Jump to content

Recommended Posts

Ok. I start my pc up. I get this error. SFX Self Extractor has stopped working, then the details are APP CRASH and points to csrss.exe

I have run MWB and selected fix and it still does this.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6883

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

Friday, 17 June 2011 10:16:21 PM

mbam-log-2011-06-17 (22-16-21).txt

Scan type: Quick scan

Objects scanned: 172918

Time elapsed: 1 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 4

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{16MS825V-41SY-N428-V460-I2X7PSM8SJA7} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{16MS825V-41SY-N428-V460-I2X7PSM8SJA7} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Internet Explorer (Trojan.Agent) -> Value: Internet Explorer -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKLM (Trojan.Agent) -> Value: HKLM -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Internet Explorer (Trojan.Agent) -> Value: Internet Explorer -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU (Trojan.Agent) -> Value: HKCU -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Jono\downloads\installer_winarchiver_2_1_english.exe (PUP.SmsPay.PGen) -> Quarantined and deleted successfully.

c:\Users\Jono\downloads\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

c:\Users\Jono\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.

c:\Users\Jono\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\Jono\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.

c:\programdata (x86)\windows backup settings\Restore\csrss\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.

DDS (Ver_2011-06-12.02) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24

Run by Jono at 2:17:58 on 2011-06-18

Microsoft Windows 7 NVIDIA 2010 6.1.7601.1.1252.1.1033.18.6135.3911 [GMT 2:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\a-squared Free\a2service.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\NetLimiter 3\nlsvc.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\alg.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\NetLimiter 3\NLClientApp.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Users\Jono\Downloads\nunr7ry2.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe,

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray

uRun: [HKCU] C:\ProgramData (x86)\Windows Backup Settings\Restore\csrss\csrss.exe

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [ChallengerPro] "C:\Program Files (x86)\Thermaltake Challenger Pro\Ttsystray.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

mRun: [HKLM] C:\ProgramData (x86)\Windows Backup Settings\Restore\csrss\csrss.exe

dRun: [Welcome Center] C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut

dRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uExplorerRun: [internet Explorer] C:\ProgramData (x86)\Windows Backup Settings\Restore\csrss\csrss.exe

mExplorerRun: [internet Explorer] C:\ProgramData (x86)\Windows Backup Settings\Restore\csrss\csrss.exe

uPolicies-explorer: NoResolveTrack = 1 (0x1)

uPolicies-explorer: NoSMBalloonTip = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

dPolicies-explorer: NoResolveTrack = 1 (0x1)

dPolicies-explorer: NoSMBalloonTip = 1 (0x1)

IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: Interfaces\{737AE3AE-F9CB-4557-9DBC-E2B01B097FF4} : NameServer = 168.210.2.2 196.14.239.2

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

mASetup: {16MS825V-41SY-N428-V460-I2X7PSM8SJA7} - C:\ProgramData (x86)\Windows Backup Settings\Restore\csrss\csrss.exe

BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll

BHO-X64: btorbit.com - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun-x64: [ChallengerPro] "C:\Program Files (x86)\Thermaltake Challenger Pro\Ttsystray.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

mRun-x64: [HKLM] C:\ProgramData (x86)\Windows Backup Settings\Restore\csrss\csrss.exe

IE-X64: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Jono\AppData\Roaming\Mozilla\Firefox\Profiles\53amyy7w.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.za/

FF - component: C:\Program Files (x86)\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll

FF - plugin: C:\Users\Jono\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 nltdi;nltdi;C:\Program Files\NetLimiter 3\nltdi.sys [2011-3-21 88200]

R2 a2free;a-squared Free Service;C:\Program Files (x86)\a-squared Free\a2service.exe [2011-6-17 1872320]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-5-21 42184]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-4-26 2214504]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-20 378472]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-4-1 428640]

R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

R3 NLNdisMP;NLNdisMP;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 ENTECH64;ENTECH64;\??\C:\Windows\system32\DRIVERS\ENTECH64.sys --> C:\Windows\system32\DRIVERS\ENTECH64.sys [?]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Users\Public\Everest\kerneld.amd64 [2011-4-22 27264]

