Jump to content

Recommended Posts

This started off with peer block not working and getting random browser redirects to work at home ads and various others. Windows update won't work either. Also got the same message that started this topic... http://forums.peerblock.com/read.php?3,12165,page=1.

I installed malwarebytes as soon as I started having problems, and it detected a few trojans, which I deleted and restarted, but it still kept finding 'trojan.dropper.bcminer', which would keep reappearing everytime I repeated that.

Once it blocked and quarantined the 'rootkit.tdss.expd1' virus, I deleted it, but haven't restarted my pc yet, and won't unless I'm told to do so.

Also, the only other procedure I've done is the one outlined here, about the bfe.dll file... http://forums.peerblock.com/read.php?3,12165,13138

Here's the two reports...

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.4.1

Run by Ryan at 17:14:45 on 2012-07-31

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8105.6211 [GMT -7:00]

.

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxpers.exe

C:\Program Files\SmartTechnology\Software\ProfilerU.exe

C:\Program Files\SmartTechnology\Software\SaiMfd.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Windows\System32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Winamp\winampa.exe

C:\Program Files (x86)\Razer\BlackWidow\BlackWidowTray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files (x86)\CyberLink\Shared files\brs.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\mIRC\mirc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe

C:\Windows\system32\taskeng.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9858

uStart Page = hxxp://isearch.whitesmoke.com/?isid=9858

uSearch Bar = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9858

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9858

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

{ae07101b-46d4-4a98-af68-0333ea26e113}

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [GOGcom] RUNDLL32.EXE C:\Users\Ryan\AppData\Local\GOGcom\fgjdyafh.dll,InjectDll

mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow\BlackwidowTray.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

mRun: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"

mRun: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

LSP: mswsock.dll

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{26C25435-B5DB-42FC-95A3-4A59EB7D71DA} : DhcpNameServer = 192.168.1.1

AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

{ae07101b-46d4-4a98-af68-0333ea26e113}

mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun-x64: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow\BlackwidowTray.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

mRun-x64: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

mRun-x64: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"

mRun-x64: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\6uittgxq.default\

FF - prefs.js: browser.startup.homepage - hxxp://isearch.whitesmoke.com/?isid=9858

FF - prefs.js: keyword.URL - hxxp://isearch.whitesmoke.com/?babsrc=home&s=web&as=0&isid=9858&q=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mvs91xx;mvs91xx;C:\Windows\system32\DRIVERS\mvs91xx.sys --> C:\Windows\system32\DRIVERS\mvs91xx.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-28 655944]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-12 1262400]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-27 2656280]

R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]

R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?]

R3 SaiK0CCB;SaiK0CCB;C:\Windows\system32\DRIVERS\SaiK0CCB.sys --> C:\Windows\system32\DRIVERS\SaiK0CCB.sys [?]

R3 SaiU0CCB;SaiU0CCB;C:\Windows\system32\DRIVERS\SaiU0CCB.sys --> C:\Windows\system32\DRIVERS\SaiU0CCB.sys [?]

S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/07/06 23:15:36;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-29 241648]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-19 250056]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-5-31 1432400]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]

.

=============== Created Last 30 ================

.

2012-07-31 23:42:19 -------- d-----w- C:\Program Files\PeerBlock

2012-07-28 14:31:31 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Malwarebytes

2012-07-28 14:31:25 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-28 14:31:25 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-28 14:31:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-22 15:32:26 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-07-18 09:59:09 -------- d-----w- C:\Users\Ryan\AppData\Local\GOGcom

2012-07-16 09:42:16 -------- d-----w- C:\Users\Ryan\AppData\Local\Power2Go

2012-07-13 14:01:33 -------- d-----w- C:\Games

2012-07-13 14:00:26 -------- d-----w- C:\Users\Ryan\AppData\Local\Black_Tree_Gaming

2012-07-13 14:00:21 -------- d-----w- C:\Program Files\Nexus Mod Manager

2012-07-08 18:26:34 -------- d-----w- C:\Users\Ryan\AppData\Local\Cyberlink

2012-07-07 06:14:25 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2012-07-07 06:14:25 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2012-07-07 06:14:25 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll

2012-07-07 06:11:46 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll

2012-07-07 06:11:46 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll

2012-07-07 06:11:46 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll

2012-07-07 06:11:46 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll

.

==================== Find3M ====================

.

2012-07-27 15:12:08 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-27 15:12:08 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll

2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll

2012-05-15 09:29:45 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin

2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll

2012-05-15 09:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2012-05-12 08:48:54 772552 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

.

============= FINISH: 17:15:06.33 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 12/27/2011 2:34:09 AM

System Uptime: 7/31/2012 9:34:05 AM (8 hours ago)

.

Motherboard: ASRock | | Z68 Extreme4 Gen3

Processor: Intel® Core i5-2500K CPU @ 3.30GHz | CPUSocket | 3301/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 1397 GiB total, 543.796 GiB free.

D: is CDROM (CDFS)

E: is FIXED (NTFS) - 0 GiB total, 0.07 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP53: 7/27/2012 12:52:59 AM - Scheduled Checkpoint

RP54: 7/31/2012 6:42:13 AM - PB prob

.

==== Installed Programs ======================

.

µTorrent

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.2)

Apple Application Support

Apple Software Update

Autodesk Backburner 2013.0.0

Batman: Arkham City™

Braid (Version 1.015)

CyberLink Blu-ray Disc Suite

CyberLink LabelPrint

CyberLink Power2Go

CyberLink PowerBackup

CyberLink PowerDirector

CyberLink PowerDVD 10

CyberLink PowerProducer

Diablo II

Diablo III

Dual-Core Optimizer

Etron USB3.0 Host Controller

GOG.com Downloader version 3.0.40

Guild Wars

Intel® Management Engine Components

Intel® Processor Graphics

Java Auto Updater

Java 7 Update 4

JavaFX 2.1.0

League of Legends

Malwarebytes Anti-Malware version 1.62.0.1300

marvell 91xx driver

Mass Effect

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

mIRC

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

NVIDIA 3D Vision Controller Driver

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

OpenOffice.org 3.4

Pando Media Booster

Portal

Portal 2

Portal 2 Publishing Tool

QuickTime

Razer BlackWidow

Razer BlackWidow Firmware Updater

Realtek High Definition Audio Driver

Safari

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Star Wars: The Old Republic

Steam

Team Fortress 2

The Elder Scrolls V: Skyrim

The Witcher 2

The Witcher 2 - Assassins of Kings Enhanced Edition

VLC media player 1.0.5

Winamp

Winamp Detector Plug-in

.

==== Event Viewer Messages From Past Week ========

.

7/31/2012 8:46:09 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..

7/31/2012 8:01:09 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

7/31/2012 8:01:09 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

7/31/2012 8:01:08 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

7/27/2012 12:52:37 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

.

