Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Audio ads playing in background


(!)

zefram's Avatar
zefram zefram is offline
Member with 6 posts.
THREAD STARTER
 
Join Date: May 2012
Experience: Advanced
24-May-2012, 12:01 PM #1
Audio ads playing in background
Hi
I currently have the same issue as sutefaniidesu who had an entry entitled "Audio ads playing in the background" from Jan 1, 2010. I've included the sysinfo, ComboFix log and the "loaded drivers" information from my ntbtlog.txt. My issue occurs as soon as the login screen appears which is why I'm sending the ntbtlog.txt. Any help would be greatly appreciated.

Thanks,
zefram


=============== Sysinfo

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Ultimate, 64 bit
Processor: Intel(R) Core(TM) i7 CPU 960 @ 3.20GHz, Intel64 Family 6 Model 26 Stepping 5
Processor Count: 8
RAM: 12279 Mb
Graphics Card: NVIDIA GeForce GTX 470, 1280 Mb
Hard Drives: C: Total - 953767 MB, Free - 141312 MB; D: Total - 1907718 MB, Free - 924581 MB; E: Total - 953867 MB, Free - 182680 MB;
Motherboard: ASUSTeK Computer INC., SABERTOOTH X58
Antivirus: None


================ ComboFix log


ComboFix 12-05-24.01 - w7 05/24/2012 9:01.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.12279.10599 [GMT -4:00]
Running from: c:\users\w7\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-24 to 2012-05-24 )))))))))))))))))))))))))))))))
.
.
2012-05-24 13:07 . 2012-05-24 13:07 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-05-24 13:07 . 2012-05-24 13:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-06 16:39 . 2012-05-06 16:39 -------- d-----w- c:\windows\system32\appmgmt
2012-05-06 16:02 . 2012-05-06 16:12 -------- d-----w- c:\users\w7\AppData\Roaming\Awesomium
2012-05-05 13:55 . 2012-05-05 13:55 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-05 13:55 . 2012-05-05 13:55 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-05 13:55 . 2012-05-05 13:55 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-04 20:56 . 2012-05-04 20:58 -------- d-----w- c:\users\w7\AppData\Local\PAYDAY
2012-05-03 23:24 . 2012-05-03 23:23 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-02 00:42 . 2012-05-02 00:59 -------- d-----w- c:\users\w7\AppData\Roaming\Apple Computer
2012-05-02 00:42 . 2012-05-02 00:42 -------- d-----w- c:\users\w7\AppData\Local\Apple Computer
2012-05-02 00:42 . 2012-05-02 00:42 -------- dc----w- c:\windows\system32\DRVSTORE
2012-05-02 00:42 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-05-02 00:41 . 2012-05-02 00:41 -------- d-----w- c:\programdata\Apple
2012-04-28 14:21 . 2012-04-28 14:21 -------- d-----w- c:\users\w7\AppData\Roaming\RenPy
2012-04-24 21:39 . 2005-08-30 04:00 781312 ----a-w- c:\windows\SysWow64\RGSS102J.dll
2012-04-24 21:39 . 2005-08-30 04:00 778752 ----a-w- c:\windows\SysWow64\RGSS102E.dll
2012-04-24 21:39 . 2005-08-30 04:00 771584 ----a-w- c:\windows\SysWow64\RGSS100J.dll
2012-04-24 21:36 . 2012-04-24 21:39 -------- d-----w- c:\program files (x86)\Common Files\Enterbrain
2012-04-24 13:56 . 2012-04-24 13:56 -------- d-----w- c:\users\w7\oni
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 15:21 . 2012-04-16 00:49 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-06 15:21 . 2012-01-01 14:31 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 00:40 . 2012-04-16 20:40 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-03 23:23 . 2011-12-29 00:52 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-17 23:35 . 2012-01-23 14:56 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-17 23:35 . 2011-12-28 20:07 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-16 21:40 . 2011-12-28 20:07 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-03-18 03:56 . 2011-12-28 20:07 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-18 03:17 . 2012-03-18 03:17 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-24_12.50.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-05 14:18 . 2012-05-24 12:56 42384 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-24 12:56 49700 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-05 03:08 . 2012-05-24 12:56 13796 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1007896227-2540983366-3169110878-1000_UserData.bin
+ 2011-02-11 00:00 . 2012-05-24 13:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\C ookies\index.dat
- 2011-02-11 00:00 . 2012-05-24 12:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\C ookies\index.dat
+ 2011-02-11 00:00 . 2012-05-24 13:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\His tory\History.IE5\index.dat
- 2011-02-11 00:00 . 2012-05-24 12:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\His tory\History.IE5\index.dat
+ 2012-05-24 13:08 . 2012-05-24 13:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-24 12:49 . 2012-05-24 12:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-05-24 12:42 672494 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-24 12:59 672494 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-24 12:59 125226 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-24 12:42 125226 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-05-24 12:48 406816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-24 13:07 406816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-02-05 15:10 . 2012-05-24 12:48 4990656 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1007896227-2540983366-3169110878-1000-8192.dat
+ 2011-02-05 15:10 . 2012-05-24 13:07 4990656 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1007896227-2540983366-3169110878-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{13FA2453-9287-4F18-8554-976D7C02F4EE}]
2012-01-11 02:43 63368 ----a-w- c:\perfect world entertainment\CORE Client\plugins\CorePluginIE.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\steam\steam.exe" [2012-02-20 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-06 25600]
"Arctosa"="c:\program files (x86)\Razer\Arctosa\razerhid.exe" [2008-10-06 147456]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 dump_wmimmc;dump_wmimmc;c:\gamescampus\Heroes In the Sky\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-05 129976]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 X6va001;X6va001;c:\users\w7\AppData\Local\Temp\00137EC.tmp [x]
R3 X6va005;X6va005;c:\users\w7\AppData\Local\Temp\005C566.tmp [x]
R3 X6va008;X6va008;c:\users\w7\AppData\Local\Temp\008C967.tmp [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-02-05 79360]
R4 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [2010-07-28 242176]
R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-02-21 8704]
R4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
R4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 15:21]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1007896227-2540983366-3169110878-1000Core.job
- c:\users\w7\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 00:14]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1007896227-2540983366-3169110878-1000UA.job
- c:\users\w7\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 00:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\w7\AppData\Roaming\Mozilla\Firefox\Profiles\e8wvwji8.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va001]
"ImagePath"="\??\c:\users\w7\AppData\Local\Temp\00137EC.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\w7\AppData\Local\Temp\005C566.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\users\w7\AppData\Local\Temp\008C967.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1007896227-2540983366-3169110878-1000\Software\SecuROM\License information*]
"datasecu"=hex:a7,9a,be,9b,c8,28,b7,29,c6,27,2c,e4,7d,bf,a2,24,f8,69,e7,8f, f8,
8e,f3,51,69,25,1f,7a,c8,3d,f9,be,f9,38,bc,9b,2d,52,9b,dc,3f,60,40,0b,8e,11, \
"rkeysecu"=hex:18,be,cf,83,e0,ce,a3,3b,5c,ad,4f,9a,4f,de,d8,e6
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-05-24 09:13:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-24 13:13
ComboFix2.txt 2012-05-24 12:52
.
Pre-Run: 148,398,260,224 bytes free
Post-Run: 148,058,583,040 bytes free
.
- - End Of File - - 25689E4D7797D23C73F900D1FDED9670