S3 FLASHSYS;FLASHSYS;C:\Program Files (x86)\MSI\Live Update 4\LU4\Flashsys64.sys [2011-3-5 15192]

S3 NLNdisPT;NetLimiter Ndis Protocol Service;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-06-17 23:50:00 -------- d-----w- C:\ProgramData (x86)

2011-06-17 21:17:09 388096 ----a-r- C:\Users\Jono\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-06-17 21:17:08 -------- d-----w- C:\Program Files (x86)\Trend Micro

2011-06-17 20:40:25 -------- d-----w- C:\Program Files (x86)\a-squared Free

2011-06-17 20:13:43 -------- d-----w- C:\Users\Jono\AppData\Roaming\Malwarebytes

2011-06-17 20:13:39 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-06-17 20:13:38 -------- d-----w- C:\ProgramData\Malwarebytes

2011-06-17 20:13:35 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-06-17 20:13:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-06-17 12:40:10 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{817FAD5F-A37C-4949-8C7D-AFE0876C227C}\mpengine.dll

2011-06-17 12:37:47 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2011-06-17 12:37:45 467456 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-06-17 12:37:45 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-06-17 12:37:45 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2011-06-17 12:37:44 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2011-06-17 12:37:44 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll

2011-06-17 12:36:44 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-06-17 12:36:44 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-06-17 12:36:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-06-17 12:36:32 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-06-17 12:36:23 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe

2011-06-17 12:36:23 31232 ----a-w- C:\Windows\System32\prevhost.exe

2011-06-16 12:30:03 327168 ----a-w- C:\Windows\IsUninst.exe

2011-06-16 12:29:45 -------- d-----w- C:\Program Files (x86)\Setup Files

2011-06-12 07:35:13 -------- d-----w- C:\Program Files (x86)\osu!

2011-06-12 07:33:36 -------- d-----w- C:\Users\Jono\AppData\Roaming\Downloaded Installations

2011-06-11 10:01:58 -------- d-----w- C:\ProgramData\Skype Extras

2011-06-10 04:08:44 -------- d-----w- C:\Users\Jono\AppData\Roaming\wargaming.net

2011-06-10 04:00:49 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-10 03:59:34 -------- d-----w- C:\Games

2011-06-05 09:33:59 -------- d-----w- C:\Users\Jono\AppData\Roaming\Rovio

2011-06-05 09:30:47 -------- d-----w- C:\Program Files (x86)\Rovio

2011-05-29 15:48:30 -------- d-----w- C:\Users\Jono\AppData\Roaming\go

2011-05-29 15:48:29 -------- d-----w- C:\ProgramData\Easybits GO

2011-05-29 13:33:32 -------- d-----w- C:\Windows\pss

2011-05-27 15:44:15 -------- d-----w- C:\Users\Jono\AppData\Local\LogiShrd

2011-05-27 15:42:43 53248 ----a-r- C:\Users\Jono\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-05-27 15:41:39 -------- d-----w- C:\Program Files (x86)\Common Files\LWS

2011-05-25 18:10:20 -------- d-----w- C:\Users\Jono\AppData\Roaming\Paltalk

2011-05-25 18:10:18 -------- d-----w- C:\Windows\Paltalk Messenger

2011-05-25 18:10:18 -------- d-----w- C:\Program Files (x86)\Paltalk Messenger

2011-05-25 15:20:11 139264 ----a-w- C:\Windows\War3Unin.exe

2011-05-23 17:56:28 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2011-05-23 17:56:28 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll

2011-05-23 17:56:28 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2011-05-23 17:56:16 -------- d-----w- C:\Program Files\iPod

2011-05-23 17:56:15 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2011-05-23 17:56:15 -------- d-----w- C:\Program Files\iTunes

2011-05-23 17:56:15 -------- d-----w- C:\Program Files (x86)\iTunes

2011-05-23 17:54:38 -------- d-----w- C:\Program Files\Bonjour

2011-05-23 17:54:38 -------- d-----w- C:\Program Files (x86)\Bonjour

2011-05-22 12:08:17 -------- d-----w- C:\Program Files (x86)\EA GAMES

2011-05-22 12:07:23 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe

2011-05-22 11:54:24 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll

2011-05-22 11:54:24 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll

2011-05-22 11:54:24 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll

2011-05-22 11:54:24 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll

2011-05-22 11:54:19 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll

2011-05-22 11:54:19 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll

2011-05-21 05:50:11 -------- d-----w- C:\Users\Jono\AppData\Local\Thunderbird

2011-05-20 20:35:28 304744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

.

