Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: System 32 Services.exe Infected


(!)

heartlessdeath0's Avatar
heartlessdeath0 heartlessdeath0 is offline
Member with 6 posts.
THREAD STARTER
 
Join Date: Jan 2013
30-Jan-2013, 07:05 AM #1
System 32 Services.exe Infected
AVG Anti-Virus Free is detecting that my services.exe is infected by Win64/Patched.A. Not sure what that is but help would be appreciated.

Here are the logs you request.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:36:20 AM, on 1/30/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ooVoo\ooVoo.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\UVC Video Camera\UVCSti.exe
C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Heartless\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: CouponAmazing - {A2ACB108-446D-4D93-B2F9-998A9534C288} - C:\Users\Heartless\AppData\Local\couponamazing\ie\couponamazing_1355522574. dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [UVCSti] "C:\Program Files (x86)\UVC Video Camera\UVCSti.exe"
O4 - HKLM\..\Run: [RunUVC] "C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCtray.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\RunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.2\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Realtek11nCU - Realtek - C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater13.3.2 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10546 bytes


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2
Run by Heartless at 5:40:27 on 2013-01-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8174.5494 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtWlan.exe
C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\ooVoo\ooVoo.exe
C:\Program Files (x86)\UVC Video Camera\UVCSti.exe
C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.msn.com
uDefault_Page_URL = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
mDefault_Page_URL = hxxp://www.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: CouponAmazing: {A2ACB108-446D-4D93-B2F9-998A9534C288} - C:\Users\Heartless\AppData\Local\couponamazing\ie\couponamazing_1355522574. dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [UVCSti] "C:\Program Files (x86)\UVC Video Camera\UVCSti.exe"
mRun: [RunUVC] "C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCtray.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: mswsock.dll
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{686B5A04-3082-4EDF-9205-25BEB8C070AB} : DHCPNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.2\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.msn.com
x64-mDefault_Page_URL = hxxp://www.msn.com
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-11-24 21616]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-12-14 30568]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-27 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-9-28 361984]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-30 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-30 682344]
R2 Realtek11nCU;Realtek11nCU;C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [2012-12-13 36864]
R2 vToolbarUpdater13.3.2;vToolbarUpdater13.3.2;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe [2012-12-14 894920]
R3 AODDriver;AODDriver;C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2010-3-12 52280]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 Cam3820;Cam3820 PC Camera Driver;C:\Windows\System32\drivers\cam3820a.sys [2010-6-14 433536]
R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-12-10 30528]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-30 24176]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-11-24 565352]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\rtl8192cu.sys [2012-12-13 762472]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-11-24 38456]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2012-12-14 25640]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-11-24 130976]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-12-10 160256]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-10 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-10 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-10 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-1 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2013-01-30 11:27:50 -------- d-----w- C:\Users\Heartless\AppData\Roaming\Malwarebytes
2013-01-30 11:26:36 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-30 11:26:35 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-01-30 11:26:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-30 11:26:25 -------- d-----w- C:\Users\Heartless\AppData\Local\Programs
2013-01-30 10:51:50 -------- d-----w- C:\Users\Heartless\AppData\Local\Adobe
2013-01-30 10:34:52 -------- d-----w- C:\Program Files (x86)\Bonjour
2013-01-30 10:31:09 -------- d-----w- C:\Windows\SysWow64\spool
2013-01-30 10:27:21 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2013-01-29 07:24:39 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2013-01-29 07:24:39 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2013-01-29 07:24:35 -------- d-----w- C:\Program Files (x86)\Grinding Gear Games
2013-01-29 07:10:48 -------- d-----w- C:\Program Files (x86)\Steam
2013-01-25 07:29:52 -------- d-----w- C:\Users\Heartless\AppData\Local\WSplit
2013-01-24 07:18:30 -------- d-----w- C:\Users\Heartless\Tracing
2013-01-24 07:16:57 -------- d-----w- C:\Windows\en
2013-01-24 07:05:33 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2013-01-24 07:05:33 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2013-01-24 07:04:55 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1bcd22ec1cdfa0104\DSETUP.dll
2013-01-24 07:04:55 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1bcd22ec1cdfa0104\DXSETUP.exe
2013-01-24 07:04:55 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1bcd22ec1cdfa0104\dsetup32.dll
2013-01-24 07:04:50 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\17a1920b1cdfa0103\DSETUP.dll
2013-01-24 07:04:50 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\17a1920b1cdfa0103\DXSETUP.exe
2013-01-24 07:04:50 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\17a1920b1cdfa0103\dsetup32.dll
2013-01-24 07:04:40 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\12b9da581cdfa0102\DSETUP.dll
2013-01-24 07:04:40 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\12b9da581cdfa0102\DXSETUP.exe
2013-01-24 07:04:40 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\12b9da581cdfa0102\dsetup32.dll
2013-01-24 07:04:21 -------- d-----w- C:\Users\Heartless\AppData\Local\Windows Live
2013-01-24 04:13:13 40960 ----a-r- C:\Users\Heartless\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2013-01-24 04:13:13 40960 ----a-r- C:\Users\Heartless\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2013-01-24 04:13:11 -------- d-----w- C:\Program Files (x86)\Project64 1.6
2013-01-20 05:54:06 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-13 06:17:32 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll
2013-01-13 06:17:32 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll
2013-01-13 06:17:31 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll
2013-01-13 06:17:31 3495784 ----a-w- C:\Windows\SysWow64\d3dx9_33.dll
2013-01-13 06:17:31 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll
2013-01-13 06:17:14 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2013-01-12 11:06:40 8282192 ----a-w- C:\ProgramData\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2013-01-10 11:04:35 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-01-10 11:04:35 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-01-10 11:04:34 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-01-10 11:04:34 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-01-10 11:04:34 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-01-10 11:04:34 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-01-10 11:04:34 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-01-10 11:04:34 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-01-10 11:04:34 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2013-01-09 23:24:45 -------- d-----w- C:\Users\Heartless\AppData\Local\CrashDumps
2013-01-09 22:54:45 800768 ----a-w- C:\Windows\System32\usp10.dll
2013-01-09 22:53:33 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-01-09 22:53:33 3149824 ----a-w- C:\Windows\System32\win32k.sys
2013-01-09 11:53:38 24920 ----a-w- C:\Windows\System32\X3DAudio1_7.dll
2013-01-09 11:53:38 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll
2013-01-09 11:53:36 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
2013-01-09 11:53:36 107368 ----a-w- C:\Windows\System32\xinput1_3.dll
2013-01-09 09:00:50 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2013-01-02 10:04:51 696832 ----a-w- C:\Windows\System32\xvidcore.dll
2013-01-02 10:04:51 645632 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2013-01-02 10:04:51 255488 ----a-w- C:\Windows\System32\xvidvfw.dll
2013-01-02 10:04:51 240640 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2013-01-02 10:04:51 173568 ----a-w- C:\Windows\System32\xvid.ax
2013-01-02 10:04:51 153088 ----a-w- C:\Windows\SysWow64\xvid.ax
2013-01-02 10:04:48 -------- d-----w- C:\Program Files (x86)\Xvid
2013-01-02 09:52:20 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5
2013-01-02 09:41:07 -------- d-----w- C:\Program Files (x86)\x264vfw
2013-01-02 08:56:20 -------- d-----w- C:\Program Files (x86)\AVIcodec
.
==================== Find3M ====================
.
2013-01-30 11:10:08 30528 ----a-w- C:\Windows\GVTDrv64.sys
2013-01-30 11:09:58 25640 ----a-w- C:\Windows\gdrv.sys
2013-01-09 01:01:42 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 01:01:42 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-14 12:12:51 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-12-14 12:12:51 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-12-14 06:26:26 25640 ----a-w- C:\Windows\etdrv.sys
2012-12-14 06:24:40 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-16 05:33:24 111968 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
.
============= FINISH: 5:40:47.78 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/10/2012 3:22:11 PM
System Uptime: 1/30/2013 5:08:52 AM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-78LMT-S2
Processor: AMD FX(tm)-4100 Quad-Core Processor | Socket M2 | 3600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 408.979 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP31: 1/13/2013 2:11:09 AM - Windows Update
RP32: 1/19/2013 11:52:52 PM - Installed Java 7 Update 11
RP33: 1/23/2013 10:12:58 PM - Installed Project64 1.6
RP34: 1/24/2013 1:04:21 AM - Windows Live Essentials
RP35: 1/24/2013 1:04:57 AM - Installed DirectX
RP36: 1/24/2013 1:05:17 AM - Installed DirectX
RP37: 1/24/2013 1:05:43 AM - Installed DirectX
RP38: 1/24/2013 1:07:44 AM - WLSetup
RP39: 1/29/2013 1:09:20 AM - Removed Steam
RP40: 1/29/2013 1:10:36 AM - Installed Steam
RP41: 1/29/2013 1:24:22 AM - Installed Path of Exile
.
==== Installed Programs ======================
.
@BIOS
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Setup
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD USB Filter Driver
AMD VISION Engine Control Center
ATI AVIVO64 Codecs
Audacity 2.0.2
AutoGreen B12.0206.1
AVG 2013
AVIcodec (remove only)
AviSynth 2.6
Bing Bar
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
couponamazing
D3DX10
Easy Tune 6 B12.0509.1
Edimax Wireless LAN Driver and Utility
Futuremark SystemInfo
Google Chrome
Google Update Helper
HydraVision
Java 7 Update 11
Java Auto Updater
Junk Mail filter update
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 4.0
Movie Maker
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
ON_OFF Charge B11.1102.1
ooVoo
Path of Exile
Photo Common
Photo Gallery
Project64 1.6
Realtek Ethernet Controller Driver
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Steam
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
UVC Video Camera
Visual Studio 2010 x64 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (64-bit)
World of Warcraft
x264vfw - H.264/MPEG-4 AVC codec (remove only)
XSplit
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
1/30/2013 5:23:19 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
1/30/2013 5:23:19 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
1/30/2013 5:09:51 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
1/30/2013 5:09:37 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
1/30/2013 5:09:37 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
1/30/2013 5:09:30 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
1/30/2013 4:31:46 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer OPTIMUSPRIME that believes that it is the master browser for the domain on transport NetBT_Tcpip_{48C2548E-EA54-4BB1-B0B7-A204445F586B}. The master browser is stopping or an election is being forced.
1/30/2013 4:19:36 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.2.7 with the system having network hardware address 20-64-32-46-DB-DB. Network operations on this system may be disrupted as a result.
1/29/2013 4:57:25 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer OPTIMUSPRIME that believes that it is the master browser for the domain on transport NetBT_Tcpip_{686B5A04-3082-4EDF-9205-25BEB8C070AB}. The master browser is stopping or an election is being forced.
1/29/2013 4:33:30 AM, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
1/29/2013 3:37:47 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.2.4. The computer with the IP address 192.168.2.2 did not allow the name to be claimed by this computer.
1/25/2013 1:34:09 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer WARMACHINE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{48C2548E-EA54-4BB1-B0B7-A204445F586B}. The master browser is stopping or an election is being forced.
1/25/2013 1:27:59 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.2.13. The computer with the IP address 192.168.2.11 did not allow the name to be claimed by this computer.
.
==== End Of File ===========================