==== End Of File ===========================

Thanks and I hope to hear back from you.

Link to post
Share on other sites

Welcome to the forum.

Before we proceed further, please uninstall or disable uTorrent and any other peer-to-peer filesharing app.

Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against our policy:

http://forums.malwarebytes.org/index.php?showtopic=97700

----------------------------------------

Then........

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

RogueKiller V7.6.4 [07/17/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User: Ryan [Admin rights]

Mode: Scan -- Date: 08/01/2012 05:49:10

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 7 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : GOGcom (RUNDLL32.EXE C:\Users\Ryan\AppData\Local\GOGcom\fgjdyafh.dll,InjectDll) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-2613894083-535015234-3304594621-1000[...]\Run : GOGcom (RUNDLL32.EXE C:\Users\Ryan\AppData\Local\GOGcom\fgjdyafh.dll,InjectDll) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Ryan\AppData\Local\{e63a8549-b6f6-7370-358e-cd0d114b279c}\n.) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{e63a8549-b6f6-7370-358e-cd0d114b279c}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{e63a8549-b6f6-7370-358e-cd0d114b279c}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{e63a8549-b6f6-7370-358e-cd0d114b279c}\L --> FOUND

[ZeroAccess][FILE] @ : c:\users\ryan\appdata\local\{e63a8549-b6f6-7370-358e-cd0d114b279c}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\users\ryan\appdata\local\{e63a8549-b6f6-7370-358e-cd0d114b279c}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\ryan\appdata\local\{e63a8549-b6f6-7370-358e-cd0d114b279c}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1502FAEX-007BA0 ATA Device +++++

--- User ---

[MBR] 71e078ed60656b726c33c2e303366e6d

[bSP] 2480a6928ca5e881d32a6b033d557b07 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1430697 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

OK, here you go................

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

    [*]Select Command Prompt

    [*]In the command window type in notepad and press Enter.

    [*]The notepad opens. Under File menu select Open.

    [*]Select "Computer" and find your flash drive letter and close the notepad.

    [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

    [*]The tool will start to run.

    [*]When the tool opens click Yes to disclaimer.

    [*]Press Scan button.

    [*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

    services.exe

    [*]Now press the Search button

    [*]When the search is complete, search.txt will also be written to your USB

    [*]Type exit and reboot the computer normally

    [*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

¤¤¤ Registry Entries: 7 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : GOGcom (RUNDLL32.EXE C:\Users\Ryan\AppData\Local\GOGcom\fgjdyafh.dll,InjectDll) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-2613894083-535015234-3304594621-1000[...]\Run : GOGcom (RUNDLL32.EXE C:\Users\Ryan\AppData\Local\GOGcom\fgjdyafh.dll,InjectDll) -> FOUND

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01

Ran by SYSTEM at 01-08-2012 06:57:32

Running from F:\

Windows 7 Ultimate (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [168216 2011-04-20] (Intel Corporation)

HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-04-20] (Intel Corporation)

HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-04-20] (Intel Corporation)

HKLM\...\Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exe [310272 2011-11-09] (Saitek)

HKLM\...\Run: [saiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2011-11-09] (Saitek)

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11860072 2011-06-08] (Realtek Semiconductor)

HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)

HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-10-26] (Nullsoft, Inc.)

HKLM-x32\...\Run: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow\BlackwidowTray.exe [887696 2011-05-16] (Razer USA Ltd)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)

HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-11-02] (CyberLink)

HKLM-x32\...\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [87336 2010-02-02] (CyberLink Corp.)

HKLM-x32\...\Run: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-11-28] (cyberlink)

HKLM-x32\...\Run: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [222504 2010-12-20] (CyberLink Corp.)

HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)

HKU\Ryan\...\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-12-28] (Valve Corporation)

HKU\Ryan\...\Run: [GOGcom] RUNDLL32.EXE C:\Users\Ryan\AppData\Local\GOGcom\fgjdyafh.dll,InjectDll [454144 2012-07-28] (Microsoft Corporation)

Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

AppInit_DLLs: C:\Windows\system32\nvinitx.dll

==================== Services (Whitelisted) ======

2 CLKMSVC10_38F51D56; "C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe" /svc [241648 2010-11-29] (CyberLink)

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)

2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-06] ()

2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2011-02-22] (Intel Corporation)

========================== Drivers (Whitelisted) =============

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)

0 mvs91xx; C:\Windows\System32\Drivers\mvs91xx.sys [312624 2011-04-08] (Marvell Semiconductor, Inc.)

3 RzSynapse; C:\Windows\System32\Drivers\RzSynapse.sys [154624 2011-05-12] (Razer USA Ltd)

3 SaiK0CCB; C:\Windows\System32\Drivers\SaiK0CCB.sys [183104 2011-09-20] (Saitek)

3 SaiMini; C:\Windows\System32\Drivers\SaiMini.sys [24640 2011-11-10] (Saitek)

3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52160 2011-11-10] (Saitek)

3 SaiU0CCB; C:\Windows\System32\Drivers\SaiU0CCB.sys [47168 2011-09-20] (Saitek)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-01 05:22 - 2012-08-01 05:22 - 01438391 ____A (Farbar) C:\Users\Ryan\Downloads\FRST64.exe

2012-08-01 04:49 - 2012-08-01 04:49 - 00002502 ____A C:\Users\Ryan\Desktop\RKreport[1].txt

2012-08-01 04:48 - 2012-08-01 04:49 - 00000000 ____D C:\Users\Ryan\Desktop\RK_Quarantine

2012-08-01 04:47 - 2012-08-01 04:47 - 01552384 ____A C:\Users\Ryan\Desktop\RogueKiller.exe

2012-07-31 16:17 - 2012-07-31 16:17 - 00003981 ____A C:\Users\Ryan\Desktop\Attach.txt

2012-07-31 16:16 - 2012-07-31 16:16 - 00015685 ____A C:\Users\Ryan\Desktop\DDS.txt

2012-07-31 16:06 - 2012-07-31 16:06 - 00607260 ____R (Swearware) C:\Users\Ryan\Desktop\dds.com

2012-07-31 15:42 - 2012-07-31 15:46 - 00000000 ____D C:\Program Files\PeerBlock

2012-07-31 15:42 - 2012-07-31 15:42 - 00001736 ____A C:\Users\Ryan\Desktop\PeerBlock.lnk

2012-07-31 15:41 - 2012-07-31 15:41 - 02105040 ____A (PeerBlock, LLC ) C:\Users\Ryan\Downloads\PeerBlock-Setup_v1.1_r518(2).exe

2012-07-31 07:38 - 2012-05-18 06:26 - 00002380 ____A C:\Users\Ryan\Downloads\Firewall-Repair-Windows-7.reg

2012-07-31 07:38 - 2012-05-18 04:26 - 00086094 ____A C:\Users\Ryan\Downloads\BFE-Repair-Windows-7.reg