====== ntbtlog.txt (the loaded drivers


Loaded driver \SystemRoot\system32\ntoskrnl.exe
Loaded driver \SystemRoot\system32\hal.dll
Loaded driver \SystemRoot\system32\kdcom.dll
Loaded driver \SystemRoot\system32\mcupdate_GenuineIntel.dll
Loaded driver \SystemRoot\system32\PSHED.dll
Loaded driver \SystemRoot\system32\CLFS.SYS
Loaded driver \SystemRoot\system32\CI.dll
Loaded driver \SystemRoot\system32\drivers\Wdf01000.sys
Loaded driver \SystemRoot\system32\drivers\WDFLDR.SYS
Loaded driver \SystemRoot\System32\Drivers\sptd.sys
Loaded driver \SystemRoot\System32\Drivers\WMILIB.SYS
Loaded driver \SystemRoot\System32\Drivers\SCSIPORT.SYS
Loaded driver \SystemRoot\system32\DRIVERS\ACPI.sys
Loaded driver \SystemRoot\system32\DRIVERS\msisadrv.sys
Loaded driver \SystemRoot\system32\DRIVERS\vdrvroot.sys
Loaded driver \SystemRoot\system32\DRIVERS\pci.sys
Loaded driver \SystemRoot\System32\drivers\partmgr.sys
Loaded driver \SystemRoot\system32\DRIVERS\volmgr.sys
Loaded driver \SystemRoot\System32\drivers\volmgrx.sys
Loaded driver \SystemRoot\system32\DRIVERS\pciide.sys
Loaded driver \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
Loaded driver \SystemRoot\System32\drivers\mountmgr.sys
Loaded driver \SystemRoot\system32\DRIVERS\atapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ataport.SYS
Loaded driver \SystemRoot\system32\DRIVERS\nvstor.sys
Loaded driver \SystemRoot\system32\DRIVERS\storport.sys
Loaded driver \SystemRoot\system32\DRIVERS\msahci.sys
Loaded driver \SystemRoot\system32\DRIVERS\amdxata.sys
Loaded driver \SystemRoot\system32\drivers\fltmgr.sys
Loaded driver \SystemRoot\system32\drivers\fileinfo.sys
Loaded driver \SystemRoot\System32\Drivers\Ntfs.sys
Loaded driver \SystemRoot\System32\Drivers\msrpc.sys
Loaded driver \SystemRoot\System32\Drivers\ksecdd.sys
Loaded driver \SystemRoot\System32\Drivers\cng.sys
Loaded driver \SystemRoot\System32\drivers\pcw.sys
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.sys
Loaded driver \SystemRoot\system32\drivers\ndis.sys
Loaded driver \SystemRoot\system32\drivers\NETIO.SYS
Loaded driver \SystemRoot\System32\Drivers\ksecpkg.sys
Loaded driver \SystemRoot\System32\drivers\tcpip.sys
Loaded driver \SystemRoot\System32\drivers\fwpkclnt.sys
Loaded driver \SystemRoot\system32\DRIVERS\vmstorfl.sys
Loaded driver \SystemRoot\system32\DRIVERS\volsnap.sys
Loaded driver \SystemRoot\System32\Drivers\spldr.sys
Loaded driver \SystemRoot\System32\drivers\rdyboost.sys
Loaded driver \SystemRoot\System32\Drivers\mup.sys
Loaded driver \SystemRoot\System32\drivers\hwpolicy.sys
Loaded driver \SystemRoot\System32\DRIVERS\fvevol.sys
Loaded driver \SystemRoot\system32\DRIVERS\disk.sys
Loaded driver \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\1394ohci.sys
Loaded driver \SystemRoot\System32\Drivers\a9x2yg1u.SYS
Loaded driver \SystemRoot\system32\DRIVERS\wmiacpi.sys
Loaded driver \SystemRoot\system32\DRIVERS\blbdrive.sys
Loaded driver \SystemRoot\system32\DRIVERS\CompositeBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\system32\DRIVERS\rdpbus.sys
Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\umbus.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys
Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdhid.sys
Loaded driver \SystemRoot\system32\DRIVERS\LHidFilt.Sys
Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys
Loaded driver \SystemRoot\system32\DRIVERS\LMouFilt.Sys
Loaded driver \SystemRoot\system32\drivers\WudfPf.sys
Loaded driver \SystemRoot\system32\ntoskrnl.exe
Loaded driver \SystemRoot\system32\hal.dll
Loaded driver \SystemRoot\system32\kdcom.dll
Loaded driver \SystemRoot\system32\mcupdate_GenuineIntel.dll
Loaded driver \SystemRoot\system32\PSHED.dll
Loaded driver \SystemRoot\system32\CLFS.SYS
Loaded driver \SystemRoot\system32\CI.dll
Loaded driver \SystemRoot\system32\drivers\Wdf01000.sys
Loaded driver \SystemRoot\system32\drivers\WDFLDR.SYS
Loaded driver \SystemRoot\System32\Drivers\sptd.sys
Loaded driver \SystemRoot\System32\Drivers\WMILIB.SYS
Loaded driver \SystemRoot\System32\Drivers\SCSIPORT.SYS
Loaded driver \SystemRoot\system32\DRIVERS\ACPI.sys
Loaded driver \SystemRoot\system32\DRIVERS\msisadrv.sys
Loaded driver \SystemRoot\system32\DRIVERS\vdrvroot.sys
Loaded driver \SystemRoot\system32\DRIVERS\pci.sys
Loaded driver \SystemRoot\System32\drivers\partmgr.sys
Loaded driver \SystemRoot\system32\DRIVERS\volmgr.sys
Loaded driver \SystemRoot\System32\drivers\volmgrx.sys
Loaded driver \SystemRoot\system32\DRIVERS\pciide.sys
Loaded driver \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
Loaded driver \SystemRoot\System32\drivers\mountmgr.sys
Loaded driver \SystemRoot\system32\DRIVERS\atapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ataport.SYS
Loaded driver \SystemRoot\system32\DRIVERS\nvstor.sys
Loaded driver \SystemRoot\system32\DRIVERS\storport.sys
Loaded driver \SystemRoot\system32\DRIVERS\msahci.sys
Loaded driver \SystemRoot\system32\DRIVERS\amdxata.sys
Loaded driver \SystemRoot\system32\drivers\fltmgr.sys
Loaded driver \SystemRoot\system32\drivers\fileinfo.sys
Loaded driver \SystemRoot\System32\Drivers\Ntfs.sys
Loaded driver \SystemRoot\System32\Drivers\msrpc.sys
Loaded driver \SystemRoot\System32\Drivers\ksecdd.sys
Loaded driver \SystemRoot\System32\Drivers\cng.sys
Loaded driver \SystemRoot\System32\drivers\pcw.sys
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.sys
Loaded driver \SystemRoot\system32\drivers\ndis.sys
Loaded driver \SystemRoot\system32\drivers\NETIO.SYS
Loaded driver \SystemRoot\System32\Drivers\ksecpkg.sys
Loaded driver \SystemRoot\System32\drivers\tcpip.sys
Loaded driver \SystemRoot\System32\drivers\fwpkclnt.sys
Loaded driver \SystemRoot\system32\DRIVERS\vmstorfl.sys
Loaded driver \SystemRoot\system32\DRIVERS\volsnap.sys
Loaded driver \SystemRoot\System32\Drivers\spldr.sys
Loaded driver \SystemRoot\System32\drivers\rdyboost.sys
Loaded driver \SystemRoot\System32\Drivers\mup.sys
Loaded driver \SystemRoot\System32\drivers\hwpolicy.sys
Loaded driver \SystemRoot\System32\DRIVERS\fvevol.sys
Loaded driver \SystemRoot\system32\DRIVERS\disk.sys
Loaded driver \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\1394ohci.sys
Loaded driver \SystemRoot\System32\Drivers\aymvbkj4.SYS
Loaded driver \SystemRoot\system32\DRIVERS\wmiacpi.sys
Loaded driver \SystemRoot\system32\DRIVERS\blbdrive.sys
Loaded driver \SystemRoot\system32\DRIVERS\CompositeBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\system32\DRIVERS\rdpbus.sys
Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\mcdbus.sys
Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\umbus.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\system32\DRIVERS\cdfs.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys
Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdhid.sys
Loaded driver \SystemRoot\system32\DRIVERS\LHidFilt.Sys
Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys
Loaded driver \SystemRoot\system32\DRIVERS\LMouFilt.Sys
Loaded driver \SystemRoot\system32\drivers\WudfPf.sys
Loaded driver \SystemRoot\system32\ntoskrnl.exe
Loaded driver \SystemRoot\system32\hal.dll
Loaded driver \SystemRoot\system32\kdcom.dll
Loaded driver \SystemRoot\system32\mcupdate_GenuineIntel.dll
Loaded driver \SystemRoot\system32\PSHED.dll
Loaded driver \SystemRoot\system32\CLFS.SYS
Loaded driver \SystemRoot\system32\CI.dll
Loaded driver \SystemRoot\system32\drivers\Wdf01000.sys
Loaded driver \SystemRoot\system32\drivers\WDFLDR.SYS
Loaded driver \SystemRoot\System32\Drivers\sptd.sys
Loaded driver \SystemRoot\System32\Drivers\WMILIB.SYS
Loaded driver \SystemRoot\System32\Drivers\SCSIPORT.SYS
Loaded driver \SystemRoot\system32\DRIVERS\ACPI.sys
Loaded driver \SystemRoot\system32\DRIVERS\msisadrv.sys
Loaded driver \SystemRoot\system32\DRIVERS\vdrvroot.sys
Loaded driver \SystemRoot\system32\DRIVERS\pci.sys
Loaded driver \SystemRoot\System32\drivers\partmgr.sys
Loaded driver \SystemRoot\system32\DRIVERS\volmgr.sys
Loaded driver \SystemRoot\System32\drivers\volmgrx.sys
Loaded driver \SystemRoot\system32\DRIVERS\pciide.sys
Loaded driver \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
Loaded driver \SystemRoot\System32\drivers\mountmgr.sys
Loaded driver \SystemRoot\system32\DRIVERS\atapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ataport.SYS
Loaded driver \SystemRoot\system32\DRIVERS\nvstor.sys
Loaded driver \SystemRoot\system32\DRIVERS\storport.sys
Loaded driver \SystemRoot\system32\DRIVERS\msahci.sys
Loaded driver \SystemRoot\system32\DRIVERS\amdxata.sys
Loaded driver \SystemRoot\system32\drivers\fltmgr.sys
Loaded driver \SystemRoot\system32\drivers\fileinfo.sys
Loaded driver \SystemRoot\System32\Drivers\Ntfs.sys
Loaded driver \SystemRoot\System32\Drivers\msrpc.sys
Loaded driver \SystemRoot\System32\Drivers\ksecdd.sys
Loaded driver \SystemRoot\System32\Drivers\cng.sys
Loaded driver \SystemRoot\System32\drivers\pcw.sys
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.sys
Loaded driver \SystemRoot\system32\drivers\ndis.sys
Loaded driver \SystemRoot\system32\drivers\NETIO.SYS
Loaded driver \SystemRoot\System32\Drivers\ksecpkg.sys
Loaded driver \SystemRoot\System32\drivers\tcpip.sys
Loaded driver \SystemRoot\System32\drivers\fwpkclnt.sys
Loaded driver \SystemRoot\system32\DRIVERS\vmstorfl.sys
Loaded driver \SystemRoot\system32\DRIVERS\volsnap.sys
Loaded driver \SystemRoot\System32\Drivers\spldr.sys
Loaded driver \SystemRoot\System32\drivers\rdyboost.sys
Loaded driver \SystemRoot\System32\Drivers\mup.sys
Loaded driver \SystemRoot\System32\drivers\hwpolicy.sys
Loaded driver \SystemRoot\System32\DRIVERS\fvevol.sys
Loaded driver \SystemRoot\system32\DRIVERS\disk.sys
Loaded driver \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\system32\drivers\rdpencdd.sys
Loaded driver \SystemRoot\system32\drivers\rdprefmp.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\tdx.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\system32\drivers\afd.sys
Loaded driver \SystemRoot\system32\drivers\ws2ifsl.sys
Loaded driver \SystemRoot\system32\DRIVERS\wfplwf.sys
Loaded driver \SystemRoot\system32\DRIVERS\pacer.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
Loaded driver \SystemRoot\system32\DRIVERS\serial.sys
Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\system32\drivers\nsiproxy.sys
Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\System32\drivers\discache.sys
Loaded driver \SystemRoot\system32\drivers\csc.sys
Loaded driver \SystemRoot\System32\Drivers\dfsc.sys
Loaded driver \SystemRoot\system32\DRIVERS\blbdrive.sys
Loaded driver \SystemRoot\system32\DRIVERS\tunnel.sys
Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\System32\drivers\dxgkrnl.sys
Loaded driver \SystemRoot\system32\DRIVERS\nvlddmkm.sys
Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\Rt64win7.sys
Loaded driver \SystemRoot\system32\DRIVERS\1394ohci.sys
Loaded driver \SystemRoot\system32\DRIVERS\serenum.sys
Loaded driver \SystemRoot\System32\Drivers\arqg1tey.SYS
Loaded driver \SystemRoot\system32\DRIVERS\wmiacpi.sys
Loaded driver \SystemRoot\system32\DRIVERS\CompositeBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\AgileVpn.sys
Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\system32\DRIVERS\rassstp.sys
Loaded driver \SystemRoot\system32\DRIVERS\rdpbus.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\mcdbus.sys
Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\umbus.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
Loaded driver \SystemRoot\system32\drivers\nvhda64v.sys
Loaded driver \SystemRoot\system32\drivers\ksthunk.sys
Loaded driver \SystemRoot\system32\drivers\HdAudio.sys
Loaded driver \SystemRoot\system32\DRIVERS\cdfs.sys
Loaded driver \SystemRoot\system32\DRIVERS\monitor.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys
Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdhid.sys
Loaded driver \SystemRoot\system32\DRIVERS\LHidFilt.Sys
Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys
Loaded driver \SystemRoot\system32\DRIVERS\LMouFilt.Sys
Loaded driver \SystemRoot\system32\drivers\luafv.sys
Loaded driver \SystemRoot\system32\drivers\WudfPf.sys
Loaded driver \SystemRoot\system32\DRIVERS\lltdio.sys
Loaded driver \SystemRoot\system32\DRIVERS\rspndr.sys
Loaded driver \SystemRoot\system32\drivers\HTTP.sys
Loaded driver \SystemRoot\system32\DRIVERS\bowser.sys
Loaded driver \SystemRoot\System32\drivers\mpsdrv.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb10.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb20.sys
Loaded driver \SystemRoot\system32\drivers\npf.sys
Loaded driver \SystemRoot\system32\drivers\peauth.sys
Loaded driver \SystemRoot\System32\Drivers\secdrv.SYS
Loaded driver \SystemRoot\System32\DRIVERS\srvnet.sys
Loaded driver \SystemRoot\System32\drivers\tcpipreg.sys
Loaded driver \SystemRoot\System32\DRIVERS\srv2.sys
Loaded driver \SystemRoot\System32\DRIVERS\srv.sys
CatByte's Avatar
Malware Removal Specialist with 3,892 posts.
 