GMER 2.0.18454 - http://www.gmer.net
Rootkit scan 2013-01-30 05:50:55
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000062 Hitachi_ rev.MS1O 465.76GB
Running: ius91chq.exe; Driver: C:\Users\HEARTL~1\AppData\Local\Temp\fwddauog.sys


---- User code sections - GMER 2.0 ----

.reloc C:\Windows\system32\services.exe [932] section is executable [0x4A8, 0xA0000020] 0000000100052000
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075af1401 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1472] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075af1419 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075af1431 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075af144a 2 bytes [AF, 75]
.text ... * 9
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1472] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075af14dd 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075af14f5 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1472] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075af150d 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075af1525 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075af153d 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1472] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075af1555 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075af156d 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075af1585 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1472] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075af159d 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075af15b5 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075af15cd 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075af16b2 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075af16bd 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075af1401 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1904] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075af1419 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075af1431 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075af144a 2 bytes [AF, 75]
.text ... * 9
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1904] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075af14dd 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075af14f5 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1904] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075af150d 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075af1525 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075af153d 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1904] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075af1555 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075af156d 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075af1585 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1904] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075af159d 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075af15b5 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075af15cd 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075af16b2 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075af16bd 2 bytes [AF, 75]
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3492] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075af1401 2 bytes [AF, 75]
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3492] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075af1419 2 bytes [AF, 75]
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075af1431 2 bytes [AF, 75]
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075af144a 2 bytes [AF, 75]
.text ... * 9
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3492] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075af14dd 2 bytes [AF, 75]
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3492] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075af14f5 2 bytes [AF, 75]
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3492] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075af150d 2 bytes [AF, 75]
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3492] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075af1525 2 bytes [AF, 75]
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3492] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075af153d 2 bytes [AF, 75]
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3492] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075af1555 2 bytes [AF, 75]
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3492] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075af156d 2 bytes [AF, 75]
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3492] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075af1585 2 bytes [AF, 75]
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3492] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075af159d 2 bytes [AF, 75]
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3492] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075af15b5 2 bytes [AF, 75]
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3492] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075af15cd 2 bytes [AF, 75]
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3492] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075af16b2 2 bytes [AF, 75]
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[3492] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075af16bd 2 bytes [AF, 75]
.text C:\Program Files (x86)\ooVoo\ooVoo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075af1401 2 bytes [AF, 75]
.text C:\Program Files (x86)\ooVoo\ooVoo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075af1419 2 bytes [AF, 75]
.text C:\Program Files (x86)\ooVoo\ooVoo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075af1431 2 bytes [AF, 75]
.text C:\Program Files (x86)\ooVoo\ooVoo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075af144a 2 bytes [AF, 75]
.text ... * 9
.text C:\Program Files (x86)\ooVoo\ooVoo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075af14dd 2 bytes [AF, 75]
.text C:\Program Files (x86)\ooVoo\ooVoo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075af14f5 2 bytes [AF, 75]
.text C:\Program Files (x86)\ooVoo\ooVoo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075af150d 2 bytes [AF, 75]
.text C:\Program Files (x86)\ooVoo\ooVoo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075af1525 2 bytes [AF, 75]
.text C:\Program Files (x86)\ooVoo\ooVoo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075af153d 2 bytes [AF, 75]
.text C:\Program Files (x86)\ooVoo\ooVoo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075af1555 2 bytes [AF, 75]
.text C:\Program Files (x86)\ooVoo\ooVoo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075af156d 2 bytes [AF, 75]
.text C:\Program Files (x86)\ooVoo\ooVoo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075af1585 2 bytes [AF, 75]
.text C:\Program Files (x86)\ooVoo\ooVoo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075af159d 2 bytes [AF, 75]
.text C:\Program Files (x86)\ooVoo\ooVoo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075af15b5 2 bytes [AF, 75]
