WinMonitor.exe HELP!

adder · September 13, 2012

I have a virus on my computer called WinMonitor.exe, im not sure how i got it but i cant get rid of it. some times it plays random speechs and nothing is on the screen the only way i can stop the sound is by stopping the winmonitor.exe process. after about an hour it will come bk into my processes, i have tryed the deleting the WinMonitor.exe whitch is found in C:\Windows\SysWOW64\WinMointor.exe. I have tryed 3 different anti virus doing full scans and none can get rid of it (or even find it). i have tryed googleing it and sites say its a rbot xx worm. Can anyone help me please?

MrCharlie · September 13, 2012

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

adder · September 13, 2012

I will post results as soon as the WinMonitor comes bk again

adder · September 13, 2012

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by Connor at 0:36:20 on 2012-09-14

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8109.5073 [GMT 1:00]

.

AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2013\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\UnsignedThemesSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2013\avgfws.exe

C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe

C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Users\Connor\AppData\Local\Temp\ToolbarUpdater.exe

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

C:\Windows\SysWOW64\vmnat.exe

C:\Program Files\Common Files\WireHelpSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

E:\Program Files (x86)\Vmware\vmware-authd.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe

C:\Windows\SysWOW64\vmnetdhcp.exe

E:\Program Files (x86)\Vmware\vmware-hostd.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe

E:\Program Files (x86)\Origin\Origin.exe

E:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\RocketDock\RocketDock.exe

C:\Users\Connor\AppData\Roaming\Spotify\spotify.exe

C:\Users\Connor\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe

C:\Program Files (x86)\LOLReplay\LOLRecorder.exe

C:\Users\Connor\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Rainmeter\Rainmeter.exe

C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

E:\Programs\Clone drive\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files (x86)\Razer\Reclusa\razerhid.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Razer\Reclusa\razertra.exe

E:\Program Files (x86)\Vmware\vmware-tray.exe

C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe

C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\ProgramData\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\%Protector Process Name%.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

E:\My Documents\Visual Studio 2010\Projects\Projects\Shutdown Revamped - Copy\Shutdown Revamped\bin\Release\Shutdown Revamped.exe

C:\Windows\SysWOW64\WinMonitor.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = https://www.google.co.uk/

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = 122.72.28.14:80

uURLSearchHooks: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll

mURLSearchHooks: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll

mWinlogon: Userinit=userinit.exe,

BHO: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll

BHO: Shopping Assistant Plugin: {1631550f-191d-4826-b069-d9439253d926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-2923e76605da} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

BHO: SpecialSavings: {74f475fa-6c75-43bd-aab9-ecda6184f600} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Microsoft Web Test Recorder 10.0 Helper: {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - E:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office15\URLREDIR.DLL

BHO: Microsoft SPFS Browser Helper: {d0498e0a-45b7-42ae-a9aa-aba463dbd3bf} - C:\PROGRA~2\MIF5BA~1\Office15\GROOVEEX.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No File

TB: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll

EB: Web Test Recorder 10.0: {3142c289-f319-47f5-a594-a827028714c9} - mscoree.dll

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"

uRun: [EADM] "E:\Program Files (x86)\Origin\Origin.exe" -AutoStart

uRun: [steam] "E:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"

uRun: [spotify] "C:\Users\Connor\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart

uRun: [spotify Web Helper] "C:\Users\Connor\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [AirVideoServer] C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe

mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [VirtualCloneDrive] "E:\Programs\Clone drive\VirtualCloneDrive\VCDDaemon.exe" /s

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Reclusa] C:\Program Files (x86)\Razer\Reclusa\razerhid.exe

mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [vmware-tray] "E:\Program Files (x86)\Vmware\vmware-tray.exe"

mRun: [<NO NAME>]

mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

StartupFolder: C:\Users\Connor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Connor\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Connor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - E:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000

IE: Free YouTube Download - C:\Users\Connor\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm

IE: Se&nd to OneNote - E:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll

IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll

LSP: %SystemRoot%\system32\vsocklib.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{03FE2C1C-F2C5-4AD8-BA4D-06D128763AAD} : DhcpNameServer = 192.168.1.254

Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL

AppInit_DLLs: c:\progra~3\pcperf~1\22558~1.177\{16cdf~1\%prote~1.dll

SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll

BHO-X64: appbario8 Toolbar: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll

BHO-X64: appbario8 - No File

BHO-X64: Shopping Assistant Plugin: {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll

BHO-X64: PriceGong - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

BHO-X64: Lync Click to Call BHO - No File

BHO-X64: SpecialSavings: {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll

BHO-X64: SpecialSavings - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: Microsoft Web Test Recorder 10.0 Helper: {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - E:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office15\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Microsoft SPFS Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MIF5BA~1\Office15\GROOVEEX.DLL

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB-X64: {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No File

TB-X64: appbario8 Toolbar: {0CC09160-108C-4759-BAB1-5C12C216E005} - C:\Program Files (x86)\appbario8\prxtbappb.dll

EB-X64: {3142c289-f319-47f5-a594-a827028714c9} - No File

mRun-x64: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [VirtualCloneDrive] "E:\Programs\Clone drive\VirtualCloneDrive\VCDDaemon.exe" /s

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [Reclusa] C:\Program Files (x86)\Razer\Reclusa\razerhid.exe

mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [vmware-tray] "E:\Program Files (x86)\Vmware\vmware-tray.exe"

mRun-x64: [(Default)]

mRun-x64: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"

mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun-x64: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

AppInit_DLLs-X64: c:\progra~3\pcperf~1\22558~1.177\{16cdf~1\%prote~1.dll

SSODL-X64: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Connor\AppData\Roaming\Mozilla\Firefox\Profiles\xijqk7pu.default\

FF - prefs.js: browser.startup.homepage - www.youtube.com

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll

FF - plugin: C:\Users\Connor\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Users\Connor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\Connor\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll

FF - plugin: C:\Users\Connor\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Connor\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - plugin: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]

R0 Avgloga;AVG Logging Driver;C:\Windows\system32\DRIVERS\avgloga.sys --> C:\Windows\system32\DRIVERS\avgloga.sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]

R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]

R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-8-20 1286392]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-8-20 5751928]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-8-20 184304]

R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2012-5-5 57344]