2012-07-31 07:35 - 2012-07-31 07:35 - 00007191 ____A C:\Users\Ryan\Downloads\BFE-Repair-Windows-7.zip

2012-07-28 13:04 - 2012-07-28 13:04 - 02105040 ____A (PeerBlock, LLC ) C:\Users\Ryan\Downloads\PeerBlock-Setup_v1.1_r518(1).exe

2012-07-28 10:11 - 2012-07-28 10:11 - 00000000 ____D C:\Users\Ryan\Downloads\Winkers 5

2012-07-28 10:07 - 2012-07-28 10:07 - 00000000 ____D C:\Users\Ryan\Downloads\Winkers 6 [DvdRip] [480p]._.mp4

2012-07-28 06:31 - 2012-07-28 06:31 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-28 06:31 - 2012-07-28 06:31 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Malwarebytes

2012-07-28 06:31 - 2012-07-28 06:31 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-07-28 06:31 - 2012-07-28 06:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-28 06:31 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-28 06:30 - 2012-07-28 06:30 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Ryan\Downloads\mbam-setup-1.62.0.1300.exe

2012-07-27 06:47 - 2012-08-01 05:12 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-07-26 07:29 - 2012-07-26 10:25 - 00000000 ____D C:\Users\Ryan\Downloads\Jenna Haze ## BD Remux ##

2012-07-26 04:30 - 2012-07-26 04:30 - 00000000 ____D C:\Users\Ryan\Desktop\RPG_Profiles_v1

2012-07-26 04:16 - 2012-07-26 05:45 - 00000000 ____D C:\Users\Ryan\Downloads\Cum Fart Cocktails 7

2012-07-26 04:12 - 2012-07-26 05:06 - 00000000 ____D C:\Users\Ryan\Downloads\Cum.Fart.Cocktails.8.XXX.DVDRip.XviD-STARLETS

2012-07-26 04:11 - 2012-07-26 04:11 - 00000000 ____D C:\Users\Ryan\Downloads\Cum Fart Cocktails # 3

2012-07-25 23:26 - 2012-07-25 23:26 - 00015029 ____A C:\Users\Ryan\Desktop\Lesbian.Oil.Orgy.2.XviD-PORNOLATiON.torrent

2012-07-25 23:19 - 2012-07-25 23:19 - 00000000 ____D C:\Users\Ryan\Downloads\Buttsluts

2012-07-25 06:55 - 2012-07-25 11:26 - 00000000 ____D C:\Users\Ryan\Downloads\Jenna. Haze.Oil.Orgy.720p.x264-CtrlHD

2012-07-25 03:48 - 2012-07-25 03:50 - 00000000 ____D C:\Users\Ryan\Downloads\Tristan Taormino's Expert Guides To Sex

2012-07-25 03:42 - 2012-07-25 04:51 - 00000000 ____D C:\Users\Ryan\Downloads\jenna_haze_oil_orgy HD

2012-07-25 03:36 - 2012-07-25 03:41 - 00000000 ____D C:\Users\Ryan\Downloads\Microsoft Office Proffesional Plus 2010 Corporate Final (full activated)

2012-07-25 03:23 - 2012-07-25 03:24 - 00000000 ____D C:\Users\Ryan\Downloads\Formulas and Functions Microsoft Excel 2010

2012-07-24 07:31 - 2012-07-24 08:37 - 00000000 ____D C:\Users\Ryan\Downloads\Lesbian.Oil.Orgy.2.XviD-PORNOLATiON

2012-07-24 06:12 - 2012-07-24 09:44 - 3376740309 ____A C:\Users\Ryan\Downloads\The Dark Knight.mkv

2012-07-23 10:10 - 2012-07-23 20:25 - 00000000 ____D C:\Users\Ryan\Downloads\Fashionistas Safado 1080p

2012-07-23 03:56 - 2012-07-23 04:01 - 00000000 ____D C:\Users\Ryan\Downloads\Bitchcraft 7

2012-07-23 03:50 - 2012-07-23 04:00 - 00000000 ____D C:\Users\Ryan\Downloads\Bitchcraft_2_XXX_DVDRip_[torrents.ru]

2012-07-23 03:49 - 2012-07-23 03:49 - 00000140 ____A C:\Users\Ryan\Downloads\Bitchcraft 7 2009 DVDRip-[rarbg.com].nfo

2012-07-22 07:32 - 2012-07-22 07:32 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%

2012-07-21 20:15 - 2012-05-15 02:48 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll

2012-07-21 20:15 - 2012-05-15 02:48 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll

2012-07-21 20:15 - 2012-05-15 02:48 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2012-07-21 20:15 - 2012-05-15 02:48 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll

2012-07-21 20:15 - 2012-05-15 02:48 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2012-07-21 20:15 - 2012-05-15 02:48 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys

2012-07-21 20:15 - 2012-05-15 02:48 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll

2012-07-21 20:15 - 2012-05-15 02:48 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2012-07-21 20:15 - 2012-05-15 02:48 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll

2012-07-21 20:15 - 2012-05-15 02:48 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll

2012-07-21 20:15 - 2012-05-15 02:48 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2012-07-21 20:15 - 2012-05-15 02:48 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll

2012-07-21 20:15 - 2012-05-15 02:48 - 00364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll

2012-07-21 20:15 - 2012-05-15 02:48 - 00301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll

2012-07-21 20:15 - 2012-04-18 09:08 - 00188736 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys

2012-07-21 20:15 - 2012-04-18 09:08 - 00031040 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll

2012-07-21 19:09 - 2012-07-21 19:10 - 168454136 ____A (NVIDIA Corporation) C:\Users\Ryan\Downloads\301.42-desktop-win7-winvista-64bit-english-whql.exe

2012-07-20 05:48 - 2012-07-28 04:09 - 22657136 ____A C:\Users\Ryan\Documents\vlc-2.0.2-win32.exe

2012-07-20 03:11 - 2012-07-20 03:15 - 00000000 ____D C:\Users\Ryan\Downloads\Batman.Begins.2005.720p.BluRay.DTS.x264-ESiR [PublicHD]

2012-07-20 02:48 - 2012-07-20 02:48 - 02105040 ____A (PeerBlock, LLC ) C:\Users\Ryan\Downloads\PeerBlock-Setup_v1.1_r518.exe

2012-07-19 06:34 - 2012-07-19 06:34 - 00000000 ____D C:\Users\Ryan\Downloads\Anal.Desires.2

2012-07-19 06:28 - 2012-07-19 06:34 - 00000000 ____D C:\Users\Ryan\Downloads\Anal Cavity Search 8

2012-07-19 06:23 - 2012-07-19 13:25 - 00000000 ____D C:\Users\Ryan\Downloads\Anal.Cavity.Search.6.DISC1.XXX.DVDRip.XviD-FLESHLiGHT