.text C:\Program Files (x86)\ooVoo\ooVoo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075af15cd 2 bytes [AF, 75]
.text C:\Program Files (x86)\ooVoo\ooVoo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075af16b2 2 bytes [AF, 75]
.text C:\Program Files (x86)\ooVoo\ooVoo.exe[3648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075af16bd 2 bytes [AF, 75]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 0000000074a711a8 2 bytes [A7, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 0000000074a7127d 2 bytes [A7, 74]
.text ... * 6
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 0000000074a713a8 2 bytes [A7, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000074a71422 2 bytes [A7, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000074a71498 2 bytes [A7, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextCreate + 4 0000000074a81825 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroy + 4 0000000074a81830 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroyAll + 4 0000000074a8183b 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dDrawPrimitives2 + 4 0000000074a81846 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dValidateTextureStageState + 4 0000000074a81851 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAddAttachedSurface + 4 0000000074a8185c 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAlphaBlt + 4 0000000074a81867 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAttachSurface + 4 0000000074a81872 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBeginMoCompFrame + 4 0000000074a8187d 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBlt + 4 0000000074a81888 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateD3DBuffer + 4 0000000074a81893 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateSurface + 4 0000000074a8189e 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdColorControl + 4 0000000074a818a9 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateD3DBuffer + 4 0000000074a818b4 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateDirectDrawObject + 4 0000000074a818bf 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateMoComp + 4 0000000074a818ca 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurface + 4 0000000074a818d5 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceEx + 4 0000000074a818e0 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceObject + 4 0000000074a818eb 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteDirectDrawObject + 4 0000000074a818f6 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteSurfaceObject + 4 0000000074a81901 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyD3DBuffer + 4 0000000074a8190c 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyMoComp + 4 0000000074a81917 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroySurface + 4 0000000074a81922 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdEndMoCompFrame + 4 0000000074a8192d 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlip + 4 0000000074a81938 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlipToGDISurface + 4 0000000074a81943 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetAvailDriverMemory + 4 0000000074a8194e 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetBltStatus + 4 0000000074a81959 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDC + 4 0000000074a81964 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverInfo + 4 0000000074a8196f 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverState + 4 0000000074a8197a 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDxHandle + 4 0000000074a81985 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetFlipStatus + 4 0000000074a81990 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetInternalMoCompInfo + 4 0000000074a8199b 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompBuffInfo + 4 0000000074a819a6 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompFormats + 4 0000000074a819b1 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompGuids + 4 0000000074a819bc 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetScanLine + 4 0000000074a819c7 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLock + 4 0000000074a819d2 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLockD3D + 4 0000000074a819dd 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryDirectDrawObject + 4 0000000074a819e8 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryMoCompStatus + 4 0000000074a819f3 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReenableDirectDrawObject + 4 0000000074a819fe 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReleaseDC + 4 0000000074a81a09 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdRenderMoComp + 4 0000000074a81a14 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdResetVisrgn + 4 0000000074a81a1f 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetColorKey + 4 0000000074a81a2a 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetExclusiveMode + 4 0000000074a81a35 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetGammaRamp + 4 0000000074a81a40 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetOverlayPosition + 4 0000000074a81a4b 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnattachSurface + 4 0000000074a81a56 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlock + 4 0000000074a81a61 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlockD3D + 4 0000000074a81a6c 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUpdateOverlay + 4 0000000074a81a77 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 4 0000000074a81a82 2 bytes [A8, 74]
.text C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCTray.exe[3792] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 52 0000000074a81ab2 2 bytes [A8, 74]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000075af1401 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000075af1419 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000075af1431 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000075af144a 2 bytes [AF, 75]
.text ... * 9
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000075af14dd 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075af14f5 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000075af150d 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075af1525 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000075af153d 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000075af1555 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000075af156d 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000075af1585 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000075af159d 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000075af15b5 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000075af15cd 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000075af16b2 2 bytes [AF, 75]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3812] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000075af16bd 2 bytes [AF, 75]