R2 ESLWireAC;ESLWireAC;\??\C:\Windows\system32\drivers\ESLWireACD.sys --> C:\Windows\system32\drivers\ESLWireACD.sys [?]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-5 13592]

R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-1-31 375208]

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 15928]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-11 399432]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-11 676936]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-5 1258856]

R2 PC Performer Manager;PC Performer Manager;C:\ProgramData\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\%Protector Process Name%.exe [2012-8-6 1695776]

R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2012-5-5 114688]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-6-28 382312]

R2 TolbarUpdater;Toolbar Updater;C:\Users\Connor\AppData\Local\Temp\ToolbarUpdater.exe [2012-7-20 508416]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-5 2655768]

R2 UnsignedThemes;Unsigned Themes;C:\Windows\UnsignedThemesSvc.exe [2009-7-13 24168]

R2 uxpatch;uxpatch;\??\C:\Windows\system32\drivers\uxpatch.sys --> C:\Windows\system32\drivers\uxpatch.sys [?]

R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-21 846448]

R2 VMwareHostd;VMware Workstation Server;E:\Program Files (x86)\Vmware\vmware-hostd.exe [2011-8-22 11837440]

R2 WireHelpSvc;WireHelpSvc;C:\Program Files\Common Files\WireHelpSvc.exe [2012-6-19 168864]

R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]

R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RecFltr;Reclusa Keyboard;C:\Windows\system32\drivers\RecFltr.sys --> C:\Windows\system32\drivers\RecFltr.sys [?]

R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2012-7-24 10568]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 rzdaendpt;Razer DeathAdder end point;C:\Windows\system32\DRIVERS\rzdaendpt.sys --> C:\Windows\system32\DRIVERS\rzdaendpt.sys [?]

R3 rzudd;Razer Mouse Driver;C:\Windows\system32\DRIVERS\rzudd.sys --> C:\Windows\system32\DRIVERS\rzudd.sys [?]

R3 rzvkeyboard;Razer Virtual Keyboard Driver;C:\Windows\system32\DRIVERS\rzvkeyboard.sys --> C:\Windows\system32\DRIVERS\rzvkeyboard.sys [?]

R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-9 116648]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]

S3 Abyssus;Razer Abyssus;C:\Windows\system32\drivers\Abyssus.sys --> C:\Windows\system32\drivers\Abyssus.sys [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-5 250568]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]

S3 etdrv;etdrv;C:\Windows\etdrv.sys [2012-5-5 25640]

S3 fussvc;Windows App Certification Kit Fast User Switching Utility Service;C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-7-25 139776]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-9 116648]

S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-5-5 30528]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-6 114144]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-6-23 178784]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-6-23 5132888]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]

S3 tizeqdrv;tizeqdrv;C:\Users\Connor\AppData\Roaming\TZAC2\tizeq64.sys [2012-7-21 171704]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TunngleService;TunngleService;E:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-7-13 738152]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]

S3 VSPerfDrv110;Performance Tools Driver 11.0;E:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [2012-7-13 70264]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-09-13 20:16:18 -------- d-----w- C:\Users\Connor\AppData\Roaming\AVG

2012-09-13 20:16:14 -------- d-----w- C:\ProgramData\AVG

2012-09-13 20:16:09 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}

2012-09-13 18:20:12 128512 ----a-w- C:\Windows\SysWow64\WinMonitor.exe

2012-09-13 15:56:30 -------- d-----w- C:\ProgramData\Sophos

2012-09-13 15:56:23 73728 ----a-r- C:\Users\Connor\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-09-13 15:56:23 73728 ----a-r- C:\Users\Connor\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-09-13 15:56:23 73728 ----a-r- C:\Users\Connor\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe

2012-09-13 15:56:23 -------- d-----w- C:\Program Files (x86)\Sophos

2012-09-13 14:45:09 81920 ----a-w- C:\Windows\eSellerateControl350.dll

2012-09-13 14:45:09 356352 ----a-w- C:\Windows\eSellerateEngine.dll

2012-09-13 14:45:09 -------- d-----w- C:\Program Files (x86)\RBOTXXRemoval Tool

2012-09-13 13:11:27 -------- d-----w- C:\Users\Connor\AppData\Roaming\AVG2013

2012-09-13 13:10:44 -------- d-----w- C:\Users\Connor\AppData\Roaming\TuneUp Software

2012-09-13 13:10:32 -------- d--h--w- C:\$AVG

2012-09-13 13:10:32 -------- d-----w- C:\ProgramData\AVG2013

2012-09-13 13:10:26 -------- d-----w- C:\Program Files (x86)\AVG

2012-09-13 13:09:03 -------- d--h--w- C:\ProgramData\Common Files

2012-09-13 13:09:03 -------- d-----w- C:\Users\Connor\AppData\Local\MFAData

2012-09-13 13:09:03 -------- d-----w- C:\Users\Connor\AppData\Local\Avg2013

2012-09-13 13:09:03 -------- d-----w- C:\ProgramData\MFAData

2012-09-13 01:34:37 -------- d-----w- C:\Program Files\Microsoft Analysis Services

2012-09-13 01:34:37 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2012-09-13 01:29:54 -------- d-----w- C:\Program Files (x86)\MSECache

2012-09-13 01:12:21 -------- d-----w- C:\Program Files\CCleaner

2012-09-11 13:25:10 -------- d-sh--w- C:\ProgramData\DSS

2012-09-06 12:29:28 -------- d-----w- C:\Users\Connor\AppData\Local\Macromedia

2012-09-06 12:29:02 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2012-09-04 12:55:26 -------- d-----w- C:\Users\Connor\AppData\Local\Course_Planner_by_CJ

2012-09-04 11:53:05 -------- d-----w- C:\Users\Connor\AppData\Local\Temporary Projects

2012-09-03 17:35:49 178688 ----a-w- C:\Windows\SysWow64\unrar.dll

2012-09-03 17:35:46 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack

2012-09-03 12:55:06 -------- d-----w- C:\Users\Connor\AppData\Local\AirVideoServer

2012-09-03 12:55:05 -------- d--h--w- C:\jexepackres

2012-09-03 12:54:59 -------- d-----w- C:\Program Files (x86)\AirVideoServer

2012-09-02 10:58:50 -------- d-----w- C:\Users\Connor\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