2012-07-18 21:33 - 2012-07-27 04:09 - 00000000 ____D C:\Users\Ryan\Desktop\Preset 2

2012-07-18 21:33 - 2011-12-18 18:11 - 00000000 ____D C:\Users\Ryan\Desktop\Preset 3

2012-07-18 21:33 - 2011-12-18 18:11 - 00000000 ____D C:\Users\Ryan\Desktop\Preset 1

2012-07-18 21:33 - 2011-12-18 14:11 - 00000000 ____D C:\Users\Ryan\Desktop\Preset 4

2012-07-18 16:21 - 2012-07-18 16:21 - 00017280 ____A C:\Users\Ryan\Desktop\cover letter.odt

2012-07-18 07:25 - 2012-07-18 08:18 - 00000000 ____D C:\Users\Ryan\Downloads\Anal Lessons (2012) DVDRip

2012-07-18 01:59 - 2012-07-28 09:59 - 00000000 ____D C:\Users\Ryan\AppData\Local\GOGcom

2012-07-17 05:33 - 2012-07-17 05:33 - 01912168 ____A (mIRC Co. Ltd.) C:\Users\Ryan\Downloads\mirc725(1).exe

2012-07-17 02:50 - 2012-07-17 02:51 - 00000000 ____D C:\Users\Ryan\Desktop\lez

2012-07-17 02:17 - 2012-07-24 10:52 - 00000000 ____D C:\Users\Ryan\Desktop\MOVIES

2012-07-16 01:42 - 2012-07-16 01:42 - 00000000 ____D C:\Users\Ryan\AppData\Local\Power2Go

2012-07-14 02:34 - 2012-07-14 02:34 - 00000219 ____A C:\Users\Ryan\Desktop\Team Fortress 2.url

2012-07-13 21:46 - 2012-07-13 21:46 - 00127975 ___RA C:\Users\Ryan\Desktop\Post_Process_Injector_2_1_Manual_Install-131.7z

2012-07-13 06:39 - 2012-07-11 03:06 - 01200075 ___RA C:\Users\Ryan\Desktop\SkyUI_2_2-3863-2-2.7z

2012-07-13 06:11 - 2012-07-13 06:17 - 00002848 ____A C:\Users\Ryan\Desktop\SKSE.lnk

2012-07-13 06:05 - 2012-07-13 06:05 - 00076242 ____A C:\Users\Ryan\Desktop\SKSE Scripts.rar

2012-07-13 06:01 - 2012-07-13 06:01 - 00000000 ____D C:\Games

2012-07-13 06:00 - 2012-07-27 09:46 - 00000890 ____A C:\Users\Public\Desktop\Nexus Mod Manager.lnk

2012-07-13 06:00 - 2012-07-27 09:46 - 00000000 ____D C:\Program Files\Nexus Mod Manager

2012-07-13 06:00 - 2012-07-27 04:28 - 00000000 ____D C:\Users\Ryan\Documents\Nexus Mod Manager

2012-07-13 06:00 - 2012-07-13 06:00 - 00000000 ____D C:\Users\Ryan\AppData\Local\Black_Tree_Gaming

2012-07-13 05:52 - 2012-07-13 05:52 - 03842975 ____A (Black Tree Gaming ) C:\Users\Ryan\Downloads\Nexus Mod Manager-0.18.9.exe

2012-07-13 05:26 - 2012-07-13 06:08 - 00000000 ____D C:\Users\Ryan\Desktop\skse_1_05_09

2012-07-10 18:54 - 2012-07-10 18:54 - 01912168 ____A (mIRC Co. Ltd.) C:\Users\Ryan\Downloads\mirc725.exe

2012-07-08 10:26 - 2012-07-08 10:26 - 00000000 ____D C:\Users\Ryan\AppData\Local\Cyberlink

2012-07-06 22:45 - 2012-07-06 22:45 - 00021517 ____A C:\Users\Ryan\Desktop\Resume.odt

2012-07-06 22:27 - 2012-07-06 22:27 - 00000000 ____D C:\Users\Public\CyberLink

2012-07-06 22:25 - 2012-07-06 22:25 - 00000000 ____D C:\Users\Ryan\Documents\CyberLink

2012-07-06 22:17 - 2012-07-16 01:42 - 00001235 ____A C:\Users\Ryan\Desktop\Blu-ray Disc Suite.lnk

2012-07-06 22:17 - 2012-07-06 22:17 - 00001253 ____A C:\Users\UpdatusUser\Desktop\Blu-ray Disc Suite.lnk

2012-07-06 22:17 - 2012-07-06 22:17 - 00001253 ____A C:\Users\Default\Desktop\Blu-ray Disc Suite.lnk

2012-07-06 22:17 - 2012-07-06 22:17 - 00001253 ____A C:\Users\Default User\Desktop\Blu-ray Disc Suite.lnk

2012-07-06 22:14 - 2012-07-06 22:14 - 00505128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll

2012-07-06 22:14 - 2012-07-06 22:14 - 00353576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll

2012-07-06 22:14 - 2012-07-06 22:14 - 00029480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll

2012-07-06 22:11 - 2012-07-08 10:26 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\CyberLink

2012-07-06 22:07 - 2012-07-06 22:25 - 00000000 ____D C:\Users\All Users\CyberLink

2012-07-06 22:07 - 2012-07-06 22:17 - 00000000 ____D C:\Program Files (x86)\CyberLink

============ 3 Months Modified Files ========================

2012-08-01 05:43 - 2009-07-13 20:45 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-08-01 05:43 - 2009-07-13 20:45 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-08-01 05:40 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-08-01 05:40 - 2009-07-13 20:51 - 00031790 ____A C:\Windows\setupact.log

2012-08-01 05:22 - 2012-08-01 05:22 - 01438391 ____A (Farbar) C:\Users\Ryan\Downloads\FRST64.exe

2012-08-01 05:16 - 2009-07-13 21:13 - 00778660 ____A C:\Windows\System32\PerfStringBackup.INI

2012-08-01 05:12 - 2012-07-27 06:47 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-08-01 04:49 - 2012-08-01 04:49 - 00002502 ____A C:\Users\Ryan\Desktop\RKreport[1].txt

2012-08-01 04:47 - 2012-08-01 04:47 - 01552384 ____A C:\Users\Ryan\Desktop\RogueKiller.exe

2012-07-31 16:17 - 2012-07-31 16:17 - 00003981 ____A C:\Users\Ryan\Desktop\Attach.txt

2012-07-31 16:16 - 2012-07-31 16:16 - 00015685 ____A C:\Users\Ryan\Desktop\DDS.txt

2012-07-31 16:06 - 2012-07-31 16:06 - 00607260 ____R (Swearware) C:\Users\Ryan\Desktop\dds.com

2012-07-31 15:42 - 2012-07-31 15:42 - 00001736 ____A C:\Users\Ryan\Desktop\PeerBlock.lnk

