll2012-05-15 10:48 . 2012-05-23 02:48 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll2012-05-15 10:48 . 2012-05-23 02:48 25248064 ----a-w- c:\windows\system32\nvcompiler.dll2012-05-15 10:48 . 2012-05-23 02:48 246592 ----a-w- c:\windows\system32\nvinitx.dll2012-05-15 10:48 . 2012-05-23 02:48 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll2012-05-15 10:48 . 2012-05-23 02:48 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll2012-05-15 10:48 . 2012-05-23 02:48 202048 ----a-w- c:\windows\SysWow64\nvinit.dll2012-05-15 10:48 . 2012-05-23 02:48 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll2012-05-15 10:48 . 2012-05-23 02:48 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll2012-05-15 10:48 . 2012-05-23 02:48 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll2012-05-15 10:48 . 2012-05-23 02:48 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys2012-05-15 10:48 . 2012-02-21 23:06 949056 ----a-w- c:\windows\system32\nvumdshimx.dll2012-05-15 10:48 . 2012-02-21 23:06 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll2012-05-15 10:48 . 2012-02-21 23:06 68928 ----a-w- c:\windows\system32\OpenCL.dll2012-05-15 10:48 . 2012-02-21 23:06 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll2012-05-15 10:48 . 2011-12-27 19:47 2741568 ----a-w- c:\windows\system32\nvapi64.dll2012-05-15 10:48 . 2011-12-27 19:47 1738048 ----a-w- c:\windows\system32\nvdispco64.dll2012-05-15 10:48 . 2011-12-27 19:47 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll2012-05-15 10:48 . 2011-12-27 19:47 1468224 ----a-w- c:\windows\system32\nvgenco64.dll2012-05-15 10:48 . 2011-12-27 19:47 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll2012-05-15 09:29 . 2011-12-27 19:43 889664 ----a-w- c:\windows\system32\nvvsvc.exe2012-05-15 09:29 . 2011-12-27 19:43 63296 ----a-w- c:\windows\system32\nvshext.dll2012-05-15 09:29 . 2011-12-27 19:43 118080 ----a-w- c:\windows\system32\nvmctray.dll2012-05-15 09:29 . 2012-02-21 23:07 2621723 ----a-w- c:\windows\system32\nvcoproc.bin2012-05-15 09:29 . 2011-12-27 19:43 3149632 ----a-w- c:\windows\system32\nvsvc64.dll2012-05-15 09:28 . 2011-12-27 19:43 6151488 ----a-w- c:\windows\system32\nvcpl.dll2012-05-15 07:21 . 2012-05-15 07:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe2012-05-04 11:06 . 2012-06-13 05:29 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe2012-05-04 10:03 . 2012-06-13 05:29 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2012-05-04 10:03 . 2012-06-13 05:29 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2012-05-01 05:40 . 2012-06-13 05:29 209920 ----a-w- c:\windows\system32\profsvc.dll2012-04-28 05:32 . 2012-06-13 05:28 1112064 ----a-w- c:\windows\system32\rdpcorets.dll2012-04-28 03:55 . 2012-06-13 05:28 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys..((((((((((((((((((((((((((((( SnapShot@2012-07-25_16.35.59 ))))))))))))))))))))))))))))))))))))))))).+ 2009-07-14 04:54 . 2012-07-26 02:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2009-07-14 04:54 . 2012-07-25 16:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2009-07-14 04:54 . 2012-07-25 16:35 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2009-07-14 04:54 . 2012-07-26 02:35 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2009-07-14 04:54 . 2012-07-25 16:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2009-07-14 04:54 . 2012-07-26 02:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2011-12-27 19:58 . 2012-07-26 01:02 47744 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin+ 2009-07-14 05:10 . 2012-07-26 01:02 42436 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin+ 2011-12-27 19:51 . 2012-07-26 01:02 11168 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2254465956-1817959628-1643263793-1000_UserData.bin- 2011-12-27 21:33 . 2012-07-25 12:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2011-12-27 21:33 . 2012-07-26 01:16 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2011-12-27 21:33 . 2012-07-26 01:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2011-12-27 21:33 . 2012-07-25 12:36 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2009-07-14 04:54 . 2012-07-25 12:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2009-07-14 04:54 . 2012-07-26 01:16 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2012-07-25 16:35 . 2012-07-25 16:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2012-07-26 02:35 . 2012-07-26 02:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2012-07-26 02:35 . 2012-07-26 02:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat- 2012-07-25 16:35 . 2012-07-25 16:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat+ 2009-07-14 02:36 . 2012-07-26 01:45 624162 c:\windows\system32\perfh009.dat- 2009-07-14 02:36 . 2012-07-25 16:17 624162 c:\windows\system32\perfh009.dat+ 2009-07-14 02:36 . 2012-07-26 01:45 106538 c:\windows\system32\perfc009.dat- 2009-07-14 02:36 . 2012-07-25 16:17 106538 c:\windows\system32\perfc009.dat- 2009-07-14 05:01 . 2012-07-25 16:34 276452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat+ 2009-07-14 05:01 . 2012-07-26 02:34 276452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat+ 2011-12-27 20:28 . 