2012-08-31 09:24:25 -------- d-----w- C:\Program Files (x86)\Microsoft WSE

2012-08-30 07:36:24 -------- d-----w- C:\JavaScripts

2012-08-30 07:12:34 -------- d-----w- C:\Users\Connor\AppData\Local\Opera

2012-08-29 15:56:59 98304 ----a-w- C:\Windows\SysWow64\smime3.dll

2012-08-29 15:56:59 30720 ----a-w- C:\Windows\SysWow64\xpcshell.exe

2012-08-29 15:56:59 163840 ----a-w- C:\Windows\SysWow64\softokn3.dll

2012-08-29 15:56:59 151552 ----a-w- C:\Windows\SysWow64\ssl3.dll

2012-08-29 15:56:59 14446592 ----a-w- C:\Windows\SysWow64\xul.dll

2012-08-29 15:56:59 12288 ----a-w- C:\Windows\SysWow64\xpcom.dll

2012-08-29 15:56:59 -------- d-----w- C:\Windows\SysWow64\plugins

2012-08-29 15:56:59 -------- d-----w- C:\Windows\SysWow64\components

2012-08-29 15:56:58 17864381 ----a-w- C:\Windows\SysWow64\libs.exe

2012-08-29 11:56:10 -------- d-----w- C:\Users\Connor\.VirtualBox

2012-08-29 11:55:46 224088 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys

2012-08-29 11:55:43 130904 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys

2012-08-26 14:57:10 -------- d-----w- C:\Users\Connor\AppData\Local\ImageUP_New

2012-08-25 19:06:12 3673600 ----a-w- C:\Windows\System32\DxtoryCodec64.dll

2012-08-25 19:06:12 3166720 ----a-w- C:\Windows\SysWow64\DxtoryCodec.dll

2012-08-24 15:11:54 -------- d-----w- C:\Program Files\Common Files\OFX

2012-08-24 02:05:00 143360 ----a-w- C:\Windows\SysWow64\rztouchdll.dll

2012-08-24 02:04:58 592384 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll

2012-08-24 02:04:56 165888 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll

2012-08-23 20:00:23 -------- d-----w- C:\Users\Connor\AppData\Local\Spotify

2012-08-23 20:00:12 -------- d-----w- C:\Users\Connor\AppData\Roaming\Spotify

2012-08-21 12:59:03 -------- d-----w- C:\Users\Connor\AppData\Roaming\FMRTEv5

2012-08-21 10:49:27 -------- d-----w- C:\Users\Connor\AppData\Roaming\Sports Interactive

2012-08-21 10:49:27 -------- d-----w- C:\Users\Connor\AppData\Local\Sports Interactive

2012-08-20 16:23:52 147288 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys

2012-08-18 19:55:41 -------- d-----w- C:\Users\Connor\AppData\Local\SIX_Projects

2012-08-18 19:04:23 -------- d-----w- C:\ProgramData\MySQL

2012-08-18 19:04:23 -------- d-----w- C:\Program Files\MySQL

2012-08-17 13:53:26 -------- d-----w- C:\ProgramData\Microsoft Visual Studio

2012-08-17 13:47:13 2562112 ----a-w- C:\ProgramData\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll

2012-08-17 13:47:07 -------- d-----w- C:\Windows\SysWow64\Visual Studio 2012Templates

2012-08-17 13:46:52 -------- d-----w- C:\Windows\SysWow64\Visual Studio 2012

2012-08-17 13:45:12 -------- d-----w- C:\Program Files\Application Verifier

2012-08-17 13:45:12 -------- d-----w- C:\Program Files (x86)\Application Verifier

2012-08-17 13:45:10 -------- d-----w- C:\ProgramData\Windows App Certification Kit

2012-08-17 13:44:48 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft

2012-08-17 13:44:42 -------- d-----w- C:\ProgramData\PreEmptive Solutions

2012-08-17 13:44:11 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET

2012-08-17 13:44:02 -------- d-----w- C:\Program Files (x86)\Microsoft Web Tools

2012-08-17 13:43:58 -------- d-----w- C:\Program Files\Microsoft

2012-08-17 13:43:51 -------- d-----w- C:\Program Files\IIS Express

2012-08-17 13:43:51 -------- d-----w- C:\Program Files (x86)\IIS Express

2012-08-17 13:43:41 -------- d-----w- C:\Program Files (x86)\NuGet

2012-08-17 13:43:39 -------- d-----w- C:\Program Files (x86)\Microsoft WCF Data Services

2012-08-17 13:43:37 -------- d-----w- C:\Program Files\IIS

2012-08-17 13:43:37 -------- d-----w- C:\Program Files (x86)\IIS

2012-08-17 13:43:00 -------- d-----w- C:\Program Files (x86)\Windows Kits

2012-08-17 13:41:22 -------- d-----w- C:\Program Files (x86)\HTML Help Workshop

2012-08-17 13:41:12 -------- d-----w- C:\Program Files (x86)\Microsoft Help Viewer

2012-08-17 13:40:56 -------- d-----w- C:\Windows\SysWow64\1033

2012-08-17 13:39:47 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules

2012-08-17 13:39:30 -------- d-----w- C:\Windows\System32\1033

2012-08-17 13:39:28 -------- d-----w- C:\Program Files\Microsoft Visual Studio 11.0

2012-08-17 12:47:02 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft

2012-08-17 12:47:02 -------- d-----w- C:\ProgramData\Package Cache

2012-08-17 10:59:30 0 ----a-w- C:\STFA420.tmp

2012-08-17 07:01:28 25600 ----a-w- C:\Windows\System32\drivers\rzdaendpt.sys

2012-08-17 07:01:26 6656 ----a-w- C:\Windows\System32\drivers\rzkbdhid.sys

2012-08-17 07:01:26 22528 ----a-w- C:\Windows\System32\drivers\rzvkeyboard.sys

2012-08-17 07:01:22 110592 ----a-w- C:\Windows\System32\drivers\rzudd.sys

2012-08-16 11:35:07 -------- d-----w- C:\Users\Connor\AppData\Local\CuBe_Laboratories

2012-08-16 09:45:22 209608 ----a-w- C:\Windows\SysWow64\tabctl32.ocx

2012-08-16 09:45:21 2271152 ----a-w- C:\Windows\SysWow64\Codejock.CommandBars.Unicode.v12.1.1.ocx

2012-08-16 09:45:21 132880 ----a-w- C:\Windows\SysWow64\MSINET.OCX

2012-08-16 09:45:21 109248 ----a-w- C:\Windows\SysWow64\mswinsck.ocx

2012-08-16 09:45:19 1779632 ----a-w- C:\Windows\SysWow64\Codejock.Controls.v12.1.1.ocx

2012-08-16 09:45:18 -------- d-----w- C:\Program Files (x86)\CoD RconTool

2012-08-15 07:54:49 -------- d-----w- C:\Program Files\Microsoft SQL Server

2012-08-15 00:18:04 -------- d-----w- C:\Program Files (x86)\FFsplit

.