2012-07-31 15:41 - 2012-07-31 15:41 - 02105040 ____A (PeerBlock, LLC ) C:\Users\Ryan\Downloads\PeerBlock-Setup_v1.1_r518(2).exe

2012-07-31 15:40 - 2011-12-27 02:21 - 01081317 ____A C:\Windows\WindowsUpdate.log

2012-07-31 07:35 - 2012-07-31 07:35 - 00007191 ____A C:\Users\Ryan\Downloads\BFE-Repair-Windows-7.zip

2012-07-29 12:03 - 2011-12-30 04:38 - 333191136 ____A C:\Windows\PFRO.log

2012-07-28 13:04 - 2012-07-28 13:04 - 02105040 ____A (PeerBlock, LLC ) C:\Users\Ryan\Downloads\PeerBlock-Setup_v1.1_r518(1).exe

2012-07-28 06:31 - 2012-07-28 06:31 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-28 06:30 - 2012-07-28 06:30 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Ryan\Downloads\mbam-setup-1.62.0.1300.exe

2012-07-28 04:09 - 2012-07-20 05:48 - 22657136 ____A C:\Users\Ryan\Documents\vlc-2.0.2-win32.exe

2012-07-27 09:46 - 2012-07-13 06:00 - 00000890 ____A C:\Users\Public\Desktop\Nexus Mod Manager.lnk

2012-07-27 07:12 - 2012-04-19 01:33 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-07-27 07:12 - 2011-12-27 04:09 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-07-25 23:26 - 2012-07-25 23:26 - 00015029 ____A C:\Users\Ryan\Desktop\Lesbian.Oil.Orgy.2.XviD-PORNOLATiON.torrent

2012-07-24 09:44 - 2012-07-24 06:12 - 3376740309 ____A C:\Users\Ryan\Downloads\The Dark Knight.mkv

2012-07-23 03:49 - 2012-07-23 03:49 - 00000140 ____A C:\Users\Ryan\Downloads\Bitchcraft 7 2009 DVDRip-[rarbg.com].nfo

2012-07-21 19:10 - 2012-07-21 19:09 - 168454136 ____A (NVIDIA Corporation) C:\Users\Ryan\Downloads\301.42-desktop-win7-winvista-64bit-english-whql.exe

2012-07-21 18:57 - 2009-07-13 20:45 - 00306344 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-20 02:48 - 2012-07-20 02:48 - 02105040 ____A (PeerBlock, LLC ) C:\Users\Ryan\Downloads\PeerBlock-Setup_v1.1_r518.exe

2012-07-18 16:21 - 2012-07-18 16:21 - 00017280 ____A C:\Users\Ryan\Desktop\cover letter.odt

2012-07-17 05:34 - 2011-12-27 03:37 - 00000951 ____A C:\Users\Public\Desktop\mIRC.lnk

2012-07-17 05:33 - 2012-07-17 05:33 - 01912168 ____A (mIRC Co. Ltd.) C:\Users\Ryan\Downloads\mirc725(1).exe

2012-07-16 01:42 - 2012-07-06 22:17 - 00001235 ____A C:\Users\Ryan\Desktop\Blu-ray Disc Suite.lnk

2012-07-14 02:34 - 2012-07-14 02:34 - 00000219 ____A C:\Users\Ryan\Desktop\Team Fortress 2.url

2012-07-13 21:46 - 2012-07-13 21:46 - 00127975 ___RA C:\Users\Ryan\Desktop\Post_Process_Injector_2_1_Manual_Install-131.7z

2012-07-13 06:17 - 2012-07-13 06:11 - 00002848 ____A C:\Users\Ryan\Desktop\SKSE.lnk

2012-07-13 06:05 - 2012-07-13 06:05 - 00076242 ____A C:\Users\Ryan\Desktop\SKSE Scripts.rar

2012-07-13 05:52 - 2012-07-13 05:52 - 03842975 ____A (Black Tree Gaming ) C:\Users\Ryan\Downloads\Nexus Mod Manager-0.18.9.exe

2012-07-11 03:06 - 2012-07-13 06:39 - 01200075 ___RA C:\Users\Ryan\Desktop\SkyUI_2_2-3863-2-2.7z

2012-07-10 19:34 - 2012-06-18 01:52 - 00129116 ___AH C:\Windows\SysWOW64\mlfcache.dat

2012-07-10 18:54 - 2012-07-10 18:54 - 01912168 ____A (mIRC Co. Ltd.) C:\Users\Ryan\Downloads\mirc725.exe

2012-07-07 02:26 - 2011-12-28 12:16 - 00070312 ____A C:\Users\Ryan\AppData\Local\GDIPFONTCACHEV1.DAT

2012-07-06 22:45 - 2012-07-06 22:45 - 00021517 ____A C:\Users\Ryan\Desktop\Resume.odt

2012-07-06 22:17 - 2012-07-06 22:17 - 00001253 ____A C:\Users\UpdatusUser\Desktop\Blu-ray Disc Suite.lnk

2012-07-06 22:17 - 2012-07-06 22:17 - 00001253 ____A C:\Users\Default\Desktop\Blu-ray Disc Suite.lnk

2012-07-06 22:17 - 2012-07-06 22:17 - 00001253 ____A C:\Users\Default User\Desktop\Blu-ray Disc Suite.lnk

2012-07-06 22:14 - 2012-07-06 22:14 - 00505128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll

2012-07-06 22:14 - 2012-07-06 22:14 - 00353576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll

2012-07-06 22:14 - 2012-07-06 22:14 - 00029480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll

2012-07-03 12:46 - 2012-07-28 06:31 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-06-30 16:02 - 2012-06-30 16:02 - 00014499 ____A C:\Users\Ryan\Documents\Untitled 1.odt

2012-06-30 16:02 - 2012-06-12 14:48 - 00008825 ____A C:\Users\Ryan\Desktop\winriver_application_cocktail server.txt

2012-06-25 01:20 - 2012-05-29 23:29 - 22259528 ____A C:\Users\Ryan\Documents\vlc-2.0.1-win32.exe

2012-06-18 16:50 - 2012-06-28 08:48 - 00011305 ____A C:\Users\Ryan\Documents\winriver_application_cocktail%20server.txt_1_1.odt

2012-06-15 14:36 - 2012-06-17 01:48 - 00015510 ____A C:\Users\Ryan\Documents\winriver_application_cocktail%20server.txt_1.odt

2012-06-14 18:56 - 2012-06-14 17:38 - 1326187219 ____A C:\Users\Ryan\Desktop\Microsoft Office 2011 v14.1.3.zip

2012-06-14 17:14 - 2012-06-14 17:14 - 00001168 ____A C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk

2012-06-14 17:04 - 2012-06-14 15:49 - 151801119 ____A C:\Users\Ryan\Downloads\Apache_OpenOffice_incubating_3.4.0_Win_x86_install_en-US.exe