==================== Find3M ====================

.

2011-06-17 22:40:25 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2011-06-17 22:40:25 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2011-06-16 15:00:51 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2011-05-28 03:06:58 3135488 ----a-w- C:\Windows\System32\win32k.sys

2011-05-24 17:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-05-10 12:10:59 40112 ----a-w- C:\Windows\avastSS.scr

2011-05-10 12:04:08 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2011-05-10 11:59:48 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-05-03 18:16:56 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2011-05-03 10:49:41 2434856 ----a-w- C:\Windows\SysWow64\pbsvc_bc2.exe

2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys

2011-04-23 01:29:25 2303488 ----a-w- C:\Windows\System32\jscript9.dll

2011-04-23 01:19:19 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-04-22 23:35:56 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-04-22 23:25:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-04-22 17:25:02 372736 ----a-w- C:\Windows\System32\NVUNINST.EXE

2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-04-08 11:28:58 41872 ----a-w- C:\Windows\SysWow64\xfcodec.dll

2011-04-08 11:28:58 27536 ----a-w- C:\Windows\System32\xfcodec64.dll

2011-04-08 05:14:00 1619048 ----a-w- C:\Windows\System32\nvdispco6420140.dll

2011-04-08 05:14:00 1404008 ----a-w- C:\Windows\System32\nvgenco642060.dll

2011-04-07 21:19:16 2582120 ----a-w- C:\Windows\System32\nvsvcr.dll

2011-04-06 14:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll

2011-04-06 14:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll

2011-04-06 14:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll

2011-04-06 14:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe

2011-04-06 14:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll

2011-04-06 14:20:16 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll

2011-04-06 14:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll

2011-04-06 14:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe

2011-04-04 10:20:22 254528 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2011-04-01 05:10:46 539232 ----a-w- C:\Windows\SysWow64\LVUI2RC.dll

2011-04-01 05:10:24 543328 ----a-w- C:\Windows\SysWow64\LVUI2.dll

2011-04-01 05:08:36 301664 ----a-w- C:\Windows\SysWow64\lvcodec2.dll

2011-04-01 05:07:54 4184672 ----a-w- C:\Windows\System32\drivers\lvuvc64.sys

2011-04-01 05:07:30 559712 ----a-w- C:\Windows\System32\LVUIRC64.dll

2011-04-01 05:07:08 767584 ----a-w- C:\Windows\System32\LVUI64.dll

2011-04-01 05:07:02 10877272 ----a-w- C:\Windows\SysWow64\LogiDPP.dll

2011-04-01 05:07:02 10877272 ----a-w- C:\Windows\System32\LogiDPP.dll

2011-04-01 05:07:02 102744 ----a-w- C:\Windows\SysWow64\LogiDPPApp.exe

2011-04-01 05:07:02 102744 ----a-w- C:\Windows\System32\LogiDPPApp.exe

2011-04-01 05:06:56 331608 ----a-w- C:\Windows\SysWow64\DevManagerCore.dll

2011-04-01 05:06:56 331608 ----a-w- C:\Windows\System32\DevManagerCore.dll

2011-04-01 05:06:22 341856 ----a-w- C:\Windows\System32\drivers\lvrs64.sys

2011-04-01 05:05:38 261728 ----a-w- C:\Windows\System32\lvco13251014.dll

2011-04-01 05:05:16 172128 ----a-w- C:\Windows\System32\lvcod64.dll

2011-04-01 04:56:20 39318 ----a-w- C:\Windows\System32\Repository.reg

2011-03-29 19:05:34 21504 ----a-w- C:\Windows\jestertb.dll

2011-03-22 22:02:22 15192 ----a-w- C:\Windows\System32\drivers\iKeyLFT264.dll

2011-03-21 14:44:30 33416 ----a-w- C:\Windows\System32\drivers\nlndis.sys

2011-03-21 11:22:06 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll

2011-03-21 11:22:06 452200 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys

2011-03-21 11:22:06 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll

.