---- User IAT/EAT - GMER 2.0 ----

IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef8e02750] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef8e02b98] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef8e07de0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef8e08130] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef8e01908] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef8e01c00] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef8e081d8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef8e02878] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef8e07a5c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmIncrement] [7fef8e06c48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef8e077bc] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef8e07064] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef8e06544] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef8e05e30] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

---- Threads - GMER 2.0 ----

Thread C:\Windows\system32\services.exe [932:964] 00000000002b1e58
---- Processes - GMER 2.0 ----

Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\wininit.exe [828] 000007fefcea0000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [940] 000007fefcea0000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [820] 000007fefcea0000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [1112] 000007fefcea0000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1184] 000007fefcea0000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1428] 000007fefcea0000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1696] 000007fefcea0000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [1472] 0000000073250000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [1904] 0000000073250000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Bonjour\mDNSResponder.exe [1440] 0000000073250000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2096] 000007fefcea0000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2360] 000007fefcea0000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\ooVoo\ooVoo.exe [3648] 0000000073250000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG\AVG2013\avgui.exe [3800] 0000000073250000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\AVG Secure Search\vprot.exe [3812] 0000000073250000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3832] 0000000073250000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [1060] 000007fefcea0000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [3184] 000007fefcea0000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [168] 0000000073250000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2468] 0000000073250000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [980] 0000000073250000

---- EOF - GMER 2.0 ----




Thank you very much for your time.
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,631 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
30-Jan-2013, 08:33 AM #2
Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt Here: http://www.bleepingcomputer.com/tuto...ommand-prompt/ to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

Plug the flashdrive into the infected PC.

Enter System Recovery Options I give two methods, use whichever is convenient for you.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 or e:\frst depending on your version. Press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Also do the following to search for services.exe:

Boot to System Recovery Options and run FRST as you did to get the log.

Type the following in the edit box after "Search:".

services.exe

It then should look like:



Click Search button and post the log (Search.txt) it makes to your reply.

Post both logs...

Kevin
heartlessdeath0's Avatar
heartlessdeath0 heartlessdeath0 is offline
Member with 6 posts.
THREAD STARTER
 
Join Date: Jan 2013
31-Jan-2013, 01:43 AM #3
Okay here are the logs.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-01-2013 02
Ran by SYSTEM at 31-01-2013 00:36:44
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13307496 2011-10-16] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UVCSti] "C:\Program Files (x86)\UVC Video Camera\UVCSti.exe" [245760 2010-03-25] (Alcor Micro Corp.)
HKLM-x32\...\Run: [RunUVC] "C:\Program Files (x86)\UVC Video Camera\EffectDir\UVCtray.exe" [7548928 2010-06-18] (Alcor Micro Corp.)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3147384 2012-12-11] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1046984 2012-12-13] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-12-10] (LogMeIn Inc.)
HKU\Heartless\...\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized [28467264 2013-01-20] (ooVoo LLC)
HKU\Heartless\...\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\Heartless\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4272640 2012-09-12] (Microsoft Corporation)
HKU\Heartless\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1354736 2013-01-28] (Valve Corporation)
HKLM-x32\...\RunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [40960 2012-02-01] ()
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [512360 2012-12-14] (Malwarebytes Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