Join Date: Feb 2009
26-May-2012, 04:55 PM #2
Hi,

Please do the following:

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button.
  • type exit and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
zefram's Avatar
zefram zefram is offline
Member with 6 posts.
THREAD STARTER
 
Join Date: May 2012
Experience: Advanced
26-May-2012, 08:50 PM #3
Hi Catbyte
Posted below are the results from the FRST64 run.

Thanks


=============================== FRST.txt

Scan result of Farbar Recovery Scan Tool Version: 25-05-2012
Ran by SYSTEM at 26-05-2012 18:39:56
Running from G:\
Microsoft Windows XP (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [nwiz] nwiz.exe /installquiet [x]
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [116328 2010-01-11] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [14803560 2010-01-11] (NVIDIA Corporation)
HKLM-x32\...\Run: [CTxfiHlp] CTXFIHLP.EXE [x]
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40048 2007-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QT Lite\QTTask.exe" -atboottime [421888 2010-09-08] (Apple Inc.)
HKU\Administrator\...\Run: [Alcohol.bin Autorun] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Alcohol.bin /startup [x]
HKU\Administrator\...\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe" [136136 2007-09-06] (DT Soft Ltd.)
HKU\Administrator\...\Policies\system: [NoDispAppearancePage] 0
HKU\Administrator\...\Policies\system: [NoColorChoice] 0
HKU\Administrator\...\Policies\system: [NoSizeChoice] 0
HKU\Administrator\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Administrator\...\Policies\system: [NoDispScrSavPage] 0
HKU\Administrator\...\Policies\system: [NoDispCPL] 0
HKU\Administrator\...\Policies\system: [NoVisualStyleChoice] 0
HKU\Administrator\...\Policies\system: [NoDispSettingsPage] 0
HKU\Default User\...\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE [20992 2007-02-18] (Microsoft Corporation)
HKU\LocalService\...\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE [20992 2007-02-18] (Microsoft Corporation)
HKU\NetworkService\...\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE [20992 2007-02-18] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Userinit] userinit [x]
HKLM-x32\...\Winlogon: [Shell] Explorer.exe rundll32.exe jxvy.dio cymucrx [x ] ()
HKLM\...\Winlogon: [UIHost] %SystemRoot%\system32\logonui.exe [x ] ()
Winlogon\Notify\crypt32chain: crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: wlnotify.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.237.161.12

==================== Services (Whitelisted) ======

2 AeLookupSvc; C:\Windows\SysWow64\aelupsvc.dll [26624 2007-02-18] (Microsoft Corporation)
3 ALG; C:\Windows\SysWow64\alg.exe [45056 2007-02-18] (Microsoft Corporation)
2 AudioSrv; C:\Windows\SysWow64\audiosrv.dll [41472 2007-02-18] (Microsoft Corporation)
3 Browser; C:\Windows\SysWow64\browser.dll [78336 2007-03-14] (Microsoft Corporation)
4 CiSvc; C:\Windows\System32\cisvc.exe [8704 2007-02-18] (Microsoft Corporation)
4 CiSvc; C:\Windows\SysWow64\cisvc.exe [6656 2007-02-18] (Microsoft Corporation)
3 ClipSrv; C:\Windows\System32\clipsrv.exe [49664 2007-02-18] (Microsoft Corporation)
3 ClipSrv; C:\Windows\SysWow64\clipsrv.exe [32256 2007-02-18] (Microsoft Corporation)
3 dmadmin; C:\Windows\System32\dmadmin.exe /com [399872 2008-08-27] (Microsoft Corporation)
2 dmserver; C:\Windows\System32\dmserver.dll [37376 2007-02-18] (Microsoft Corporation)
2 Dnscache; C:\Windows\SysWow64\dnsrslvr.dll [45568 2008-02-18] (Microsoft Corporation)
3 ERSvc; C:\Windows\System32\ersvc.dll [31744 2007-02-18] (Microsoft Corporation)
2 Eventlog; C:\Windows\System32\services.exe [227840 2009-03-19] (Microsoft Corporation)
3 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [77312 2007-02-18] (Microsoft Corporation)
3 HTTPFilter; C:\Windows\System32\w3ssl.dll [21504 2007-02-18] (Microsoft Corporation)
3 HTTPFilter; C:\Windows\SysWow64\w3ssl.dll [15360 2007-02-18] (Microsoft Corporation)
3 IASJet; C:\Windows\SysWOW64\iasrecst.dll [162816 2007-02-18] (Microsoft Corporation)
3 ImapiService; C:\WINDOWS\system32\imapi.exe [265728 2007-02-18] (Microsoft Corporation)
3 LmHosts; C:\Windows\SysWow64\lmhsvc.dll [19968 2007-02-18] (Microsoft Corporation)
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [65824 2006-10-26] (Microsoft Corporation)
4 mnmsrvc; C:\WINDOWS\SysWow64\mnmsrvc.exe [32768 2007-02-18] (Microsoft Corporation)
4 NetDDE; C:\Windows\System32\netdde.exe [160768 2007-02-18] (Microsoft Corporation)
4 NetDDE; C:\Windows\SysWow64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
4 NetDDEdsdm; C:\Windows\System32\netdde.exe [160768 2007-02-18] (Microsoft Corporation)
4 NetDDEdsdm; C:\Windows\SysWow64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
2 Netman; C:\Windows\SysWow64\netman.dll [263680 2007-02-18] (Microsoft Corporation)
2 Nla; C:\Windows\System32\mswsock.dll [493056 2008-06-20] (Microsoft Corporation)
2 Nla; C:\Windows\SysWow64\mswsock.dll [234496 2008-06-20] (Microsoft Corporation)
4 NMSAccessU; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2008-10-20] ()
3 npggsvc; C:\WINDOWS\SysWow64\GameMon.des -service [4085304 2010-10-12] (INCA Internet Co., Ltd.)
3 NtLmSsp; C:\Windows\System32\lsass.exe [14336 2007-02-18] (Microsoft Corporation)
3 NtmsSvc; C:\Windows\System32\ntmssvc.dll [794112 2007-02-18] (Microsoft Corporation)
2 NVSvc; C:\Windows\System32\nvsvc64.exe [181352 2010-01-11] (NVIDIA Corporation)
2 PlugPlay; C:\Windows\System32\services.exe [227840 2009-03-19] (Microsoft Corporation)
3 PolicyAgent; C:\Windows\System32\lsass.exe [14336 2007-02-18] (Microsoft Corporation)
3 RasAuto; C:\Windows\SysWow64\rasauto.dll [91648 2007-02-18] (Microsoft Corporation)
3 RasMan; C:\Windows\SysWow64\rasmans.dll [181760 2007-02-18] (Microsoft Corporation)
4 RemoteRegistry; C:\Windows\SysWow64\regsvc.dll [69120 2007-02-18] (Microsoft Corporation)
3 RpcLocator; C:\Windows\SysWow64\locator.exe [71680 2007-02-18] (Microsoft Corporation)
3 SCardSvr; C:\Windows\System32\SCardSvr.exe [166400 2007-02-18] (Microsoft Corporation)
3 SCardSvr; C:\Windows\SysWow64\SCardSvr.exe [90112 2007-02-18] (Microsoft Corporation)
3 Schedule; C:\Windows\SysWow64\schedsvc.dll [202240 2008-05-08] (Microsoft Corporation)
4 seclogon; C:\Windows\SysWow64\seclogon.dll [18432 2007-02-18] (Microsoft Corporation)
3 SharedAccess; C:\Windows\SysWow64\ipnathlp.dll [343552 2007-02-18] (Microsoft Corporation)
4 SSDPSRV; C:\Windows\SysWow64\ssdpsrv.dll [72192 2007-02-18] (Microsoft Corporation)
4 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software)
2 stisvc; C:\Windows\SysWow64\wiaservc.dll [348160 2007-02-18] (Microsoft Corporation)
4 SysmonLog; C:\Windows\System32\smlogsvc.exe [133120 2007-12-14] (Microsoft Corporation)
4 SysmonLog; C:\Windows\SysWow64\smlogsvc.exe [96256 2007-12-14] (Microsoft Corporation)
3 TrkWks; C:\Windows\SysWow64\trkwks.dll [86528 2007-02-18] (Microsoft Corporation)
3 UPS; C:\Windows\System32\ups.exe [34816 2007-02-18] (Microsoft Corporation)
3 UPS; C:\Windows\SysWow64\ups.exe [16896 2007-02-18] (Microsoft Corporation)
2 W32Time; C:\WINDOWS\SysWow64\w32time.dll [227840 2008-06-24] (Microsoft Corporation)
3 WmdmPmSN; C:\WINDOWS\SysWOW64\mspmsnsv.dll [27136 2009-06-10] (Microsoft Corporation)
3 Wmi; C:\Windows\System32\advapi32.dll [1065472 2009-03-19] (Microsoft Corporation)
3 Wmi; C:\Windows\SysWow64\advapi32.dll [619008 2009-03-19] (Microsoft Corporation)
3 WMPNetworkSvc; "C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe" [913408 2006-10-18] (Microsoft Corporation)
4 wuauserv; C:\WINDOWS\system32\wuauserv.dll [22552 2008-10-16] (Microsoft Corporation)
3 WZCSVC; C:\Windows\System32\wzcsvc.dll [659968 2009-06-10] (Microsoft Corporation)
3 WZCSVC; C:\Windows\SysWow64\wzcsvc.dll [489472 2007-02-18] (Microsoft Corporation)
3 xmlprov; C:\Windows\System32\xmlprov.dll [326144 2007-02-18] (Microsoft Corporation)
3 xmlprov; C:\Windows\SysWow64\xmlprov.dll [131584 2007-02-18] (Microsoft Corporation)
2 Akamai; c:\program files (x86)\common files\akamai\netsession_win_dbc0250.dll [x]
3 clr_optimization_v2.0.50727_32; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [x]
3 clr_optimization_v2.0.50727_64; c:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [x]
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [x]
3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe" [x]
4 JavaQuickStarterService; "C:\Program Files (x86)\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]
3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]
3 WinHttpAutoProxySvc; winhttp.dll [x]