2012-07-26 02:34 5160536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2254465956-1817959628-1643263793-1000-8192.dat+ 2012-07-18 20:42 . 2012-07-18 20:42 7931392 c:\windows\Installer\33def1.msi.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-12-27 1242448]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696].c:\users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-29 1255736]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2009-12-25 297512]S1 aswSnx;aswSnx; [x]S1 aswSP;aswSP; [x]S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-27 279616]S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]S2 aswFsBlk;aswFsBlk; [x]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 1085440]S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]S3 AVEO;UVC Driver;c:\windows\system32\DRIVERS\dcnt.sys [2012-05-31 268672]S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2010-04-18 108032]S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-30 236544]S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 127488]S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 18944]S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 161280]S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys [2012-04-02 103512]..Contents of the 'Scheduled Tasks' folder.2012-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-01-17 18:31].2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2254465956-1817959628-1643263793-1000Core.job- c:\users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-26 00:32].2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2254465956-1817959628-1643263793-1000UA.job- c:\users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-26 00:32]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-08 10060832].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = https://www.google.com/mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localTCP: DhcpNameServer = 192.168.2.1..--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2254465956-1817959628-1643263793-1000\Software\SecuROM\License information*]"datasecu"=hex:95,76,1b,f7,82,e1,0a,38,21,a6,f0,57,5e,37,3d,15,54,b7,7b,59,2e, c4,64,b0,a5,3b,82,89,e9,6e,0e,5b,d1,eb,c9,b0,19,2f,d6,9e,3d,cd,0f,82,55,a2,\"rkeysecu"=hex:0f,b3,89,f2,66,b2,cb,b8,b7,13,e4,f4,b1,60,8d,8b.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files\AVAST Software\Avast\AvastSvc.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe.**************************************************************************.Completion time: 2012-07-25 21:40:21 - machine was rebootedComboFix-quarantined-files.txt 2012-07-26 02:40ComboFix2.txt 2012-07-25 21:19ComboFix3.txt 2012-07-25 16:40.Pre-Run: 177,589,985,280 bytes freePost-Run: 177,577,197,568 bytes free.- - End Of File - - 6DCCA3E15F7293044FDC8E4B9A39A3EE Link to post Share on other sites More sharing options...
MrCharlie Posted July 26, 2012 ID:576966 Share Posted July 26, 2012 Clean....MrC Link to post Share on other sites More sharing options...
jilow Posted July 26, 2012 Author ID:577137 Share Posted July 26, 2012 Alright, My super anti-spyware quick scan came up clean, my spybot search and destroy scan came up clean, my MBAM came back clean. I didn't run AVAST but it's been coming up clean even when I had the virus. I think i'm in the clear. I still have no symptoms, and my software not detecting anything to remove. If you think I need to do anything further, let me know, but I think i'm okay now. I've just downloaded and ran CCleaner now. Link to post Share on other sites More sharing options...
MrCharlie Posted July 26, 2012 ID:577140 Share Posted July 26, 2012 Great A little clean up to do....Please Uninstall ComboFix: (if you used it)Press the Windows logo key + R to bring up the "run box"Copy and paste next command in the field:ComboFix /uninstallMake sure there's a space between Combofix and /Then hit enter.This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)---------------------------------Please download OTL from one of the links below: (you may already have OTL on the system)http://oldtimer.geekstogo.com/OTL.exehttp://oldtimer.geekstogo.com/OTL.comSave it to your desktop.Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)Any other programs or logs you can manually delete.IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....-------------------------------Any questions...please post back.If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.Take a look at My Preventive Maintenance to avoid being infected again.Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
jilow Posted July 27, 2012 Author ID:577240 Share Posted July 27, 2012 I wanted to say thanks for all your help MrC, and when I get the chance I'll definitely donate via Paypal, you guys do a great service, and do a great job at it. I often wonder what percentage of how your posts must be copy and pasted, considering you encounter the same routine so often when dealing with viruses. Anyway, thanks so much, everything has continued to look great. You did good job!P.S. looks like you got a bot posting on here . Link to post Share on other sites More sharing options...
MrCharlie Posted July 27, 2012 ID:577310 Share Posted July 27, 2012 Thanks, MrC Link to post Share on other sites More sharing options...
Recommended Posts