==================== Services (Whitelisted) ===================

3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5814904 2012-11-15] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
2 Realtek11nCU; C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
2 vToolbarUpdater13.3.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe [894920 2012-12-13] ()

==================== Drivers (Whitelisted) =====================

3 AODDriver; \??\C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
1 AppleCharger; C:\Windows\System32\Drivers\AppleCharger.sys [21616 2011-11-02] ()
1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111968 2012-11-15] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [30568 2012-12-13] (AVG Technologies)
3 Cam3820; C:\Windows\System32\Drivers\cam3820a.sys [433536 2010-06-14] (CamVendor)
3 GVTDrv64; \??\C:\Windows\GVTDrv64.sys [30528 2013-01-30] ()
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
3 RTL8192cu; C:\Windows\System32\Drivers\RTL8192cu.sys [762472 2010-08-05] (Realtek Semiconductor Corporation )
3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-01-31 00:36 - 2013-01-31 00:36 - 00000000 ____D C:\FRST
2013-01-30 03:52 - 2013-01-30 03:52 - 00365568 ____A C:\Users\Heartless\Downloads\vbzz9b7n.exe
2013-01-30 03:52 - 2013-01-30 03:52 - 00365568 ____A C:\Users\Heartless\Desktop\vbzz9b7n.exe
2013-01-30 03:50 - 2013-01-30 03:50 - 00044855 ____A C:\Users\Heartless\Desktop\ark.txt
2013-01-30 03:42 - 2013-01-30 03:42 - 00365568 ____A C:\Users\Heartless\Downloads\ius91chq.exe
2013-01-30 03:40 - 2013-01-30 03:40 - 00688992 ____R (Swearware) C:\Users\Heartless\Desktop\dds.scr
2013-01-30 03:40 - 2013-01-30 03:40 - 00022409 ____A C:\Users\Heartless\Desktop\dds.txt
2013-01-30 03:40 - 2013-01-30 03:40 - 00009118 ____A C:\Users\Heartless\Desktop\attach.txt
2013-01-30 03:36 - 2013-01-30 03:36 - 00010548 ____A C:\Users\Heartless\Downloads\hijackthis.log
2013-01-30 03:35 - 2013-01-30 03:35 - 00388608 ____A (Trend Micro Inc.) C:\Users\Heartless\Desktop\HijackThis.exe
2013-01-30 03:27 - 2013-01-30 03:27 - 00000000 ____D C:\Users\Heartless\AppData\Roaming\Malwarebytes
2013-01-30 03:26 - 2013-01-30 03:26 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-01-30 03:26 - 2013-01-30 03:26 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-01-30 03:26 - 2013-01-30 03:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-30 03:26 - 2012-12-14 14:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-01-30 03:24 - 2013-01-30 03:24 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Heartless\Downloads\mbam-setup-1.70.0.1100.exe
2013-01-30 02:52 - 2013-01-30 02:52 - 00000000 ____D C:\Users\All Users\Adobe
2013-01-30 02:51 - 2013-01-30 02:52 - 00000000 ____D C:\Users\Heartless\AppData\Local\Adobe
2013-01-30 02:47 - 2013-01-30 02:47 - 00156320 ____A C:\Users\Heartless\Downloads\Adobe.Premiere.Pro.CS3.keygen.by.Inferno.zip
2013-01-30 02:40 - 2013-01-30 02:40 - 00000000 ____D C:\Users\Heartless\Documents\Adobe
2013-01-30 02:40 - 2013-01-30 02:40 - 00000000 ____D C:\Users\All Users\FLEXnet
2013-01-30 02:36 - 2013-01-30 02:36 - 00001203 ____A C:\Users\Heartless\Desktop\Adobe Premiere Pro CS3.lnk
2013-01-30 02:34 - 2013-01-30 02:34 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-01-30 02:31 - 2013-01-30 02:31 - 00000000 ____D C:\Windows\SysWOW64\spool