==================== Find3M ====================

.

2012-09-13 21:58:46 25640 ----a-w- C:\Windows\gdrv.sys

2012-09-07 16:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-01 06:12:18 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-01 06:12:18 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-08-27 19:59:16 282472 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-08-27 19:59:16 282472 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-08-27 19:38:12 282472 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-08-14 19:59:08 4437 ----a-w- C:\STF58DC.tmp

2012-08-13 15:40:52 150880 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys

2012-08-12 19:27:09 21406720 ----a-w- C:\Windows\System32\imageres.dll

2012-08-12 19:12:39 2755072 ----a-w- C:\Windows\SysWow64\themeui.dll

2012-08-12 19:12:39 245760 ----a-w- C:\Windows\SysWow64\uxtheme.dll

2012-08-12 19:12:38 101072 ----a-w- C:\Windows\UTP.exe

2012-08-12 18:40:15 925184 ----a-w- C:\Windows\expstart.exe

2012-08-10 03:52:38 199520 ----a-w- C:\Windows\System32\drivers\avgtdia.sys

2012-08-10 03:52:34 105312 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys

2012-08-10 03:52:16 40288 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys

2012-08-09 12:56:42 230240 ----a-w- C:\Windows\System32\drivers\avgloga.sys

2012-08-09 12:56:34 60768 ----a-w- C:\Windows\System32\drivers\avgidsha.sys

2012-08-09 12:56:20 175968 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

2012-08-02 16:44:24 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2012-08-02 16:17:46 3130440 ----a-w- C:\Windows\SysWow64\pbsvc_blr.exe

2012-07-26 14:22:10 997336 ----a-w- C:\Windows\System32\vccorlib110d.dll

2012-07-25 19:32:00 98792 ----a-w- C:\Windows\SysWow64\vfrdvcompat.dll

2012-07-25 19:32:00 164200 ----a-w- C:\Windows\SysWow64\vrfcore.dll

2012-07-25 19:31:56 87328 ----a-w- C:\Windows\SysWow64\vfcompat.dll

2012-07-25 19:31:56 81592 ----a-w- C:\Windows\SysWow64\vfnet.dll

2012-07-25 19:31:56 61384 ----a-w- C:\Windows\SysWow64\vfnws.dll

2012-07-25 19:31:56 52032 ----a-w- C:\Windows\SysWow64\vfcuzz.dll

2012-07-25 19:31:56 40136 ----a-w- C:\Windows\SysWow64\vfntlmless.dll

2012-07-25 19:31:56 367392 ----a-w- C:\Windows\SysWow64\vfprintpthelper.dll

2012-07-25 19:31:56 353328 ----a-w- C:\Windows\SysWow64\vfbasics.dll

2012-07-25 19:31:56 306592 ----a-w- C:\Windows\SysWow64\vfprint.dll

2012-07-25 19:31:56 242776 ----a-w- C:\Windows\SysWow64\vfluapriv.dll

2012-07-25 19:31:56 21448 ----a-w- C:\Windows\SysWow64\cuzzapi.dll

2012-07-25 19:31:56 173520 ----a-w- C:\Windows\SysWow64\appverif.exe

2012-07-25 19:25:44 59848 ----a-w- C:\Windows\SysWow64\VSD3DRefDebug.dll

2012-07-25 19:25:28 713672 ----a-w- C:\Windows\SysWow64\d3d11_1sdklayers.dll

2012-07-25 19:25:28 609224 ----a-w- C:\Windows\SysWow64\d3d11ref.dll

2012-07-25 19:25:28 590792 ----a-w- C:\Windows\SysWow64\d3d11sdklayers.dll

2012-07-25 19:25:28 461256 ----a-w- C:\Windows\SysWow64\d3d10sdklayers.dll

2012-07-25 19:25:28 383944 ----a-w- C:\Windows\SysWow64\d3dref9.dll

2012-07-25 19:25:28 365512 ----a-w- C:\Windows\SysWow64\d3d10ref.dll

2012-07-25 19:25:28 277448 ----a-w- C:\Windows\SysWow64\d2d1debug1.dll

2012-07-25 19:25:28 232904 ----a-w- C:\Windows\SysWow64\dxcpl.exe

2012-07-25 19:25:28 102344 ----a-w- C:\Windows\SysWow64\dxgidebug.dll

2012-07-25 19:12:12 29128 ----a-w- C:\Windows\System32\microsoft.windows.softwarelogo.showdesktop.exe

2012-07-25 19:10:44 79304 ----a-w- C:\Windows\System32\VSD3DRefDebug.dll

2012-07-25 19:10:32 887240 ----a-w- C:\Windows\System32\d3d11_1sdklayers.dll

2012-07-25 19:10:32 749000 ----a-w- C:\Windows\System32\d3d11ref.dll

2012-07-25 19:10:32 713160 ----a-w- C:\Windows\System32\d3d11sdklayers.dll

2012-07-25 19:10:32 596936 ----a-w- C:\Windows\System32\d3d10sdklayers.dll

2012-07-25 19:10:32 461256 ----a-w- C:\Windows\System32\d3d10ref.dll

2012-07-25 19:10:32 446408 ----a-w- C:\Windows\System32\d3dref9.dll

2012-07-25 19:10:32 340936 ----a-w- C:\Windows\System32\d2d1debug1.dll

2012-07-25 19:10:32 127432 ----a-w- C:\Windows\System32\dxgidebug.dll

2012-07-25 19:10:30 246216 ----a-w- C:\Windows\System32\dxcpl.exe

2012-07-12 19:35:50 649216 ----a-w- C:\Windows\System32\ficvdec_x64.dll

2012-07-12 15:25:24 639488 ----a-w- C:\Windows\SysWow64\ficvdec_x86.dll

2012-07-11 14:52:05 87488 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll

2012-07-11 14:52:05 80800 ----a-w- C:\Windows\System32\LMIinit.dll

2012-07-11 14:52:05 34720 ----a-w- C:\Windows\System32\LMIport.dll

2012-07-08 23:40:10 864208 ----a-w- C:\Windows\SysWow64\msvcr110_clr0400.dll

2012-07-08 23:40:10 501712 ----a-w- C:\Windows\SysWow64\msvcp110_clr0400.dll

2012-07-08 23:40:10 28616 ----a-w- C:\Windows\SysWow64\aspnet_counters.dll

2012-07-08 23:40:10 17840 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll

2012-07-08 22:24:30 856016 ----a-w- C:\Windows\System32\msvcr110_clr0400.dll

2012-07-08 22:24:30 613840 ----a-w- C:\Windows\System32\msvcp110_clr0400.dll

2012-07-08 22:24:30 30160 ----a-w- C:\Windows\System32\aspnet_counters.dll

2012-07-08 22:24:30 17824 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll

2012-07-03 15:41:12 168864 ----a-w- C:\Program Files\Common Files\WireHelpSvc.exe

2012-07-03 15:41:04 147472 ----a-w- C:\Windows\System32\drivers\ESLWireACD.sys

2012-06-28 23:56:15 2667062 ----a-w- C:\Windows\System32\nvcoproc.bin

2012-06-28 23:55:57 3266408 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-06-28 23:55:46 6193000 ----a-w- C:\Windows\System32\nvcpl.dll

2012-06-28 23:55:40 118120 ----a-w- C:\Windows\System32\nvmctray.dll

2012-06-28 23:55:39 891240 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-06-28 23:55:39 63336 ----a-w- C:\Windows\System32\nvshext.dll

2012-06-28 16:44:42 428904 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2012-06-25 16:34:42 679936 ----a-w- C:\Windows\SysWow64\ficdecds_x86.dll

2012-06-25 16:28:04 695296 ----a-w- C:\Windows\System32\ficdecds_x64.dll

2012-06-23 17:20:36 31864 ----a-w- C:\Windows\System32\FM20ENU.DLL

2012-06-23 17:19:46 1592416 ----a-w- C:\Windows\System32\FM20.DLL

2012-06-22 23:13:42 41152 ----a-w- C:\Windows\System32\VEN2232.OLB

2012-06-18 16:58:32 700416 ----a-w- C:\Windows\System32\ficthumbhdlr_x64.dll

2012-06-18 16:58:28 693760 ----a-w- C:\Windows\SysWow64\ficthumbhdlr_x86.dll

.

============= FINISH: 0:36:44.68 ===============

Attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 05/05/2012 21:43:33

System Uptime: 13/09/2012 22:58:26 (2 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | Z68X-UD3H-B3

Processor: Intel® Core i7-2600K CPU @ 3.40GHz | Socket 1155 | 3701/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 112 GiB total, 35.142 GiB free.

D: is CDROM (UDF)

E: is FIXED (NTFS) - 596 GiB total, 29.43 GiB free.

F: is FIXED (NTFS) - 0 GiB total, 0.06 GiB free.

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Tools for .Net 3.5

@BIOS

µTorrent

Action!

Adobe After Effects CS6

Adobe AIR

Adobe Download Assistant

Adobe Dreamweaver CS6

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Help Manager

Adobe Media Player

Adobe Photoshop CS6

Adobe Reader X (10.1.4)

Adobe Widget Browser

Air Video Server 2.4.3

appbario8 Toolbar

Apple Application Support

Apple Software Update

ArmA II Launcher

ArnA 2: Combined Operations

AutoGreen B10.1021.1

AutoHotkey 1.0.48.05

AviSynth 2.5

AVISynthesizer

Batman Arkham City version 1.0

Battlefield 3™

BBC iPlayer Desktop

Blacklight: Retribution

Blend for Visual Studio 2012

Blend for Visual Studio 2012 ENU resources

Call of Duty® 2

Call of Duty® 2 Patch 1.3

Call of Duty® 4 - Modern Warfare

Call of Duty® 4 - Modern Warfare 1.6 Patch

Call of Duty® 4 - Modern Warfare 1.7 Patch

Call of Duty: Black Ops - Multiplayer

Camtasia Studio 7

Camtasia Studio 8

CoD RconTool

Counter-Strike: Global Offensive Beta

Counter-Strike: Source

Crypto Obfuscator For .Net 2012 R2

D3DX10

DC Universe Online

DebugMode FrameServer

DES 2.0

Diablo III

DisplayFusion 3.1.10

Dolby Home Theater v4

Dotfuscator and Analytics Community Edition

DotNetBar for Windows Forms

Dropbox

Dxtory version 2.0.114

EA SPORTS Game Face Browser Plugin 1.5.3.0

Easy Tune 6 B11.0823.1

Entity Framework Designer for Visual Studio 2012 - enu

ESN Sonar

Etron USB3.0 Host Controller

FFsplit

FIFA 12

FIFA 13 Demo

FileZilla Client 3.5.3

Football Manager 2012

Fraps (remove only)

Free Studio version 5.6.1.608

Google Talk Plugin

Google Update Helper

Grand Theft Auto: Episodes from Liberty City

GTA IV Vehicle Mod Installer v1.2

Gyazo 1.0

HD Tune Pro 5.00

Hotfix for Microsoft Visual Basic 2010 Express - ENU (KB2635973)

IconPackager

ImageShack Uploader 2.2.0

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Java Auto Updater

Java 7 Update 5

JavaFX 2.1.1

JDownloader 0.9

K-Lite Codec Pack 9.2.0 (Full)

League of Legends

LocalESPC

LocalESPCui for en-us

LogMeIn

LogMeIn Hamachi

LOLReplay

London 2012 The Official Video Game of the Olympic Games version 1.02

MacBurner

Magic Bullet Suite 64-bit

Malwarebytes Anti-Malware version 1.65.0.1400

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft .NET Framework 4.5 Multi-Targeting Pack