2012-06-07 15:33 - 2012-06-07 15:33 - 05314684 ____A C:\Users\Ryan\Downloads\IMG_6286.MOV

2012-06-02 14:19 - 2012-06-28 13:43 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 14:19 - 2012-06-28 13:43 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 14:19 - 2012-06-28 13:43 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 14:19 - 2012-06-28 13:43 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 14:19 - 2012-06-28 13:43 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 14:19 - 2012-06-28 13:43 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 14:15 - 2012-06-28 13:43 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 14:15 - 2012-06-28 13:43 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 14:15 - 2012-06-28 13:43 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-05-31 21:22 - 2012-05-31 21:22 - 00001792 ____A C:\Users\Public\Desktop\Autodesk Maya 2013 64-bit.lnk

2012-05-31 21:20 - 2011-12-28 12:16 - 00063356 ____A C:\Windows\DirectX.log

2012-05-27 20:02 - 2012-05-27 20:02 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-05-22 16:46 - 2012-05-22 16:46 - 03216374 ____A (Blizzard Entertainment) C:\Users\Ryan\Downloads\StarCraft_2_NA_en-US.exe

2012-05-20 18:31 - 2012-05-20 18:31 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk

2012-05-18 06:26 - 2012-07-31 07:38 - 00002380 ____A C:\Users\Ryan\Downloads\Firewall-Repair-Windows-7.reg

2012-05-18 04:26 - 2012-07-31 07:38 - 00086094 ____A C:\Users\Ryan\Downloads\BFE-Repair-Windows-7.reg

2012-05-15 22:18 - 2012-05-15 22:18 - 32288896 ____A (Blizzard Entertainment) C:\Users\Ryan\Downloads\Diablo-III-Setup-enUS.exe

2012-05-15 17:53 - 2012-05-15 17:25 - 00001189 ____A C:\Users\Public\Desktop\Diablo III.lnk

2012-05-15 16:43 - 2012-05-15 16:43 - 00001125 ____A C:\Users\Public\Desktop\Diablo II - Lord of Destruction.lnk

2012-05-15 16:06 - 2012-05-15 16:06 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf

2012-05-15 02:48 - 2012-07-21 20:15 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll

2012-05-15 02:48 - 2012-07-21 20:15 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll

2012-05-15 02:48 - 2012-07-21 20:15 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2012-05-15 02:48 - 2012-07-21 20:15 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll

2012-05-15 02:48 - 2012-07-21 20:15 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2012-05-15 02:48 - 2012-07-21 20:15 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys

2012-05-15 02:48 - 2012-07-21 20:15 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll

2012-05-15 02:48 - 2012-07-21 20:15 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2012-05-15 02:48 - 2012-07-21 20:15 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll

2012-05-15 02:48 - 2012-07-21 20:15 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll

2012-05-15 02:48 - 2012-07-21 20:15 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2012-05-15 02:48 - 2012-07-21 20:15 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll

2012-05-15 02:48 - 2012-07-21 20:15 - 00364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll

2012-05-15 02:48 - 2012-07-21 20:15 - 00301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll

2012-05-15 02:48 - 2012-05-12 00:58 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll

2012-05-15 02:48 - 2012-05-12 00:58 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll

2012-05-15 02:48 - 2012-05-12 00:58 - 00949056 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll

2012-05-15 02:48 - 2012-05-12 00:58 - 00818496 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll

2012-05-15 02:48 - 2012-05-12 00:58 - 00246592 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll

2012-05-15 02:48 - 2012-05-12 00:58 - 00202048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

2012-05-15 02:48 - 2012-05-12 00:58 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll

2012-05-15 02:48 - 2012-05-12 00:58 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll

2012-05-15 02:48 - 2011-12-27 07:32 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll

2012-05-15 02:48 - 2011-12-27 07:32 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll

2012-05-15 02:48 - 2011-12-27 07:32 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2012-05-15 02:48 - 2011-12-27 07:32 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll

2012-05-15 02:48 - 2011-12-27 07:32 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll

2012-05-15 02:48 - 2011-12-27 07:32 - 00014324 ____A C:\Windows\System32\nvinfo.pb

2012-05-15 01:29 - 2012-05-12 00:58 - 02621723 ____A C:\Windows\System32\nvcoproc.bin

2012-05-15 01:29 - 2011-12-27 07:32 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll

2012-05-15 01:29 - 2011-12-27 07:32 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

2012-05-15 01:29 - 2011-12-27 07:32 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll

2012-05-15 01:29 - 2011-12-27 07:32 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll

2012-05-15 01:28 - 2011-12-27 07:32 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll

2012-05-15 01:21 - 2012-05-15 01:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe

2012-05-12 00:59 - 2012-05-12 00:59 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini

2012-05-12 00:55 - 2012-05-12 00:51 - 166448312 ____A (NVIDIA Corporation) C:\Users\Ryan\Downloads\296.10-desktop-win7-winvista-64bit-english-whql.exe

2012-05-12 00:48 - 2012-05-12 00:49 - 00772552 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2012-05-12 00:48 - 2012-05-12 00:48 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2012-05-12 00:48 - 2012-05-12 00:48 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2012-05-12 00:47 - 2012-05-12 00:47 - 00892360 ____A (Oracle Corporation) C:\Users\Ryan\Downloads\jxpiinstall.exe

2012-05-04 02:19 - 2012-05-04 02:13 - 74354694 ____A (BioWare) C:\Users\Ryan\Downloads\MassEffect_EFIGS_1.02.exe

ZeroAccess:

C:\Windows\Installer\{e63a8549-b6f6-7370-358e-cd0d114b279c}

C:\Windows\Installer\{e63a8549-b6f6-7370-358e-cd0d114b279c}\@

C:\Windows\Installer\{e63a8549-b6f6-7370-358e-cd0d114b279c}\L

C:\Windows\Installer\{e63a8549-b6f6-7370-358e-cd0d114b279c}\U

C:\Windows\Installer\{e63a8549-b6f6-7370-358e-cd0d114b279c}\L\00000004.@

C:\Windows\Installer\{e63a8549-b6f6-7370-358e-cd0d114b279c}\L\201d3dde

C:\Windows\Installer\{e63a8549-b6f6-7370-358e-cd0d114b279c}\U\00000004.@

C:\Windows\Installer\{e63a8549-b6f6-7370-358e-cd0d114b279c}\U\000000cb.@

C:\Windows\Installer\{e63a8549-b6f6-7370-358e-cd0d114b279c}\U\80000000.@

C:\Windows\Installer\{e63a8549-b6f6-7370-358e-cd0d114b279c}\U\80000032.@

C:\Windows\Installer\{e63a8549-b6f6-7370-358e-cd0d114b279c}\U\80000064.@

ZeroAccess:

C:\Users\Ryan\AppData\Local\{e63a8549-b6f6-7370-358e-cd0d114b279c}

C:\Users\Ryan\AppData\Local\{e63a8549-b6f6-7370-358e-cd0d114b279c}\@

C:\Users\Ryan\AppData\Local\{e63a8549-b6f6-7370-358e-cd0d114b279c}\L

C:\Users\Ryan\AppData\Local\{e63a8549-b6f6-7370-358e-cd0d114b279c}\U

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%

Total physical RAM: 8104.58 MB

Available physical RAM: 6863.7 MB

Total Pagefile: 8102.73 MB

Available Pagefile: 7009.08 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:1397.17 GB) (Free:540.28 GB) NTFS

3 Drive f: () (Removable) (Total:3.74 GB) (Free:3.71 GB) FAT32

4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 1397 GB 0 B

Disk 1 Online 3835 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 1397 GB 101 MB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 1397 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 3827 MB 19 KB

==================================================================================

Disk: 1

Partition 1

Type : 0B

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 F FAT32 Removable 3827 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-27 23:32

======================= End Of Log ==========================

Farbar Recovery Scan Tool Version: 25-07-2012 01

Ran by SYSTEM at 2012-08-01 06:52:51

Running from F:\

================== Search: "services.exe" ===================

C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows.old\Windows\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

Link to post
Share on other sites

OK, here you go......Please carefully carry out this procedure!!!!!!

Open notepad. Make sure "word wrap" under Format is unchecked! Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt


HKU\Ryan\...\Run: [GOGcom] RUNDLL32.EXE C:\Users\Ryan\AppData\Local\GOGcom\fgjdyafh.dll,InjectDll [454144 2012-07-28]
C:\Users\Ryan\AppData\Local\GOGcom\fgjdyafh.dll
C:\Windows\Installer\{e63a8549-b6f6-7370-358e-cd0d114b279c}
C:\Users\Ryan\AppData\Local\{e63a8549-b6f6-7370-358e-cd0d114b279c}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

Link to post
Share on other sites

OK, the hardest part about this is getting the timing down of when to press F8 when I restart to bring up system recover options. I got it right before my last post, but the last time I actually got to the command prompt, I forgot what to do so I just started up to read this again. Now, the last two times I've pressed F8, it's brought up the screen saying windows didn't startup properly, and just has two options for system repair, or to start windows normally.

I'll try again, but if it doesn't get back to system recovery options, should I load my system restore point?

Link to post
Share on other sites

OK, I figured out my timing problem was with my mechanical keyboard not powering up until the second BIOS screen appeared.

But, here's the fixlog file from FRST64 run in normal windows. Do I have to do it again in recovery?

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01

Ran by Ryan at 2012-08-01 09:49:42 Run:1

Running from G:\

ATTENTION: THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

==============================================

HKEY_USERS\Ryan\Software\Microsoft\Windows\CurrentVersion\Run\\GOGcom Value not found.

C:\Users\Ryan\AppData\Local\GOGcom\fgjdyafh.dll moved successfully.

C:\Windows\Installer\{e63a8549-b6f6-7370-358e-cd0d114b279c} moved successfully.

C:\Users\Ryan\AppData\Local\{e63a8549-b6f6-7370-358e-cd0d114b279c} moved successfully.

Could not move C:\Windows\assembly\GAC_32\Desktop.ini.

Could not move C:\Windows\assembly\GAC_64\Desktop.ini.

C:\Windows\System32\services.exe moved successfully.

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

Link to post
Share on other sites

No you didn't do it right but we'll use ComboFix to get the leftovers.......

Could not move C:\Windows\assembly\GAC_32\Desktop.ini.

Could not move C:\Windows\assembly\GAC_64\Desktop.ini.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 12-07-31.03 - Ryan 08/01/2012 10:21:21.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8105.6508 [GMT -7:00]

Running from: c:\users\Ryan\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

.

.

((((((((((((((((((((((((( Files Created from 2012-07-01 to 2012-08-01 )))))))))))))))))))))))))))))))

.

.

2012-08-01 14:51 . 2012-08-01 14:51 -------- d-----w- C:\FRST

2012-07-31 23:42 . 2012-07-31 23:46 -------- d-----w- c:\program files\PeerBlock

2012-07-28 14:31 . 2012-07-28 14:31 -------- d-----w- c:\users\Ryan\AppData\Roaming\Malwarebytes

2012-07-28 14:31 . 2012-07-28 14:31 -------- d-----w- c:\programdata\Malwarebytes

2012-07-28 14:31 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-28 14:31 . 2012-07-28 14:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-22 15:32 . 2012-07-22 15:32 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-07-18 09:59 . 2012-08-01 16:49 -------- d-----w- c:\users\Ryan\AppData\Local\GOGcom

2012-07-16 09:42 . 2012-07-16 09:42 -------- d-----w- c:\users\Ryan\AppData\Local\Power2Go

2012-07-13 14:01 . 2012-07-13 14:01 -------- d-----w- C:\Games

2012-07-13 14:00 . 2012-07-13 14:00 -------- d-----w- c:\users\Ryan\AppData\Local\Black_Tree_Gaming

2012-07-13 14:00 . 2012-07-27 17:46 -------- d-----w- c:\program files\Nexus Mod Manager

2012-07-08 18:26 . 2012-07-08 18:26 -------- d-----w- c:\users\Ryan\AppData\Local\Cyberlink

2012-07-07 06:27 . 2012-07-07 06:27 -------- d-----w- c:\users\Public\CyberLink

2012-07-07 06:14 . 2012-07-07 06:14 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll

2012-07-07 06:14 . 2012-07-07 06:14 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll

2012-07-07 06:14 . 2012-07-07 06:14 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-07-07 06:11 . 2012-07-08 18:26 -------- d-----w- c:\users\Ryan\AppData\Roaming\CyberLink

2012-07-07 06:11 . 2001-09-05 11:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll

2012-07-07 06:11 . 2001-09-05 11:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll

2012-07-07 06:11 . 2001-09-05 11:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll

2012-07-07 06:11 . 2001-09-05 11:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll

2012-07-07 06:07 . 2012-07-07 06:17 -------- d-----w- c:\program files (x86)\CyberLink

2012-07-07 06:07 . 2012-07-07 06:25 -------- d-----w- c:\programdata\CyberLink

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-27 15:12 . 2012-04-19 09:33 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-27 15:12 . 2011-12-27 12:09 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-02 22:19 . 2012-06-28 21:43 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-28 21:43 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-28 21:43 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-28 21:43 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-28 21:43 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 22:19 . 2012-06-28 21:43 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-28 21:43 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-28 21:43 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 22:15 . 2012-06-28 21:43 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-05-15 10:48 . 2012-05-12 08:58 949056 ----a-w- c:\windows\system32\nvumdshimx.dll