========================== Drivers (Whitelisted) =============

4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [18432 2007-02-18] (Microsoft Corporation)
3 aec; C:\Windows\System32\Drivers\aec.sys [188928 2005-03-24] (Microsoft Corporation)
3 Arp1394; C:\Windows\System32\Drivers\Arp1394.sys [111104 2007-02-16] (Microsoft Corporation)
3 Atmarpc; C:\Windows\System32\Drivers\Atmarpc.sys [106496 2007-02-18] (Microsoft Corporation)
3 audstub; C:\Windows\System32\Drivers\audstub.sys [5632 2005-03-24] (Microsoft Corporation)
2 CdaC15BA; C:\Windows\System32\Drivers\CdaC15BA.sys [13312 2007-02-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
2 CdaD10BA; C:\Windows\System32\Drivers\CdaD10BA.sys [13312 2007-02-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
4 dmboot; C:\Windows\System32\Drivers\dmboot.sys [415232 2007-02-18] (Microsoft Corporation)
0 dmio; C:\Windows\System32\Drivers\dmio.sys [246784 2009-01-08] (Microsoft Corporation)
0 dmload; C:\Windows\System32\Drivers\dmload.sys [9216 2007-02-18] (Microsoft Corporation)
1 Fips; C:\Windows\System32\Drivers\Fips.sys [50176 2007-02-18] (Microsoft Corporation)
0 Ftdisk; C:\Windows\System32\Drivers\Ftdisk.sys [240128 2007-09-01] (Microsoft Corporation)
3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [71168 2007-02-18] (Microsoft Corporation)
1 imapi; C:\Windows\System32\Drivers\imapi.sys [72704 2009-06-10] (Microsoft Corporation)
3 Ip6Fw; C:\Windows\System32\Drivers\Ip6Fw.sys [57856 2007-02-18] (Microsoft Corporation)
1 IPSec; C:\Windows\System32\Drivers\IPSec.sys [156672 2007-11-22] (Microsoft Corporation)
3 kmixer; C:\Windows\System32\Drivers\kmixer.sys [204288 2005-03-24] (Microsoft Corporation)
1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [8192 2007-02-18] (Microsoft Corporation)
3 NIC1394; C:\Windows\System32\Drivers\NIC1394.sys [92160 2005-03-24] (Microsoft Corporation)
2 NPF; C:\Windows\System32\Drivers\NPF.sys [47632 2009-10-20] (CACE Technologies, Inc.)
3 nv; C:\Windows\System32\DRIVERS\nv4_mini.sys [12477312 2010-01-11] (NVIDIA Corporation)
3 pbfilter; \??\C:\pbfilter.sys [16472 2009-09-27] ()
3 PSched; C:\Windows\System32\Drivers\PSched.sys [106496 2007-02-18] (Microsoft Corporation)
3 Ptilink; C:\Windows\System32\Drivers\Ptilink.sys [31232 2007-02-18] (Parallel Technologies, Inc.)
3 Raspti; C:\Windows\System32\Drivers\Raspti.sys [31232 2007-02-18] (Microsoft Corporation)
1 redbook; C:\Windows\System32\Drivers\redbook.sys [64000 2005-03-24] (Microsoft Corporation)
3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [157184 2009-06-10] (Realtek Semiconductor Corporation )
3 splitter; C:\Windows\System32\Drivers\splitter.sys [10240 2007-02-16] (Microsoft Corporation)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [860656 2010-09-09] (Duplex Secure Ltd.)
3 swmidi; C:\Windows\System32\Drivers\swmidi.sys [86528 2005-03-24] (Microsoft Corporation)
3 sysaudio; C:\Windows\System32\Drivers\sysaudio.sys [147456 2007-02-16] (Microsoft Corporation)
3 Update; C:\Windows\System32\Drivers\Update.sys [152576 2007-05-29] (Microsoft Corporation)
3 wdmaud; C:\Windows\System32\Drivers\wdmaud.sys [187904 2007-02-16] (Microsoft Corporation)
4 Abiosdsk; [x]
4 adpu160m; [x]
4 adpu320; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 AmdIde; [x]
4 arc; [x]
4 Atdisk; [x]
4 CmdIde; [x]
4 dpti2o; [x]
3 dump_wmimmc; \??\C:\IJJI\English\GenesisAD\GameGuard\dump_wmimmc.sys [x]
4 iirsp; [x]
4 mraid35x; [x]
3 NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys [x]
4 RDSessMgr; [x]
4 Simbad; [x]
4 symc8xx; [x]
4 symmpi; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
4 ultra; [x]
4 ViaIde; [x]
3 WmiApSrv; [x]
4 wscsvc; [x]
3 X6va003; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\003285.tmp [x]

========================== NetSvcs (Whitelisted) ===========
NETSVCx32: Browser
NETSVCx32: CryptSvc
NETSVCx32: DMServer
NETSVCx32: EventSystem
NETSVCx32: HidServ
NETSVCx32: Iprip
NETSVCx32: LanmanWorkstation
NETSVCx32: Netman
NETSVCx32: Seclogon
NETSVCx32: TrkWks
NETSVCx32: WZCSVC
NETSVCx32: xmlprov
NETSVCx32: WmdmPmSN

============ One Month Created Files and Folders ==============

2012-05-26 18:39 - 2012-05-26 18:39 - 0000000 ____D C:\FRST


============ 3 Months Modified Files and Folders =============



========================= Known DLLs (Whitelisted) ============

[2007-02-18 04:00] - [2007-02-18 04:00] - 0131584 ____A (Microsoft Corporation) C:\Windows\System32\olecli32.dll
[2007-02-18 04:00] - [2007-02-18 04:00] - 0076288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\olecli32.dll
[2007-02-18 04:00] - [2007-02-18 04:00] - 0056832 ____A (Microsoft Corporation) C:\Windows\System32\olecnv32.dll
[2007-02-18 04:00] - [2007-02-18 04:00] - 0038912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\olecnv32.dll
[2007-02-18 04:00] - [2007-02-18 04:00] - 0038912 ____A (Microsoft Corporation) C:\Windows\System32\olesvr32.dll
[2007-02-18 04:00] - [2007-02-18 04:00] - 0024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\olesvr32.dll
[2008-11-22 11:06] - [2008-11-22 11:06] - 0249856 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
C:\Windows\SysWOW64\wow64.dll IS MISSING <==== ATTENTION!
[2007-02-18 04:00] - [2007-02-18 04:00] - 0018944 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
C:\Windows\SysWOW64\wow64cpu.dll IS MISSING <==== ATTENTION!
[2008-02-06 07:11] - [2008-02-06 07:11] - 0287232 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
C:\Windows\SysWOW64\wow64win.dll IS MISSING <==== ATTENTION!

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe
[2008-04-23 19:12] - [2008-04-23 19:12] - 0944128 ____A (Microsoft Corporation) 41433583EA482B238DE2951DE59DEB4C

C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe
[2007-02-05 20:03] - [2007-02-05 20:03] - 1364480 ____A (Microsoft Corporation) B02B95ED58DFB67502B3908573FAC6D7

C:\Windows\SysWOW64\explorer.exe
[2007-02-05 20:03] - [2007-02-05 20:03] - 1053184 ____A (Microsoft Corporation) A7350345C820527B581DA9337EB9601F

C:\Windows\System32\svchost.exe
[2007-02-18 04:00] - [2007-02-18 04:00] - 0025600 ____A (Microsoft Corporation) 46300880A5062A41C16DF5E3E836A6C9

C:\Windows\SysWOW64\svchost.exe
[2007-02-18 04:00] - [2007-02-18 04:00] - 0014848 ____A (Microsoft Corporation) C09CCFE81DEC9B162533D7184D705682

C:\Windows\System32\User32.dll
[2007-03-01 20:56] - [2007-03-01 20:56] - 1086464 ____A (Microsoft Corporation) 35BC0334F3D679209C34CB6E4293C29C

C:\Windows\SysWOW64\User32.dll
[2007-03-01 20:56] - [2007-03-01 20:56] - 0602624 ____A (Microsoft Corporation) F8DA18588869B9480F99AD2E0CC7EFC2

C:\Windows\System32\userinit.exe
[2007-02-18 04:00] - [2007-02-18 04:00] - 0039424 ____A (Microsoft Corporation) 438393CC0B5122B5D988BD7BA05FE3C9

C:\Windows\SysWOW64\userinit.exe
[2007-02-18 04:00] - [2007-02-18 04:00] - 0026112 ____A (Microsoft Corporation) B5FEB3B971A8B8C81CE9DE65031A87E5

C:\Windows\System32\Drivers\volsnap.sys
[2009-02-23 18:07] - [2009-02-23 18:07] - 0326144 ____A (Microsoft Corporation) 511F64AC3D17D9E6E59E0D20B3EC7B9D


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 7%
Total physical RAM: 12279.11 MB
Available physical RAM: 11325.64 MB
Total Pagefile: 12277.26 MB
Available Pagefile: 11307.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (NewW64Xp) (Fixed) (Total:931.51 GB) (Free:178.34 GB) NTFS
2 Drive e: (Steam2Gb) (Fixed) (Total:1863.01 GB) (Free:427.99 GB) NTFS
3 Drive f: () (Fixed) (Total:931.41 GB) (Free:129.37 GB) NTFS
4 Drive g: (BARTPE) (Removable) (Total:7.21 GB) (Free:3.48 GB) NTFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 1863 GB 7168 KB
Disk 2 Online 931 GB 0 B
Disk 3 Online 7385 MB 3072 KB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB

=========================================================================== ===========================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 Y System Rese NTFS Partition 100 MB Healthy

=========================================================================== ===========================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 F NTFS Partition 931 GB Healthy

=========================================================================== ===========================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 0 Extended 1863 GB 8032 KB
Partition 1 Logical 1863 GB 8064 KB

=========================================================================== ===========================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E Steam2Gb NTFS Partition 1863 GB Healthy

=========================================================================== ===========================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 31 KB

=========================================================================== ===========================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NewW64Xp NTFS Partition 931 GB Healthy

=========================================================================== ===========================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7381 MB 31 KB
Partition 0 Primary 31 KB 7381 MB

=========================================================================== ===========================

Disk: 3
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G BARTPE NTFS Removable 7381 MB Healthy

=========================================================================== ===========================
======================= End Of Log ==========================
CatByte's Avatar
Malware Removal Specialist with 3,892 posts.
 