Microsoft .NET Framework 4.5 SDK

Microsoft Application Error Reporting

Microsoft ASP.NET MVC 3

Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update

Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools

Microsoft ASP.NET MVC 4 Runtime

Microsoft ASP.NET Web Pages

Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools

Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools

Microsoft ASP.NET Web Pages 2 Runtime

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Help Viewer 2.0

Microsoft LightSwitch for Visual Studio 2012 Core

Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU

Microsoft NuGet - Visual Studio 2012

Microsoft Office File Validation Add-In

Microsoft Portable Library Multi-Targeting Pack

Microsoft Portable Library Multi-Targeting Pack Language Pack - enu

Microsoft Report Viewer Add-On for Visual Studio 2012

Microsoft Silverlight 4 SDK

Microsoft Silverlight 5 SDK

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server 2012 Data-Tier App Framework

Microsoft SQL Server 2012 Management Objects

Microsoft SQL Server 2012 T-SQL Language Service

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Data Tools - enu (11.1.20627.00)

Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)

Microsoft SQL Server System CLR Types

Microsoft System CLR Types for SQL Server 2012

Microsoft Visual Basic 2010 Express - ENU

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219

Microsoft Visual C++ 2012 Compilers

Microsoft Visual C++ 2012 Compilers - ENU Resources

Microsoft Visual C++ 2012 Core Libraries

Microsoft Visual C++ 2012 Extended Libraries

Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727

Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

Microsoft Visual Studio 2010 Service Pack 1

Microsoft Visual Studio 2012 Devenv

Microsoft Visual Studio 2012 Devenv Resources

Microsoft Visual Studio 2012 IntelliTrace Core x86

Microsoft Visual Studio 2012 IntelliTrace Front End x86

Microsoft Visual Studio 2012 Preparation

Microsoft Visual Studio 2012 SharePoint Developer Tools

Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack

Microsoft Visual Studio 2012 Shell (Minimum)

Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies

Microsoft Visual Studio 2012 Shell (Minimum) Resources

Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU

Microsoft Visual Studio Premium 2012

Microsoft Visual Studio Premium 2012 - ENU

Microsoft Visual Studio Professional 2012

Microsoft Visual Studio Professional 2012 - ENU

Microsoft Visual Studio Team Foundation Server 2012 Team Explorer

Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU

Microsoft Visual Studio Ultimate 2012

Microsoft Visual Studio Ultimate 2012 - ENU

Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core

Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources

Microsoft Web Deploy dbSqlPackage Provider - enu

Microsoft Web Developer Tools - Visual Studio 2012

Microsoft WSE 3.0 Runtime

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mozilla Firefox 15.0.1 (x86 en-US)

Mozilla Maintenance Service

MSI Afterburner 2.2.3

MSVCRT

MySQL Connector/Net 5.0.9

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

ON_OFF Charge B11.0110.1

Opera 12.02

Origin

Pando Media Booster

PC Performer Manager

PDF Settings CS6

PreEmptive Analytics Visual Studio Components

PremiumSoft Navicat Premium 10.1

Prerequisites for SSDT

PriceGong 2.6.4

Pro Evolution Soccer 2012

Pro Evolution Soccer 2013 DEMO

PunkBuster Services

Quake Live Mozilla Plugin

QuickTime

Rainmeter

Razer Reclusa Config

Razer Synapse 2.0

RBOTXXRemoval Tool

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

RocketDock 1.3.5

Rockstar Games Social Club

Six Updater

Skype™ 5.10

Smart 6 B11.0824.1

Sophos Virus Removal Tool

Source SDK Base 2007

SpecialSavings

Spotify

Steam

System Requirements Lab CYRI

Team Fortress 2

The Amazing Spider-Man

The Sims™ 3

The Sims™ 3 Ambitions

The Sims™ 3 Fast Lane Stuff

The Sims™ 3 Generations

The Sims™ 3 High-End Loft Stuff

The Sims™ 3 Late Night

The Sims™ 3 World Adventures

tools-freebsd

tools-linux

tools-netware

tools-solaris

tools-windows

tools-winPre2k

TriDef 3D (LG 3D Monitor) 1.6.2

Tunngle beta

TweetDeck

TZAC ANTICHEAT 2

Unity

Unity Web Player

VC80CRTRedist - 8.0.50727.6195

Vicon boujou 5.0

VirtualCloneDrive

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

Visual Studio Extensions for Windows Library for JavaScript

VLC media player 2.0.2

VMware Workstation

WCF Data Services 5.0 (for OData v3) Primary Components

WCF Data Services Tools for Microsoft Visual Studio 2012

WCF RIA Services V1.0 SP2

Windows App Certification Kit x64

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Runtime Intellisense Content - en-us

Windows Software Development Kit

Windows Software Development Kit DirectX x86 Remote

Windows Software Development Kit for Windows Store Apps

Windows Software Development Kit for Windows Store Apps DirectX x86 Remote

Wirecast

x264vfw - H.264/MPEG-4 AVC codec (remove only)

Xfire (remove only)

XSplit

You2Mp3

.

==== Event Viewer Messages From Past Week ========

.

13/09/2012 22:58:45, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

13/09/2012 15:13:22, Error: Service Control Manager [7024] - The AVG Firewall service terminated with service-specific error %%-536805289.

11/09/2012 23:13:12, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Microsoft Antimalware Service service, but this action failed with the following error: An instance of the service is already running.

11/09/2012 23:12:57, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

.

==== End Of File ===========================

adder · September 13, 2012

RogueKiller V8.0.3 [09/13/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Connor [Admin rights]

Mode : Scan -- Date : 09/14/2012 00:45:04

¤¤¤ Bad processes : 3 ¤¤¤

[sUSP PATH] ToolbarUpdater.exe -- C:\Users\Connor\AppData\Local\Temp\ToolbarUpdater.exe -> KILLED [TermProc]

[sUSP PATH] %Protector Process Name%.exe -- C:\ProgramData\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\%Protector Process Name%.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 12 ¤¤¤

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (122.72.28.14:80) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 validation.sls.microsoft.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Corsair Force 3 SSD +++++

--- User ---

[MBR] ac3c6266dae535fa3c03e62dcc9ae701

[bSP] 2bf3235f40c36aef4365bcdf102723c3 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD6400AAKS-65A7B2 +++++

--- User ---

[MBR] a4f9e16c925dad25e37b3b5e2563a9b8

[bSP] b5fd481fa8d29a2f01902c346f1dccba : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 610378 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[3].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

MrCharlie · September 14, 2012

Before we proceed further, please uninstall or disable uTorrent and any other peer-to-peer filesharing app.

Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against the forums policy concerning P2P programs:

http://forums.malwar...showtopic=97700

~~~~~~~~~~~~~~~~~~~

This proxy setting is from China > is it familiar to you??

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (122.72.28.14:80) -> FOUND

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Run RogueKiller again and click Scan

When the scan completes > click on the Processes tab

Put a check next to all of these and uncheck the rest: (if found)

[sUSP PATH] ToolbarUpdater.exe -- C:\Users\Connor\AppData\Local\Temp\ToolbarUpdater.exe -> KILLED [TermProc]
[sUSP PATH] %Protector Process Name%.exe -- C:\ProgramData\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\%Protector Process Name%.exe -> KILLED [TermProc]
[sUSP PATH] %Protector Process Name%.exe -- C:\ProgramData\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\%Protector Process Name%.exe -> KILLED [TermProc]

Now click Delete on the right hand column under Options

~~~~~~~~~~~~~~~~~~

Please download AdwCleaner from here and save it on your Desktop.

Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
Now click on the Search tab.
Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

MrC

adder · September 14, 2012

No that proxy is not familiar to me, and i have utorrent disabled atm

adder · September 14, 2012

# AdwCleaner v2.001 - Logfile created 09/14/2012 at 01:22:50

# Updated 09/09/2012 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)

# User : Connor - CONNOR-PC

# Boot Mode : Normal

# Running from : C:\Users\Connor\AppData\Local\Opera\Opera\temporary_downloads\adwcleaner.exe

# Option [search]

***** [services] *****

Found : PC Performer Manager

***** [Files / Folders] *****

File Found : C:\user.js

Folder Found : C:\Program Files (x86)\appbario8

Folder Found : C:\Program Files (x86)\Conduit

Folder Found : C:\Program Files (x86)\PriceGong

Folder Found : C:\ProgramData\Babylon

Folder Found : C:\ProgramData\IBUpdaterService

Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong

Folder Found : C:\ProgramData\pc performer manager

Folder Found : C:\Users\Connor\AppData\Local\Conduit

Folder Found : C:\Users\Connor\AppData\LocalLow\appbario8

Folder Found : C:\Users\Connor\AppData\LocalLow\Conduit

Folder Found : C:\Users\Connor\AppData\LocalLow\PriceGong

Folder Found : C:\Users\Connor\AppData\Roaming\Babylon

***** [Registry] *****

Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\pcperf~1\22558~1.177\{16cdf~1\%prote~1.dll

Key Found : HKCU\Software\AppDataLow\Software\appbario8

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Found : HKCU\Software\AppDataLow\Software\Crossrider

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\AppDataLow\Toolbar

Key Found : HKCU\Software\bProtector

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\DataMngr

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0CC09160-108C-4759-BAB1-5C12C216E005}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0CC09160-108C-4759-BAB1-5C12C216E005}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Found : HKCU\Software\Softonic

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKLM\Software\appbario8

Key Found : HKLM\Software\Babylon

Key Found : HKLM\Software\bProtector

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Found : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL

Key Found : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO

Key Found : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1

Key Found : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl

Key Found : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3227982

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\DataMngr

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{17FBAC21-3A8E-43BD-AB17-F02E52037EDB}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0CC09160-108C-4759-BAB1-5C12C216E005}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{17FBAC21-3A8E-43BD-AB17-F02E52037EDB}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{55B0F3CD-674A-4EF4-9567-7070EB355417}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F90AC234-B2F6-4D46-8F2C-AE39C0C61CE0}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CC09160-108C-4759-BAB1-5C12C216E005}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\appbario8 Toolbar

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong

Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Key Found : HKU\S-1-5-21-4049693206-307642123-4052685644-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0CC09160-108C-4759-BAB1-5C12C216E005}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0CC09160-108C-4759-BAB1-5C12C216E005}]

Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{8a9386b4-e958-4c4c-adf4-8f26db3e4829}]

Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0CC09160-108C-4759-BAB1-5C12C216E005}]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{0CC09160-108C-4759-BAB1-5C12C216E005}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default

File : C:\Users\Connor\AppData\Roaming\Mozilla\Firefox\Profiles\xijqk7pu.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.12] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=4e2b53d100000000000050e549cbe3c5" ]

Found [l.2032] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=4e2b53d100000000000050e549cbe3c5" ]

-\\ Opera v12.2.1578.0

File : C:\Users\Connor\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8167 octets] - [14/09/2012 01:22:50]