2012-05-15 10:48 . 2012-05-12 08:58 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2012-05-15 10:48 . 2012-05-12 08:58 68928 ----a-w- c:\windows\system32\OpenCL.dll

2012-05-15 10:48 . 2012-05-12 08:58 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-05-15 10:48 . 2012-05-12 08:58 246592 ----a-w- c:\windows\system32\nvinitx.dll

2012-05-15 10:48 . 2012-05-12 08:58 202048 ----a-w- c:\windows\SysWow64\nvinit.dll

2012-05-15 10:48 . 2012-05-12 08:58 1738048 ----a-w- c:\windows\system32\nvdispco64.dll

2012-05-15 10:48 . 2012-05-12 08:58 1468224 ----a-w- c:\windows\system32\nvgenco64.dll

2012-05-15 10:48 . 2011-12-27 15:32 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-05-15 10:48 . 2011-12-27 15:32 2741568 ----a-w- c:\windows\system32\nvapi64.dll

2012-05-15 10:48 . 2011-12-27 15:32 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-05-15 10:48 . 2011-12-27 15:32 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-05-15 10:48 . 2011-12-27 15:32 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-05-15 09:29 . 2011-12-27 15:32 889664 ----a-w- c:\windows\system32\nvvsvc.exe

2012-05-15 09:29 . 2011-12-27 15:32 63296 ----a-w- c:\windows\system32\nvshext.dll

2012-05-15 09:29 . 2011-12-27 15:32 118080 ----a-w- c:\windows\system32\nvmctray.dll

2012-05-15 09:29 . 2012-05-12 08:58 2621723 ----a-w- c:\windows\system32\nvcoproc.bin

2012-05-15 09:29 . 2011-12-27 15:32 3149632 ----a-w- c:\windows\system32\nvsvc64.dll

2012-05-15 09:28 . 2011-12-27 15:32 6151488 ----a-w- c:\windows\system32\nvcpl.dll

2012-05-15 09:21 . 2012-05-15 09:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-05-12 08:48 . 2012-05-12 08:49 772552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-05-12 06:11 . 2009-08-18 20:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll

2012-05-12 06:11 . 2009-08-18 19:24 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-12-28 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-10-26 74752]

"Razer Blackwidow Driver"="c:\program files (x86)\Razer\BlackWidow\BlackwidowTray.exe" [2011-05-16 887696]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]

"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-11-29 75048]

"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-12-20 222504]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/07/06 23:15;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-29 241648]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-06-01 1432400]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-22 113120]

R3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-05-13 154624]

S0 mvs91xx;mvs91xx;c:\windows\system32\DRIVERS\mvs91xx.sys [2011-04-08 312624]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-02-15 412712]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]

S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [2011-09-20 183104]

S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [2011-09-20 47168]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - CLKMDRV10_38F51D56

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 15:12]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]

"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2011-11-10 310272]

"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2011-11-10 158208]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://isearch.whitesmoke.com/?isid=9858

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9858

TCP: DhcpNameServer = 192.168.1.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll

FF - ProfilePath - c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\6uittgxq.default\

FF - prefs.js: browser.startup.homepage - hxxp://isearch.whitesmoke.com/?isid=9858

FF - prefs.js: keyword.URL - hxxp://isearch.whitesmoke.com/?babsrc=home&s=web&as=0&isid=9858&q=

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-GOGcom - c:\users\Ryan\AppData\Local\GOGcom\fgjdyafh.dll

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2613894083-535015234-3304594621-1000\Software\SecuROM\License information*]

"datasecu"=hex:72,9c,b1,44,70,ee,1e,e3,58,bf,d7,4b,23,17,f0,16,35,4c,8c,3f,c7,

c2,06,2c,f1,d6,41,a7,d2,6a,ff,be,a6,89,b7,eb,4b,21,26,d9,2a,cd,a8,8f,e9,c0,\

"rkeysecu"=hex:97,83,0a,43,1f,25,b1,e6,ad,54,d9,8a,a9,e6,d4,cc

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-08-01 10:31:53 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-01 17:31

.

Pre-Run: 590,974,447,616 bytes free

Post-Run: 593,876,488,192 bytes free

.

- - End Of File - - D701E5331A017BE1B4971BC17B5AAC2C

Link to post
Share on other sites

RogueKiller V7.6.4 [07/17/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User: Ryan [Admin rights]

Mode: Scan -- Date: 08/01/2012 10:52:26

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1502FAEX-007BA0 ATA Device +++++

--- User ---

[MBR] 71e078ed60656b726c33c2e303366e6d

[bSP] 2480a6928ca5e881d32a6b033d557b07 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1430697 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

Link to post
Share on other sites

Looks perfect. Thanks a ton!

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.01.06

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Ryan :: RYAN-PC [administrator]

Protection: Enabled

8/1/2012 11:01:38 AM

mbam-log-2012-08-01 (11-01-38).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 210378

Time elapsed: 1 minute(s), 5 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Great thumbsup.gif

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Well, I did all the cleanup you said. My computer is working great now, the only thing is windows update won't install any updates. It gets an error code 80246008.

Honestly, I don't usually have windows set to update automatically, and I'm sure I've gone a long time without installing any updates before I was having any problems.

Do you think it's important to always update windows? What about the optional updates? Thanks again for your tremendous help.

Link to post
Share on other sites

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

MrC

Link to post
Share on other sites

Farbar Service Scanner Version: 26-07-2012

Ran by Ryan (administrator) on 01-08-2012 at 14:23:07

Running from "C:\Users\Ryan\Desktop"

Microsoft Windows 7 Ultimate (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

BITS Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.

The ImagePath of BITS service is OK.

The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

Other Services:

==============

sharedaccess Service is not running. Checking service configuration:

The start type of sharedaccess service is set to Auto

The ImagePath of sharedaccess service is OK.

The ServiceDll of sharedaccess service is OK.

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys

[2012-03-30 06:49] - [2011-12-27 20:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll

[2009-07-13 17:09] - [2009-07-13 18:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll

[2009-07-13 16:36] - [2009-07-13 18:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Link to post
Share on other sites

Farbar Service Scanner Version: 26-07-2012

Ran by Ryan (administrator) on 01-08-2012 at 14:37:57

Running from "C:\Users\Ryan\Desktop"

Microsoft Windows 7 Ultimate (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

BITS Service is not running. Checking service configuration:

The start type of BITS service is OK.

The ImagePath of BITS service is OK.

The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

Other Services:

==============

sharedaccess Service is not running. Checking service configuration:

The start type of sharedaccess service is set to Auto

The ImagePath of sharedaccess service is OK.

The ServiceDll of sharedaccess service is OK.

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys

[2012-03-30 06:49] - [2011-12-27 20:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll

[2009-07-13 17:09] - [2009-07-13 18:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll

[2009-07-13 16:36] - [2009-07-13 18:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.