Join Date: Feb 2009
26-May-2012, 09:07 PM #4
Hi

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

Code:
start
HKLM-x32\...\Winlogon: [Shell] Explorer.exe rundll32.exe jxvy.dio cymucrx [x ] ()
end
NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
  • While you are still booted into System Recovery Options run FRST.

    Type the following in the edit box after "Search:" so it looks like this:

    Search: wow64.dll;wow64cpu.dll;wow64win.dll;wininit.exe;

    Click Search button and post the log it makes to your reply.



Now restart, let it boot normally and tell me how it went.
zefram's Avatar
zefram zefram is offline
Member with 6 posts.
THREAD STARTER
 
Join Date: May 2012
Experience: Advanced
27-May-2012, 11:49 AM #5
Hi CatByte,
I've posted the logs you requested below.
I'm hesitantly going to say that you have succeeded as I've been on the PC for about an twenty minutes now and I haven't heard any background audio. I'm going to ghost this disk for a backup in case it happens again.
I really appreciate your help in this.

Z


================== fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 25-05-2012
Ran by SYSTEM at 2012-05-27 11:29:07 Run:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value was restored.

==== End of Fixlog ====




===================== Search.txt

Farbar Recovery Scan Tool Version: 25-05-2012
Ran by SYSTEM at 2012-05-27 11:30:21
Running from G:\

================== Search: "wow64.dll;wow64cpu.dll;wow64win.dll;wininit.exe;" ===================

C:\WINDOWS\system32\wow64.dll
[2008-11-22 11:06] - [2008-11-22 11:06] - 0249856 ____A (Microsoft Corporation) 1A9DCA95E0A772619811C760637D5553

C:\WINDOWS\system32\wow64cpu.dll
[2007-02-18 04:00] - [2007-02-18 04:00] - 0018944 ____A (Microsoft Corporation) B4D2C5BDB07E76E9C69128B00BC00711

C:\WINDOWS\system32\wow64win.dll
[2008-02-06 07:11] - [2008-02-06 07:11] - 0287232 ____A (Microsoft Corporation) C5433AA27B28F6E2CE78F0433E0AD10C

====== End Of Search ======
CatByte's Avatar
Malware Removal Specialist with 3,892 posts.
 
Join Date: Feb 2009
27-May-2012, 02:29 PM #6
Hi,

We still have some work to do, so stay with me

please do the following:

Refer to the ComboFix User's Guide
  1. Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
zefram's Avatar
zefram zefram is offline
Member with 6 posts.
THREAD STARTER
 
Join Date: May 2012
Experience: Advanced
27-May-2012, 06:51 PM #7
Hi CatByte,
Sorry if I jumped the gun. I ran the ComboFix and have posted the log below.