============= FINISH: 2:18:42.03 ===============

Re did DDS as the processes did not show on the previous one,

.

DDS (Ver_2011-06-12.02) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24

Run by Jono at 2:40:32 on 2011-06-18

Microsoft Windows 7 NVIDIA 2010 6.1.7601.1.1252.1.1033.18.6135.4458 [GMT 2:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\a-squared Free\a2service.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\NetLimiter 3\nlsvc.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\NetLimiter 3\NLClientApp.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Thermaltake Challenger Pro\Ttsystray.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\ProgramData (x86)\Windows Backup Settings\Restore\csrss\csrss.exe

C:\ProgramData (x86)\Windows Backup Settings\Restore\csrss\csrss.exe

C:\ProgramData (x86)\Windows Backup Settings\Restore\csrss\csrss.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe,

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray

uRun: [HKCU] C:\ProgramData (x86)\Windows Backup Settings\Restore\csrss\csrss.exe

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [ChallengerPro] "C:\Program Files (x86)\Thermaltake Challenger Pro\Ttsystray.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun: [HKLM] C:\ProgramData (x86)\Windows Backup Settings\Restore\csrss\csrss.exe

dRun: [Welcome Center] C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut

dRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uExplorerRun: [internet Explorer] C:\ProgramData (x86)\Windows Backup Settings\Restore\csrss\csrss.exe

mExplorerRun: [internet Explorer] C:\ProgramData (x86)\Windows Backup Settings\Restore\csrss\csrss.exe

uPolicies-explorer: NoResolveTrack = 1 (0x1)

uPolicies-explorer: NoSMBalloonTip = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

dPolicies-explorer: NoResolveTrack = 1 (0x1)

dPolicies-explorer: NoSMBalloonTip = 1 (0x1)

IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: Interfaces\{737AE3AE-F9CB-4557-9DBC-E2B01B097FF4} : NameServer = 168.210.2.2 196.14.239.2

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

mASetup: {16MS825V-41SY-N428-V460-I2X7PSM8SJA7} - C:\ProgramData (x86)\Windows Backup Settings\Restore\csrss\csrss.exe

BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll

BHO-X64: btorbit.com - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun-x64: [ChallengerPro] "C:\Program Files (x86)\Thermaltake Challenger Pro\Ttsystray.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun-x64: [HKLM] C:\ProgramData (x86)\Windows Backup Settings\Restore\csrss\csrss.exe

IE-X64: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 nltdi;nltdi;C:\Program Files\NetLimiter 3\nltdi.sys [2011-3-21 88200]

R2 a2free;a-squared Free Service;C:\Program Files (x86)\a-squared Free\a2service.exe [2011-6-17 1872320]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-5-21 42184]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-4-26 2214504]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-20 378472]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-4-1 428640]

R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

R3 NLNdisMP;NLNdisMP;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 ENTECH64;ENTECH64;\??\C:\Windows\system32\DRIVERS\ENTECH64.sys --> C:\Windows\system32\DRIVERS\ENTECH64.sys [?]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Users\Public\Everest\kerneld.amd64 [2011-4-22 27264]

S3 FLASHSYS;FLASHSYS;C:\Program Files (x86)\MSI\Live Update 4\LU4\Flashsys64.sys [2011-3-5 15192]

S3 NLNdisPT;NetLimiter Ndis Protocol Service;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-06-17 23:50:00 -------- d-----w- C:\ProgramData (x86)

2011-06-17 21:17:09 388096 ----a-r- C:\Users\Jono\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-06-17 21:17:08 -------- d-----w- C:\Program Files (x86)\Trend Micro