########## EOF - C:\AdwCleaner[R1].txt - [8227 octets] ##########

MrCharlie · September 14, 2012

OK, run RogueKiller again and click "Fix Proxy" on the right hand side.

~~~~~~~~~~~~~~~~~~~~

Please re-run AdwCleaner
Click on Delete button.
Confirm each time with OK.
Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

MrC

adder · September 14, 2012

# AdwCleaner v2.001 - Logfile created 09/14/2012 at 01:51:29

# Updated 09/09/2012 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)

# User : Connor - CONNOR-PC

# Boot Mode : Normal

# Running from : C:\Users\Connor\AppData\Local\Opera\Opera\temporary_downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : PC Performer Manager

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\pc performer manager

File Deleted : C:\user.js

Folder Deleted : C:\Program Files (x86)\appbario8

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\PriceGong

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\IBUpdaterService

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong

Folder Deleted : C:\Users\Connor\AppData\Local\Conduit

Folder Deleted : C:\Users\Connor\AppData\LocalLow\appbario8

Folder Deleted : C:\Users\Connor\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Connor\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Connor\AppData\Roaming\Babylon

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\pcperf~1\22558~1.177\{16cdf~1\%prote~1.dll

Key Deleted : HKCU\Software\AppDataLow\Software\appbario8

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\bProtector

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0CC09160-108C-4759-BAB1-5C12C216E005}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0CC09160-108C-4759-BAB1-5C12C216E005}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKLM\Software\appbario8

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\bProtector

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL

Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO

Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1

Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl

Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3227982

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{17FBAC21-3A8E-43BD-AB17-F02E52037EDB}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0CC09160-108C-4759-BAB1-5C12C216E005}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{17FBAC21-3A8E-43BD-AB17-F02E52037EDB}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{55B0F3CD-674A-4EF4-9567-7070EB355417}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F90AC234-B2F6-4D46-8F2C-AE39C0C61CE0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CC09160-108C-4759-BAB1-5C12C216E005}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\appbario8 Toolbar

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0CC09160-108C-4759-BAB1-5C12C216E005}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0CC09160-108C-4759-BAB1-5C12C216E005}]

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{8a9386b4-e958-4c4c-adf4-8f26db3e4829}]

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0CC09160-108C-4759-BAB1-5C12C216E005}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{0CC09160-108C-4759-BAB1-5C12C216E005}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-21-4049693206-307642123-4052685644-1003\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default

File : C:\Users\Connor\AppData\Roaming\Mozilla\Firefox\Profiles\xijqk7pu.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=4e2b53d100000000000050e549cbe3c5" ]

Deleted [l.2032] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=4e2b53d100000000000050e549cbe3c5" ]

-\\ Opera v12.2.1578.0

File : C:\Users\Connor\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8266 octets] - [14/09/2012 01:22:50]

AdwCleaner[R2].txt - [8326 octets] - [14/09/2012 01:24:18]

AdwCleaner[R3].txt - [8386 octets] - [14/09/2012 01:51:09]

AdwCleaner[s1].txt - [8946 octets] - [14/09/2012 01:51:29]

########## EOF - C:\AdwCleaner[s1].txt - [9006 octets] ##########

MrCharlie · September 14, 2012

Any improvement??

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

adder · September 14, 2012

I am going to do a full scan but i wont be able to post results untill tomorrow as i need to get some sleep.

MrCharlie · September 14, 2012

OK, let me know.....MrC

adder · September 14, 2012

I ran the scan and it found nothing and the WinMonitor.exe is still there

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.14.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Connor :: CONNOR-PC [administrator]

14/09/2012 17:25:48

mbam-log-2012-09-14 (17-25-48).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 246073

Time elapsed: 35 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

MrCharlie · September 14, 2012

I ran the scan and it found nothing and the WinMonitor.exe is still there

I'm not sure what you mean by this, can you explain. MrC

adder · September 14, 2012

I ran the MBAM scan and it showed not infected but the WinMonitor.exe process is still running.

MrCharlie · September 14, 2012

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassoci...T-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following


:Files
C:\Windows\SysWow64\WinMonitor.exe
:Commands
[EMPTYJAVA]
[emptytemp]
[EMPTYFLASH]

Then click the Run Fix button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

adder · September 14, 2012

OTL LOG:

All processes killed

========== FILES ==========

File move failed. C:\Windows\SysWow64\WinMonitor.exe scheduled to be moved on reboot.

========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Connor

->Java cache emptied: 2220857 bytes

User: Default

User: Default User

User: LogMeInRemoteUser

User: Public

User: UpdatusUser

Total Java Files Cleaned = 2.00 mb

[EMPTYTEMP]

User: All Users

User: Connor

->Temp folder emptied: 269677093 bytes

->Temporary Internet Files folder emptied: 107363694 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 84222144 bytes

->Google Chrome cache emptied: 241829998 bytes

->Opera cache emptied: 21372858 bytes

->Flash cache emptied: 64061 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56466 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 41620 bytes

User: Public

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 4437 bytes

%systemroot% .tmp files removed: 893382 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 103569 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46356671 bytes

RecycleBin emptied: 2733120 bytes

Total Files Cleaned = 739.00 mb

[EMPTYFLASH]

User: All Users

User: Connor

->Flash cache emptied: 0 bytes

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser

->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.56.0 log created on 09142012_175914

Files\Folders moved on Reboot...

C:\Windows\SysWow64\WinMonitor.exe moved successfully.

C:\Users\Connor\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File move failed. C:\Users\Connor\AppData\Local\Temp\ToolbarUpdater.exe scheduled to be moved on reboot.

C:\Windows\temp\vmware-SYSTEM-547588340\vmauthd.log moved successfully.

C:\Windows\temp\vmware-SYSTEM-547588340\vmware-usbarb-SYSTEM-3204.log moved successfully.

PendingFileRenameOperations files...

File C:\Windows\SysWow64\WinMonitor.exe not found!

File C:\Users\Connor\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

[2012/07/20 14:12:37 | 000,508,416 | ---- | M] () C:\Users\Connor\AppData\Local\Temp\ToolbarUpdater.exe : MD5=98A80733C6E66B043DBC638CA25FAB0F

File C:\Windows\temp\vmware-SYSTEM-547588340\vmauthd.log not found!

File C:\Windows\temp\vmware-SYSTEM-547588340\vmware-usbarb-SYSTEM-3204.log not found!

Registry entries deleted on Reboot...

MrCharlie · September 14, 2012

Should be gone now, MrC

adder · September 14, 2012

it has came back, the WinMonitor.exe process

adder · September 14, 2012

what should i do now? the WinMonitor.exe is still here

MrCharlie · September 14, 2012

Lets establish that it's malware and not part of another program:

Please find this file and upload to VirusTotal for a free scan, let me know the results (just copy back the url)

http://www.virustotal.com/

C:\Windows\SysWow64\WinMonitor.exe

MrC

adder · September 14, 2012

I dont know if the file itself is a virus but it plays sounds randomly though the process, i know this because when the sounds are playing and i close this it stops the sounds, and if it wasnt a virus i would be able to remove, it keeps coming bk even after i stopped the process and deleted the file.

https://www.virustotal.com/file/29dfb2b98b876320ab771be711330dc70de523a7b441f5f587828258e662b282/analysis/1347652282/

adder · September 14, 2012

it also uses a lot of resouces which seem to increase over time

MrCharlie · September 14, 2012

That file is clean but lets run some scans.......

Please read the directions carefully so you don't end up deleting something that is good!!

Please download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Put a checkmark beside loaded modules.
A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on Change parameters in TDSSKiller.
Check all boxes then click OK.
Click the Start Scan button.
The scan should take no longer than 2 minutes.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

WinMonitor.exe HELP!

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information