Z



==================== ComboFix.txt

ComboFix 12-05-27.02 - w7 05/27/2012 18:37:28.3.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.12279.10684 [GMT -4:00]
Running from: c:\users\w7\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-27 to 2012-05-27 )))))))))))))))))))))))))))))))
.
.
2012-05-27 22:44 . 2012-05-27 22:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-05-27 22:44 . 2012-05-27 22:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-25 05:17 . 2009-12-14 16:33 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2012-05-25 05:17 . 2012-05-25 05:17 -------- d-----w- c:\program files (x86)\Intel
2012-05-25 05:17 . 2012-05-25 05:17 -------- d-----w- C:\Intel
2012-05-25 05:13 . 2012-05-25 05:13 -------- d-----w- c:\program files (x86)\Realtek
2012-05-25 05:06 . 2012-05-15 09:29 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-25 04:49 . 2009-07-06 14:48 13368 ----a-w- c:\windows\SysWow64\drivers\AsUpIO.sys
2012-05-25 04:49 . 2009-09-30 15:33 24576 ----a-w- c:\windows\SysWow64\AsIO.dll
2012-05-25 04:49 . 2009-08-04 14:28 13440 ----a-w- c:\windows\SysWow64\drivers\AsIO.sys
2012-05-25 04:48 . 2012-05-25 04:49 -------- d-----w- c:\program files (x86)\ASUS
2012-05-25 04:48 . 2001-09-05 08:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-05-25 04:48 . 2001-09-05 08:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-05-25 04:48 . 2001-09-05 08:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-05-25 04:48 . 2001-09-05 08:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-05-25 04:48 . 2002-07-25 20:07 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-05-24 16:45 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-24 16:45 . 2012-05-27 22:33 -------- d-----w- c:\programdata\AVAST Software
2012-05-24 16:45 . 2012-05-24 16:45 -------- d-----w- c:\program files\AVAST Software
2012-05-15 06:21 . 2012-05-15 06:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-06 16:39 . 2012-05-06 16:39 -------- d-----w- c:\windows\system32\appmgmt
2012-05-06 16:02 . 2012-05-06 16:12 -------- d-----w- c:\users\w7\AppData\Roaming\Awesomium
2012-05-05 13:55 . 2012-05-05 13:55 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-05 13:55 . 2012-05-05 13:55 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-05 13:55 . 2012-05-05 13:55 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-04 20:56 . 2012-05-04 20:58 -------- d-----w- c:\users\w7\AppData\Local\PAYDAY
2012-05-03 23:24 . 2012-05-03 23:23 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-02 00:42 . 2012-05-02 00:59 -------- d-----w- c:\users\w7\AppData\Roaming\Apple Computer
2012-05-02 00:42 . 2012-05-02 00:42 -------- d-----w- c:\users\w7\AppData\Local\Apple Computer
2012-05-02 00:42 . 2012-05-02 00:42 -------- dc----w- c:\windows\system32\DRVSTORE
2012-05-02 00:42 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-05-02 00:41 . 2012-05-02 00:41 -------- d-----w- c:\programdata\Apple
2012-04-28 14:21 . 2012-04-28 14:21 -------- d-----w- c:\users\w7\AppData\Roaming\RenPy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-25 04:54 . 2012-05-25 04:53 1266605 ----a-w- c:\windows\SABERTOOTH-X58-ASUS-1304.zip
2012-05-15 10:48 . 2011-12-31 03:49 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2011-12-31 03:49 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2011-12-31 03:49 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2011-12-31 03:49 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2011-12-31 03:49 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-12-31 03:49 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2011-02-05 14:18 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2011-02-05 14:18 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2011-02-05 14:18 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 09:29 . 2010-10-16 17:13 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2010-10-16 21:13 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2010-10-16 17:13 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2010-10-16 17:13 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2010-10-16 17:13 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-06 15:21 . 2012-04-16 00:49 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-06 15:21 . 2012-01-01 14:31 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 00:40 . 2012-04-16 20:40 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-03 23:23 . 2011-12-29 00:52 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-17 23:35 . 2012-01-23 14:56 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-17 23:35 . 2011-12-28 20:07 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-16 21:40 . 2011-12-28 20:07 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-03-18 03:56 . 2011-12-28 20:07 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-18 03:17 . 2012-03-18 03:17 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-24_12.50.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-05-27 22:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-19 00:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-19 00:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-27 22:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-27 22:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-19 00:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2011-02-05 14:18 . 2012-05-27 22:35 45356 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-27 22:35 55390 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-05 03:08 . 2012-05-27 22:35 14674 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1007896227-2540983366-3169110878-1000_UserData.bin
+ 2012-05-25 05:14 . 2009-12-15 22:26 99016 c:\windows\system32\RTEEL64A.dll
+ 2012-05-25 05:14 . 2009-12-15 22:26 76488 c:\windows\system32\RTEEG64A.dll
+ 2012-05-25 05:14 . 2010-01-29 19:00 68640 c:\windows\system32\RCoInst64.dll
+ 2012-05-25 05:05 . 2012-04-18 17:08 31040 c:\windows\system32\nvhdap64.dll
+ 2009-07-14 05:30 . 2012-05-25 05:17 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-05-02 00:59 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-05-25 05:05 . 2012-04-18 17:08 31040 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_9f01 b2372a747820\nvhdap64.dll
+ 2012-05-25 05:05 . 2012-04-18 17:08 72512 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_9f01 b2372a747820\nvapo64v.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 68928 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\OpenCL64.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 61248 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\OpenCL.dll
+ 2012-05-25 05:14 . 2009-12-15 22:26 99016 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\RTEEL64A.dll
+ 2012-05-25 05:14 . 2009-12-15 22:26 76488 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\RTEEG64A.dll
+ 2012-05-25 05:14 . 2010-01-29 19:00 68640 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\RCoInst64.dll
+ 2012-05-25 05:13 . 2009-11-17 22:14 98208 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\AERTSr64.exe
- 2011-02-05 02:59 . 2012-05-21 23:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2011-02-05 02:59 . 2012-05-25 22:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2011-02-05 02:59 . 2012-05-21 23:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2011-02-05 02:59 . 2012-05-25 22:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-21 23:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-25 22:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-05-25 04:45 73256 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Softwar eProtectionPlatform\Cache\cache.dat
- 2011-02-11 00:00 . 2012-05-24 12:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\C ookies\index.dat
+ 2011-02-11 00:00 . 2012-05-27 22:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\C ookies\index.dat
+ 2012-05-24 15:41 . 2009-07-14 01:41 53248 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
- 2011-02-11 00:00 . 2012-05-24 12:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\His tory\History.IE5\index.dat
+ 2011-02-11 00:00 . 2012-05-27 22:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\His tory\History.IE5\index.dat
+ 2012-05-25 05:05 . 2012-05-15 10:48 4096 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\nvdetx.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 4096 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\nvdet.dll
- 2012-05-24 12:49 . 2012-05-24 12:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-27 22:46 . 2012-05-27 22:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-25 05:14 . 2010-01-29 19:00 137760 c:\windows\SysWOW64\RTCOM\RTLCPAPI.dll
+ 2012-05-25 05:14 . 2010-01-29 19:00 141856 c:\windows\SysWOW64\RTCOM\RtkCfg.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 818496 c:\windows\SysWOW64\nvumdshim.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 202048 c:\windows\SysWOW64\nvinit.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 301376 c:\windows\SysWOW64\nvdecodemft.dll
+ 2012-05-25 05:14 . 2009-11-24 13:55 155888 c:\windows\system32\SRSWOW64.dll
+ 2012-05-25 05:14 . 2009-11-24 13:55 518896 c:\windows\system32\SRSTSX64.dll
+ 2012-05-25 05:14 . 2009-11-24 13:55 211184 c:\windows\system32\SRSTSH64.dll
+ 2012-05-25 05:14 . 2009-11-24 13:55 198896 c:\windows\system32\SRSHP64.dll
+ 2012-05-25 05:14 . 2010-01-29 19:00 332320 c:\windows\system32\RtlCPAPI64.dll
+ 2012-05-25 05:14 . 2010-01-29 19:00 149536 c:\windows\system32\RtkCfg64.dll
+ 2012-05-25 05:14 . 2010-01-29 19:00 477216 c:\windows\system32\RtkApi64.dll
+ 2012-05-25 05:14 . 2009-12-15 22:26 372936 c:\windows\system32\RTEEP64A.dll
+ 2012-05-25 05:14 . 2009-12-15 22:26 201928 c:\windows\system32\RTEED64A.dll
+ 2012-05-25 05:14 . 2009-12-11 13:55 307920 c:\windows\system32\RP3DHT64.dll
+ 2012-05-25 05:14 . 2009-12-11 13:55 307920 c:\windows\system32\RP3DAA64.dll
- 2009-07-14 02:36 . 2012-05-24 12:42 672494 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-27 22:41 672494 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-27 22:41 125226 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-24 12:42 125226 c:\windows\system32\perfc009.dat
+ 2012-05-25 05:05 . 2012-05-15 10:48 949056 c:\windows\system32\nvumdshimx.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 246592 c:\windows\system32\nvinitx.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 364352 c:\windows\system32\nvdecodemft.dll
+ 2012-05-25 05:14 . 2009-11-18 22:42 325904 c:\windows\system32\MaxxAudioAPO20.dll
+ 2012-05-25 05:13 . 2010-01-25 23:12 321440 c:\windows\system32\FMAPO64.dll
+ 2012-05-25 05:13 . 2010-01-05 17:41 474896 c:\windows\system32\DTSVoiceClarityDLL64.dll
+ 2012-05-25 05:13 . 2010-01-05 17:40 315152 c:\windows\system32\DTSNeoPCDLL64.dll
+ 2012-05-25 05:13 . 2010-01-05 17:40 268560 c:\windows\system32\DTSLimiterDLL64.dll
+ 2012-05-25 05:13 . 2010-01-05 17:40 123664 c:\windows\system32\DTSLFXAPO64.dll
+ 2012-05-25 05:13 . 2010-01-05 17:40 123152 c:\windows\system32\DTSGFXAPO64.dll
+ 2012-05-25 05:13 . 2010-01-05 17:40 265488 c:\windows\system32\DTSGainCompensatorDLL64.dll
+ 2012-05-25 05:13 . 2010-01-05 17:40 504592 c:\windows\system32\DTSBassEnhancementDLL64.dll
- 2009-07-14 05:30 . 2012-05-02 00:59 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-05-25 05:17 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-05-02 00:41 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-05-25 05:17 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2012-05-25 05:05 . 2012-05-15 12:55 398656 c:\windows\system32\DriverStore\FileRepository\nvstusb.inf_amd64_neutral_90 40728c38bb13af\nvstusb64.sys
+ 2012-05-25 05:05 . 2012-04-18 17:08 188736 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_9f01 b2372a747820\nvhda64v.sys
+ 2012-05-25 05:05 . 2012-04-18 17:08 156480 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_9f01 b2372a747820\nvhda64.sys
+ 2012-05-25 05:05 . 2012-05-15 10:48 949056 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\nvumdshimx.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 818496 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\nvumdshim.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 313664 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\nvml.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 246592 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\nvinitx.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 202048 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\nvinit.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 202560 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\nvidia-smi.exe
+ 2012-05-25 05:05 . 2012-05-15 10:48 333120 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\nvEncodeAPI64.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 282432 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\nvEncodeAPI.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 249856 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\nvdxgiwrapx.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 220480 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\nvdxgiwrap.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 301376 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\nvdecodemft32.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 364352 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\nvdecodemft.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 316928 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\Nvd3d9wrapx.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 285504 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\Nvd3d9wrap.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 232768 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\dbInstaller.exe