2011-06-17 20:40:25 -------- d-----w- C:\Program Files (x86)\a-squared Free

2011-06-17 20:13:43 -------- d-----w- C:\Users\Jono\AppData\Roaming\Malwarebytes

2011-06-17 20:13:39 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-06-17 20:13:38 -------- d-----w- C:\ProgramData\Malwarebytes

2011-06-17 20:13:35 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-06-17 20:13:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-06-17 12:40:10 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{817FAD5F-A37C-4949-8C7D-AFE0876C227C}\mpengine.dll

2011-06-17 12:37:47 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2011-06-17 12:37:45 467456 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-06-17 12:37:45 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-06-17 12:37:45 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2011-06-17 12:37:44 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2011-06-17 12:37:44 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll

2011-06-17 12:36:44 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-06-17 12:36:44 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-06-17 12:36:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-06-17 12:36:32 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-06-17 12:36:23 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe

2011-06-17 12:36:23 31232 ----a-w- C:\Windows\System32\prevhost.exe

2011-06-16 12:30:03 327168 ----a-w- C:\Windows\IsUninst.exe

2011-06-16 12:29:45 -------- d-----w- C:\Program Files (x86)\Setup Files

2011-06-12 07:35:13 -------- d-----w- C:\Program Files (x86)\osu!

2011-06-12 07:33:36 -------- d-----w- C:\Users\Jono\AppData\Roaming\Downloaded Installations

2011-06-11 10:01:58 -------- d-----w- C:\ProgramData\Skype Extras

2011-06-10 04:08:44 -------- d-----w- C:\Users\Jono\AppData\Roaming\wargaming.net

2011-06-10 04:00:49 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-10 03:59:34 -------- d-----w- C:\Games

2011-06-05 09:33:59 -------- d-----w- C:\Users\Jono\AppData\Roaming\Rovio

2011-06-05 09:30:47 -------- d-----w- C:\Program Files (x86)\Rovio

2011-05-29 15:48:30 -------- d-----w- C:\Users\Jono\AppData\Roaming\go

2011-05-29 15:48:29 -------- d-----w- C:\ProgramData\Easybits GO

2011-05-29 13:33:32 -------- d-----w- C:\Windows\pss

2011-05-27 15:44:15 -------- d-----w- C:\Users\Jono\AppData\Local\LogiShrd

2011-05-27 15:42:43 53248 ----a-r- C:\Users\Jono\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-05-27 15:41:39 -------- d-----w- C:\Program Files (x86)\Common Files\LWS

2011-05-25 18:10:20 -------- d-----w- C:\Users\Jono\AppData\Roaming\Paltalk

2011-05-25 18:10:18 -------- d-----w- C:\Windows\Paltalk Messenger

2011-05-25 18:10:18 -------- d-----w- C:\Program Files (x86)\Paltalk Messenger

2011-05-25 15:20:11 139264 ----a-w- C:\Windows\War3Unin.exe

2011-05-23 17:56:28 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2011-05-23 17:56:28 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll

2011-05-23 17:56:28 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2011-05-23 17:56:16 -------- d-----w- C:\Program Files\iPod

2011-05-23 17:56:15 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2011-05-23 17:56:15 -------- d-----w- C:\Program Files\iTunes

2011-05-23 17:56:15 -------- d-----w- C:\Program Files (x86)\iTunes

2011-05-23 17:54:38 -------- d-----w- C:\Program Files\Bonjour

2011-05-23 17:54:38 -------- d-----w- C:\Program Files (x86)\Bonjour

2011-05-22 12:08:17 -------- d-----w- C:\Program Files (x86)\EA GAMES

2011-05-22 12:07:23 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe

2011-05-22 11:54:24 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll

2011-05-22 11:54:24 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll

2011-05-22 11:54:24 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll

2011-05-22 11:54:24 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll

2011-05-22 11:54:19 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll

2011-05-22 11:54:19 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll

2011-05-21 05:50:11 -------- d-----w- C:\Users\Jono\AppData\Local\Thunderbird

2011-05-20 20:35:28 304744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

.