+ 2012-05-25 05:14 . 2010-01-29 19:00 475680 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\vncutil64.exe
+ 2012-05-25 05:14 . 2009-11-24 13:55 155888 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\SRSWOW64.dll
+ 2012-05-25 05:14 . 2009-11-24 13:55 518896 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\SRSTSX64.dll
+ 2012-05-25 05:14 . 2009-11-24 13:55 211184 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\SRSTSH64.dll
+ 2012-05-25 05:14 . 2009-11-24 13:55 198896 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\SRSHP64.dll
+ 2012-05-25 05:14 . 2010-01-29 19:00 332320 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\RtlCPAPI64.dll
+ 2012-05-25 05:14 . 2010-01-29 19:00 137760 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\RTLCPAPI.dll
+ 2012-05-25 05:14 . 2010-01-29 19:00 149536 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\RtkCfg64.dll
+ 2012-05-25 05:14 . 2010-01-29 19:00 141856 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\RtkCfg.dll
+ 2012-05-25 05:14 . 2010-01-29 19:00 190496 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\RtkAudioService64.exe
+ 2012-05-25 05:14 . 2010-01-29 19:00 477216 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\RtkApi64.dll
+ 2012-05-25 05:14 . 2009-12-15 22:26 372936 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\RTEEP64A.dll
+ 2012-05-25 05:14 . 2009-12-15 22:26 201928 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\RTEED64A.dll
+ 2012-05-25 05:14 . 2009-12-11 13:55 307920 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\RP3DHT64.dll
+ 2012-05-25 05:14 . 2009-12-11 13:55 307920 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\RP3DAA64.dll
+ 2012-05-25 05:14 . 2010-01-29 19:00 877600 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\RAVBg64.exe
+ 2012-05-25 05:14 . 2009-11-18 22:42 325904 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\MaxxAudioAPO20.dll
+ 2012-05-25 05:13 . 2010-01-25 23:12 321440 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\FMAPO64.dll
+ 2012-05-25 05:13 . 2010-01-05 17:41 474896 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\DTSVoiceClarityDLL64.dll
+ 2012-05-25 05:13 . 2010-01-05 17:40 315152 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\DTSNeoPCDLL64.dll
+ 2012-05-25 05:13 . 2010-01-05 17:40 268560 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\DTSLimiterDLL64.dll
+ 2012-05-25 05:13 . 2010-01-05 17:40 123664 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\DTSLFXAPO64.dll
+ 2012-05-25 05:13 . 2010-01-05 17:40 123152 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\DTSGFXAPO64.dll
+ 2012-05-25 05:13 . 2010-01-05 17:40 265488 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\DTSGainCompensatorDLL64.dll
+ 2012-05-25 05:13 . 2010-01-05 17:40 504592 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\DTSBassEnhancementDLL64.dll
+ 2012-05-25 05:13 . 2009-11-17 22:12 108960 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\AERTAR64.dll
+ 2012-05-25 05:13 . 2010-01-26 15:38 168288 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\AERTAC64.dll
+ 2012-05-25 05:05 . 2012-04-18 17:08 188736 c:\windows\system32\drivers\nvhda64v.sys
+ 2012-05-25 05:13 . 2009-11-17 22:12 108960 c:\windows\system32\AERTAR64.dll
+ 2012-05-25 05:13 . 2010-01-26 15:38 168288 c:\windows\system32\AERTAC64.dll
+ 2009-07-14 05:01 . 2012-05-27 22:45 406816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-24 12:48 406816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-25 05:14 . 2010-01-29 19:00 1083936 c:\windows\SysWOW64\RTCOM\RTCOMDLL.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 2524992 c:\windows\SysWOW64\nvcuvid.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 2445120 c:\windows\SysWOW64\nvcuvenc.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 5982528 c:\windows\SysWOW64\nvcuda.dll
+ 2012-05-25 05:14 . 2009-11-18 22:42 2719504 c:\windows\system32\WavesGUILib.dll
+ 2012-05-25 05:14 . 2010-01-29 19:00 1814560 c:\windows\system32\RtPgEx64.dll
+ 2012-05-25 05:14 . 2010-01-29 19:00 1631264 c:\windows\system32\RtkAPO64.dll
+ 2012-05-25 05:14 . 2010-01-29 19:00 1206304 c:\windows\system32\RTCOM64.dll
+ 2012-05-25 05:05 . 2012-04-18 17:08 1451840 c:\windows\system32\nvhdagenco6420103.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 2681664 c:\windows\system32\nvcuvid.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 2881856 c:\windows\system32\nvcuvenc.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 8139072 c:\windows\system32\nvcuda.dll
+ 2012-05-25 05:14 . 2009-11-18 22:42 2197264 c:\windows\system32\MaxxAudioEQ.dll
+ 2012-05-25 05:13 . 2010-01-05 17:41 1325328 c:\windows\system32\DTSS2SpeakerDLL64.dll
+ 2012-05-25 05:13 . 2010-01-05 17:40 1178384 c:\windows\system32\DTSS2HeadphoneDLL64.dll
+ 2012-05-25 05:13 . 2010-01-05 17:40 1110800 c:\windows\system32\DTSBoostDLL64.dll
+ 2012-05-25 05:05 . 2012-05-15 12:55 1468224 c:\windows\system32\DriverStore\FileRepository\nvstusb.inf_amd64_neutral_90 40728c38bb13af\nvgenco64.dll
+ 2012-05-25 05:05 . 2012-04-18 17:08 1451840 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_9f01 b2372a747820\nvgenco64.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 8105280 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\nvwgf2um.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 1468224 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\nvgenco64.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 1066872 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\nvdrsdb.bin
+ 2012-05-25 05:05 . 2012-05-15 10:48 1738048 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\nvdispco64.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 2524992 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\nvcuvid32.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 2681664 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\nvcuvid.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 2881856 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\nvcuvenc64.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 2445120 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\nvcuvenc.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 5982528 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\nvcuda32.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 8139072 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\nvcuda.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 2741568 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\nvapi64.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 2368832 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\nvapi.dll
+ 2012-05-25 05:14 . 2009-11-18 22:42 2719504 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\WavesGUILib.dll
+ 2012-05-25 05:14 . 2010-01-29 19:00 1833504 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\SkyTel.exe
+ 2012-05-25 05:14 . 2010-01-29 19:00 1814560 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\RtPgEx64.dll
+ 2012-05-25 05:14 . 2010-01-29 19:00 1678880 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\RtlUpd64.exe
+ 2012-05-25 05:14 . 2010-01-29 18:48 2260256 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\RTKVHD64.sys
+ 2012-05-25 05:14 . 2010-01-29 19:00 1631264 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\RtkAPO64.dll
+ 2012-05-25 05:14 . 2010-01-29 19:00 1083936 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\RTCOMDLL.dll
+ 2012-05-25 05:14 . 2010-01-29 19:00 1206304 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\RTCOM64.dll
+ 2012-05-25 05:14 . 2009-11-18 22:42 2197264 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\MaxxAudioEQ.dll
+ 2012-05-25 05:13 . 2010-01-05 17:41 1325328 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\DTSS2SpeakerDLL64.dll
+ 2012-05-25 05:13 . 2010-01-05 17:40 1178384 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\DTSS2HeadphoneDLL64.dll
+ 2012-05-25 05:13 . 2010-01-05 17:40 1110800 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\DTSBoostDLL64.dll
+ 2012-05-25 05:14 . 2010-01-29 18:48 2260256 c:\windows\system32\drivers\RTKVHD64.sys
+ 2011-02-05 15:10 . 2012-05-27 22:45 9506936 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1007896227-2540983366-3169110878-1000-8192.dat
+ 2012-01-07 19:34 . 2012-05-25 01:13 3757678 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1007896227-2540983366-3169110878-1000-12288.dat
- 2012-01-07 19:34 . 2012-05-21 04:28 3757678 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1007896227-2540983366-3169110878-1000-12288.dat
+ 2012-05-25 05:13 . 2010-01-22 20:02 1247776 c:\windows\RtlExUpd.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 19607872 c:\windows\SysWOW64\nvoglv32.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 17551680 c:\windows\SysWOW64\nvcompiler.dll
- 2009-07-14 02:34 . 2012-05-14 02:24 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-05-25 22:36 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-05-25 05:05 . 2012-05-15 10:48 25743168 c:\windows\system32\nvoglv64.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 18044224 c:\windows\system32\nvd3dumx.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 25248064 c:\windows\system32\nvcompiler.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 10194752 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\nvwgf2umx.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 25743168 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\nvoglv64.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 19607872 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\nvoglv32.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 14298944 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\nvlddmkm.sys
+ 2012-05-25 05:05 . 2012-05-15 10:48 18044224 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\nvd3dumx.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 15322432 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\nvd3dum.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 30945512 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\NvCplSetupEng.exe
+ 2012-05-25 05:05 . 2012-05-15 10:48 17551680 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\nvcompiler32.dll
+ 2012-05-25 05:05 . 2012-05-15 10:48 25248064 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2 030f0be10bcb45\nvcompiler.dll
+ 2012-05-25 05:14 . 2010-01-29 19:00 10038304 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9 bbe828a34741\RAVCpl64.exe
+ 2012-05-25 05:05 . 2012-05-15 10:48 14298944 c:\windows\system32\drivers\nvlddmkm.sys
+ 2012-02-13 16:57 . 2012-02-13 16:57 30412800 c:\windows\Installer\57d22.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{13FA2453-9287-4F18-8554-976D7C02F4EE}]
2012-01-11 02:43 63368 ----a-w- c:\perfect world entertainment\CORE Client\plugins\CorePluginIE.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\steam\steam.exe" [2012-02-20 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-06 25600]
"Arctosa"="c:\program files (x86)\Razer\Arctosa\razerhid.exe" [2008-10-06 147456]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 dump_wmimmc;dump_wmimmc;c:\gamescampus\Heroes In the Sky\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-05 129976]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 X6va001;X6va001;c:\users\w7\AppData\Local\Temp\00137EC.tmp [x]
R3 X6va005;X6va005;c:\users\w7\AppData\Local\Temp\005C566.tmp [x]
R3 X6va008;X6va008;c:\users\w7\AppData\Local\Temp\008C967.tmp [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-02-05 79360]
R4 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [2010-07-28 242176]
R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-02-21 8704]
R4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 15:21]
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1007896227-2540983366-3169110878-1000Core.job
- c:\users\w7\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 00:14]
.
2012-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1007896227-2540983366-3169110878-1000UA.job
- c:\users\w7\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 00:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\w7\AppData\Roaming\Mozilla\Firefox\Profiles\e8wvwji8.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va001]
"ImagePath"="\??\c:\users\w7\AppData\Local\Temp\00137EC.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\w7\AppData\Local\Temp\005C566.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\users\w7\AppData\Local\Temp\008C967.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1007896227-2540983366-3169110878-1000\Software\SecuROM\License information*]
"datasecu"=hex:a7,9a,be,9b,c8,28,b7,29,c6,27,2c,e4,7d,bf,a2,24,f8,69,e7,8f, f8,
8e,f3,51,69,25,1f,7a,c8,3d,f9,be,f9,38,bc,9b,2d,52,9b,dc,3f,60,40,0b,8e,11, \
"rkeysecu"=hex:18,be,cf,83,e0,ce,a3,3b,5c,ad,4f,9a,4f,de,d8,e6
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-05-27 18:48:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-27 22:48
ComboFix2.txt 2012-05-24 13:13
ComboFix3.txt 2012-05-24 12:52
.
Pre-Run: 140,523,970,560 bytes free
Post-Run: 140,074,864,640 bytes free
.
- - End Of File - - FCFE68597B5C6B5B221D10F81E239C73
CatByte's Avatar
Malware Removal Specialist with 3,892 posts.
 
Join Date: Feb 2009
27-May-2012, 07:06 PM #8
Hi,

Please do the following:
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Code:
DDS::
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local

ClearJavaCache::
Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish
zefram's Avatar
zefram zefram is offline
Member with 6 posts.
THREAD STARTER
 
Join Date: May 2012
Experience: Advanced
28-May-2012, 11:27 AM #9
Hi CatByte,
Here are the logs you requested.

Z



=================================== ComboFix.txt

ComboFix 12-05-27.03 - w7 05/27/2012 22:16:12.4.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.12279.9765 [GMT -4:00]
Running from: c:\users\w7\Desktop\ComboFix.exe
Command switches used :: c:\users\w7\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-28 )))))))))))))))))))))))))))))))
.
.
2012-05-28 02:21 . 2012-05-28 02:21 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-05-28 02:21 . 2012-05-28 02:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-28 01:49 . 2012-05-28 01:49 -------- d-----w- c:\users\w7\AppData\Local\CrashRpt
2012-05-25 05:17 . 2009-12-14 16:33 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2012-05-25 05:17 . 2012-05-25 05:17 -------- d-----w- c:\program files (x86)\Intel
2012-05-25 05:17 . 2012-05-25 05:17 -------- d-----w- C:\Intel
2012-05-25 05:13 . 2012-05-25 05:13 -------- d-----w- c:\program files (x86)\Realtek
2012-05-25 05:06 . 2012-05-15 09:29 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-25 04:49 . 2009-07-06 14:48 13368 ----a-w- c:\windows\SysWow64\drivers\AsUpIO.sys
2012-05-25 04:49 . 2009-09-30 15:33 24576 ----a-w- c:\windows\SysWow64\AsIO.dll
2012-05-25 04:49 . 2009-08-04 14:28 13440 ----a-w- c:\windows\SysWow64\drivers\AsIO.sys
2012-05-25 04:48 . 2012-05-25 04:49 -------- d-----w- c:\program files (x86)\ASUS
2012-05-25 04:48 . 2001-09-05 08:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-05-25 04:48 . 2001-09-05 08:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-05-25 04:48 . 2001-09-05 08:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-05-25 04:48 . 2001-09-05 08:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-05-25 04:48 . 2002-07-25 20:07 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-05-24 16:45 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-24 16:45 . 2012-05-27 22:33 -------- d-----w- c:\programdata\AVAST Software
2012-05-24 16:45 . 2012-05-24 16:45 -------- d-----w- c:\program files\AVAST Software
2012-05-15 06:21 . 2012-05-15 06:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-06 16:39 . 2012-05-06 16:39 -------- d-----w- c:\windows\system32\appmgmt
2012-05-06 16:02 . 2012-05-06 16:12 -------- d-----w- c:\users\w7\AppData\Roaming\Awesomium
2012-05-05 13:55 . 2012-05-05 13:55 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-05 13:55 . 2012-05-05 13:55 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-05 13:55 . 2012-05-05 13:55 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-04 20:56 . 2012-05-04 20:58 -------- d-----w- c:\users\w7\AppData\Local\PAYDAY
2012-05-03 23:24 . 2012-05-03 23:23 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-02 00:42 . 2012-05-02 00:59 -------- d-----w- c:\users\w7\AppData\Roaming\Apple Computer
2012-05-02 00:42 . 2012-05-02 00:42 -------- d-----w- c:\users\w7\AppData\Local\Apple Computer
2012-05-02 00:42 . 2012-05-02 00:42 -------- dc----w- c:\windows\system32\DRVSTORE
2012-05-02 00:42 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-05-02 00:41 . 2012-05-02 00:41 -------- d-----w- c:\programdata\Apple
2012-04-28 14:21 . 2012-04-28 14:21 -------- d-----w- c:\users\w7\AppData\Roaming\RenPy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-28 01:49 . 2012-01-23 14:56 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-28 01:49 . 2011-12-28 20:07 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-05-28 01:49 . 2011-12-28 20:07 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-05-28 01:49 . 2011-12-28 20:07 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-05-25 04:54 . 2012-05-25 04:53 1266605 ----a-w- c:\windows\SABERTOOTH-X58-ASUS-1304.zip
2012-05-15 10:48 . 2011-12-31 03:49 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2011-12-31 03:49 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2011-12-31 03:49 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2011-12-31 03:49 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2011-12-31 03:49 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-12-31 03:49 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2011-02-05 14:18 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2011-02-05 14:18 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2011-02-05 14:18 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 09:29 . 2010-10-16 17:13 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2010-10-16 21:13 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2010-10-16 17:13 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2010-10-16 17:13 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2010-10-16 17:13 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-06 15:21 . 2012-04-16 00:49 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-06 15:21 . 2012-01-01 14:31 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 00:40 . 2012-04-16 20:40 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-03 23:23 . 2011-12-29 00:52 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-18 03:17 . 2012-03-18 03:17 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-05-27_22.46.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-05 14:18 . 2012-05-27 22:47 45498 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-05-27 22:35 55390 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-27 22:47 55390 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-05 03:08 . 2012-05-27 22:47 14706 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1007896227-2540983366-3169110878-1000_UserData.bin
- 2011-02-11 00:00 . 2012-05-27 22:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\C ookies\index.dat
+ 2011-02-11 00:00 . 2012-05-28 02:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\C ookies\index.dat
- 2011-02-11 00:00 . 2012-05-27 22:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\His tory\History.IE5\index.dat
+ 2011-02-11 00:00 . 2012-05-28 02:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\His tory\History.IE5\index.dat
+ 2012-05-28 02:22 . 2012-05-28 02:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-27 22:46 . 2012-05-27 22:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-28 02:22 . 2012-05-28 02:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-05-27 22:50 672494 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-27 22:41 672494 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-27 22:50 125226 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-27 22:41 125226 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-05-27 22:45 406816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-28 02:21 406816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-05 15:10 . 2012-05-28 02:21 11007434 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1007896227-2540983366-3169110878-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{13FA2453-9287-4F18-8554-976D7C02F4EE}]
2012-01-11 02:43 63368 ----a-w- c:\perfect world entertainment\CORE Client\plugins\CorePluginIE.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\steam\steam.exe" [2012-02-20 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-06 25600]
"Arctosa"="c:\program files (x86)\Razer\Arctosa\razerhid.exe" [2008-10-06 147456]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 dump_wmimmc;dump_wmimmc;c:\gamescampus\Heroes In the Sky\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-05 129976]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 X6va001;X6va001;c:\users\w7\AppData\Local\Temp\00137EC.tmp [x]
R3 X6va005;X6va005;c:\users\w7\AppData\Local\Temp\005C566.tmp [x]
R3 X6va008;X6va008;c:\users\w7\AppData\Local\Temp\008C967.tmp [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-02-05 79360]
R4 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [2010-07-28 242176]
R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-02-21 8704]
R4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 15:21]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1007896227-2540983366-3169110878-1000Core.job
- c:\users\w7\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 00:14]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1007896227-2540983366-3169110878-1000UA.job
- c:\users\w7\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 00:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
.
------- Supplementary Scan -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\w7\AppData\Roaming\Mozilla\Firefox\Profiles\e8wvwji8.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va001]
"ImagePath"="\??\c:\users\w7\AppData\Local\Temp\00137EC.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\w7\AppData\Local\Temp\005C566.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\users\w7\AppData\Local\Temp\008C967.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1007896227-2540983366-3169110878-1000\Software\SecuROM\License information*]
"datasecu"=hex:a7,9a,be,9b,c8,28,b7,29,c6,27,2c,e4,7d,bf,a2,24,f8,69,e7,8f, f8,
8e,f3,51,69,25,1f,7a,c8,3d,f9,be,f9,38,bc,9b,2d,52,9b,dc,3f,60,40,0b,8e,11, \
"rkeysecu"=hex:18,be,cf,83,e0,ce,a3,3b,5c,ad,4f,9a,4f,de,d8,e6
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Completion time: 2012-05-27 22:25:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-28 02:25
ComboFix2.txt 2012-05-27 22:48
ComboFix3.txt 2012-05-24 13:13
ComboFix4.txt 2012-05-24 12:52
.
Pre-Run: 140,131,561,472 bytes free
Post-Run: 140,080,340,992 bytes free
.
- - End Of File - - 9BABCAA819E2293E941E2F6A23FF7B6F



============================== AntiMalware log

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.27.06

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
w7 :: W7-PC [administrator]

Protection: Enabled

5/27/2012 10:31:18 PM
mbam-log-2012-05-27 (22-31-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225513
Time elapsed: 1 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 28
C:\Users\w7\AppData\Local\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\face box (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\face box\Images (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> Quarantined and deleted successfully.

Files Detected: 101
C:\Users\w7\Downloads\DownloadSetup(1).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\w7\Downloads\DownloadSetup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\w7\Downloads\WhiteSmokeWriterGeo5002_en.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\uninstall.ico (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\backgrou nd.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\browser. xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossrid er.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossrid erapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\dialog.j s (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\messagin g.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\options. js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\options. xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\push.htm l (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\search_d ialog.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\socialap i.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\update.h tml (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\utilitya pi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\workers_ chain.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\jque ry-1.4.2.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\face box\facebox.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\face box\facebox.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\face box\Images\b.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\face box\Images\bl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\face box\Images\br.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\face box\Images\closelabel.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\face box\Images\loading.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\face box\Images\tl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\face box\Images\tr.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences\pr efs.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\skin\crossrider_statusb ar.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\skin\icon128.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\skin\icon16.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\skin\icon48.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\skin\panelarrow-up.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\skin\popup.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\skin\popup.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\skin\popup_binding.xml (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\uninstall.ico (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\dialog.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\search_dialog.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel .gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gi f (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon128.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon16.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon48.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\panelarrow-up.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup_binding.xml (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.

(end)


============================== ESETSCAN.txt

C:\NetbookData-11-2010\ChelseasPhone\SETool2 lite 1.08.zip a variant of Win32/Packed.Themida application deleted - quarantined
C:\NetbookData-11-2010\ChelseasPhone\setool2lt.exe a variant of Win32/Packed.Themida application cleaned by deleting - quarantined
C:\Program Files (x86)\1ClickDownload\uninst.exe Win32/Adware.1ClickDownload application deleted - quarantined
C:\Users\w7\Desktop\MERGE\CyberWin7Data\AppData\Local\Temp\jar_cache3782431 553584571868.tmp a variant of Java/TrojanDownloader.OpenStream.NBM trojan deleted - quarantined
C:\Users\w7\Desktop\MERGE\CyberWin7Data\AppData\LocalLow\Sun\Java\Deploymen t\cache\6.0\16\5a187610-68df5bc5 a variant of Java/TrojanDownloader.OpenStream.NBF trojan deleted - quarantined
C:\Users\w7\Desktop\MERGE\CyberWin7Data\AppData\LocalLow\Sun\Java\Deploymen t\cache\6.0\17\7a64aa11-21c3802b a variant of Java/TrojanDownloader.OpenStream.NBF trojan deleted - quarantined
C:\Users\w7\Desktop\MERGE\CyberWin7Data\AppData\LocalLow\Sun\Java\Deploymen t\cache\6.0\2\12879fc2-2ed84eb1 a variant of Java/TrojanDownloader.OpenStream.NBF trojan deleted - quarantined
C:\Users\w7\Desktop\MERGE\CyberWin7Data\AppData\LocalLow\Sun\Java\Deploymen t\cache\6.0\4\73af3104-39e02c40 a variant of Java/TrojanDownloader.OpenStream.NBF trojan deleted - quarantined
C:\Users\w7\Desktop\MERGE\CyberWin7Data\Downloads\WhiteSmokeWriterGeo5002_e n.exe a variant of Win32/TrojanDownloader.FraudLoad.NAH trojan cleaned by deleting - quarantined
C:\Users\w7\Desktop\MERGE\ZYPC-ZY_user\Desktop\Hirens.BootCD.13.0.zip Win32/PSWTool.KonBoot.A application deleted - quarantined
C:\Users\w7\Desktop\MERGE\ZYPC-ZY_user\Desktop\softonic-us-silent-2.exe Win32/Toolbar.Zugo application deleted - quarantined
C:\Users\w7\Desktop\MERGE\ZYPC-ZY_user\Desktop\BootTools\Hiren's.BootCD.13.0.iso Win32/PSWTool.KonBoot.A application deleted - quarantined
C:\Users\w7\Desktop\MERGE\ZYPC-ZY_user\My Documents\Downloads\DailyBibleGuide.exe a variant of Win32/AdInstaller application cleaned by deleting - quarantined
C:\Users\w7\Desktop\MERGE\ZYPC-ZY_user\My Documents\Downloads\MusicnotesSuite.exe Win32/OpenCandy application deleted - quarantined
C:\Users\w7\Desktop\MERGE\ZYPC-ZY_user\My Documents\Downloads\registrybooster(2).exe Win32/RegistryBooster application deleted - quarantined
C:\Users\w7\Desktop\MERGE\ZYPC-ZY_user\My Documents\Downloads\registrybooster.exe Win32/RegistryBooster application deleted - quarantined
C:\Users\w7\Desktop\MERGE\ZYPC-ZY_user\My Documents\Downloads\SoftonicDownloader_for_photofiltre.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\Users\w7\Desktop\MERGE\ZYPC-ZY_user\My Documents\Downloads\SoftonicDownloader_for_winrar.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\Users\w7\Desktop\MERGE\ZYPC-ZY_user\My Documents\Downloads\YouTubeDownloaderSetup263.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined
C:\Users\w7\Downloads\bb5.zip probably a variant of Win32/Agent.DSPQFA trojan deleted - quarantined
CatByte's Avatar
Malware Removal Specialist with 3,892 posts.
 
Join Date: Feb 2009
28-May-2012, 04:29 PM #10
Please do the following:

Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.


NEXT

Please go to Start > Control Panel > Programs and Features > remove all the Java Programs you see, now download the latest Java from the following link and install it:

Java version 7 update 4
http://java.com/en/download/index.jsp

NEXT


Please advise how the computer is running now and if there are any outstanding issues
zefram's Avatar
zefram zefram is offline
Member with 6 posts.
THREAD STARTER
 
Join Date: May 2012
Experience: Advanced
29-May-2012, 09:23 PM #11
Hi CatByte,
Just wanted to take some time to see how the system is working. Seems to be in perfect shape. Thank you very much! I sent in a donation to show my gratitude.

Z
CatByte's Avatar
Malware Removal Specialist with 3,892 posts.
 
Join Date: Feb 2009
29-May-2012, 09:28 PM #12
Thank-you,

Just some housekeeping to do now, please do the following:


You can delete the FRST logs and program from your desktop.


NEXT


Follow these steps to uninstall Combofix
  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.




If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.
  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