==================== Find3M ====================

.

2011-06-17 22:40:25 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2011-06-17 22:40:25 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2011-06-16 15:00:51 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2011-05-28 03:06:58 3135488 ----a-w- C:\Windows\System32\win32k.sys

2011-05-24 17:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-05-10 12:10:59 40112 ----a-w- C:\Windows\avastSS.scr

2011-05-10 12:04:08 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2011-05-10 11:59:48 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-05-03 18:16:56 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2011-05-03 10:49:41 2434856 ----a-w- C:\Windows\SysWow64\pbsvc_bc2.exe

2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys

2011-04-23 01:29:25 2303488 ----a-w- C:\Windows\System32\jscript9.dll

2011-04-23 01:19:19 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-04-22 23:35:56 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-04-22 23:25:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-04-22 17:25:02 372736 ----a-w- C:\Windows\System32\NVUNINST.EXE

2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-04-08 11:28:58 41872 ----a-w- C:\Windows\SysWow64\xfcodec.dll

2011-04-08 11:28:58 27536 ----a-w- C:\Windows\System32\xfcodec64.dll

2011-04-08 05:14:00 1619048 ----a-w- C:\Windows\System32\nvdispco6420140.dll

2011-04-08 05:14:00 1404008 ----a-w- C:\Windows\System32\nvgenco642060.dll

2011-04-07 21:19:16 2582120 ----a-w- C:\Windows\System32\nvsvcr.dll

2011-04-06 14:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll

2011-04-06 14:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll

2011-04-06 14:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll

2011-04-06 14:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe

2011-04-06 14:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll

2011-04-06 14:20:16 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll

2011-04-06 14:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll

2011-04-06 14:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe

2011-04-04 10:20:22 254528 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2011-04-01 05:10:46 539232 ----a-w- C:\Windows\SysWow64\LVUI2RC.dll

2011-04-01 05:10:24 543328 ----a-w- C:\Windows\SysWow64\LVUI2.dll

2011-04-01 05:08:36 301664 ----a-w- C:\Windows\SysWow64\lvcodec2.dll

2011-04-01 05:07:54 4184672 ----a-w- C:\Windows\System32\drivers\lvuvc64.sys

2011-04-01 05:07:30 559712 ----a-w- C:\Windows\System32\LVUIRC64.dll

2011-04-01 05:07:08 767584 ----a-w- C:\Windows\System32\LVUI64.dll

2011-04-01 05:07:02 10877272 ----a-w- C:\Windows\SysWow64\LogiDPP.dll

2011-04-01 05:07:02 10877272 ----a-w- C:\Windows\System32\LogiDPP.dll

2011-04-01 05:07:02 102744 ----a-w- C:\Windows\SysWow64\LogiDPPApp.exe

2011-04-01 05:07:02 102744 ----a-w- C:\Windows\System32\LogiDPPApp.exe

2011-04-01 05:06:56 331608 ----a-w- C:\Windows\SysWow64\DevManagerCore.dll

2011-04-01 05:06:56 331608 ----a-w- C:\Windows\System32\DevManagerCore.dll

2011-04-01 05:06:22 341856 ----a-w- C:\Windows\System32\drivers\lvrs64.sys

2011-04-01 05:05:38 261728 ----a-w- C:\Windows\System32\lvco13251014.dll

2011-04-01 05:05:16 172128 ----a-w- C:\Windows\System32\lvcod64.dll

2011-04-01 04:56:20 39318 ----a-w- C:\Windows\System32\Repository.reg

2011-03-29 19:05:34 21504 ----a-w- C:\Windows\jestertb.dll

2011-03-22 22:02:22 15192 ----a-w- C:\Windows\System32\drivers\iKeyLFT264.dll

2011-03-21 14:44:30 33416 ----a-w- C:\Windows\System32\drivers\nlndis.sys

2011-03-21 11:22:06 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll

2011-03-21 11:22:06 452200 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys

2011-03-21 11:22:06 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll

.

============= FINISH: 2:43:45.77 ===============

Attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.