2013-01-30 02:27 - 2013-01-30 02:35 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-01-30 02:22 - 2013-01-30 02:49 - 00000000 ____D C:\Users\Heartless\Desktop\New folder (2)
2013-01-28 23:24 - 2013-01-28 23:25 - 00002106 ____A C:\Users\Public\Desktop\Path of Exile.lnk
2013-01-28 23:24 - 2013-01-28 23:24 - 00000000 ____D C:\Program Files (x86)\Grinding Gear Games
2013-01-28 23:24 - 2009-09-04 15:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-01-28 23:24 - 2009-09-04 15:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-01-28 23:23 - 2013-01-28 23:24 - 06987776 ____A C:\Users\Heartless\Downloads\PathOfExileInstaller.msi
2013-01-28 23:10 - 2013-01-30 03:10 - 00000000 ____D C:\Program Files (x86)\Steam
2013-01-28 23:10 - 2013-01-28 23:10 - 00000917 ____A C:\Users\Public\Desktop\Steam.lnk
2013-01-28 02:10 - 2013-01-28 02:10 - 00000000 ____D C:\Users\Heartless\Desktop\N64 Roms
2013-01-28 01:07 - 2013-01-28 01:10 - 00000072 ____A C:\Users\Heartless\Downloads\ZELDA.jsf
2013-01-24 23:29 - 2013-01-24 23:29 - 00000000 ____D C:\Users\Heartless\Documents\W-Split
2013-01-24 23:29 - 2013-01-24 23:29 - 00000000 ____D C:\Users\Heartless\AppData\Local\WSplit
2013-01-24 23:25 - 2013-01-24 23:25 - 00066114 ____A C:\Users\Heartless\Downloads\wsplit-1.4.4.7z
2013-01-24 23:25 - 2013-01-24 23:25 - 00000000 ____D C:\Users\Heartless\Desktop\WSPLIT
2013-01-24 20:48 - 2013-01-28 05:06 - 00002088 ____A C:\Users\Heartless\Desktop\Xpadder.ini
2013-01-23 23:18 - 2013-01-30 03:10 - 00000000 ____D C:\Users\Heartless\Tracing
2013-01-23 23:16 - 2013-01-23 23:16 - 00000000 ____D C:\Windows\en
2013-01-23 23:08 - 2013-01-23 23:08 - 00000000 ____D C:\Program Files\Windows Live
2013-01-23 23:05 - 2009-09-04 15:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2013-01-23 23:05 - 2009-09-04 15:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-01-23 23:04 - 2013-01-28 22:59 - 00000000 ____D C:\Users\Heartless\AppData\Local\Windows Live
2013-01-23 23:03 - 2013-01-23 23:03 - 01239552 ____A (Microsoft Corporation) C:\Users\Heartless\Downloads\wlsetup-web.exe
2013-01-23 22:58 - 2013-01-23 22:58 - 00379064 ____A (Softonic) C:\Users\Heartless\Downloads\SoftonicDownloader_for_pinnacle-videospin.exe
2013-01-23 22:14 - 2013-01-28 00:41 - 00000000 ____D C:\Users\Heartless\Documents\oot saves
2013-01-23 20:51 - 2013-01-23 20:51 - 00000000 ____D C:\Users\Heartless\Desktop\X-Padder
2013-01-23 20:51 - 2009-11-02 01:33 - 01189376 ____A C:\Users\Heartless\Desktop\Xpadder.exe
2013-01-23 20:46 - 2013-01-23 20:46 - 00002087 ____A C:\Users\Heartless\Desktop\Project64 1.6.lnk
2013-01-23 20:44 - 2013-01-23 20:44 - 00000072 ____A C:\Users\Heartless\Downloads\hnjkhl.jsf
2013-01-23 20:13 - 2013-01-23 20:34 - 00000000 ____D C:\Program Files (x86)\Project64 1.6
2013-01-23 20:12 - 2013-01-23 20:12 - 02080797 ____A (Project64 ) C:\Users\Heartless\Downloads\project64_1.6.exe
2013-01-23 17:40 - 2013-01-23 17:40 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2013-01-20 23:32 - 2013-01-20 23:32 - 00000000 ____A C:\Users\Heartless\Desktop\LogisticsPipes-Request.log
2013-01-19 21:54 - 2013-01-12 01:30 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-01-19 21:54 - 2013-01-12 01:26 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-01-19 21:54 - 2013-01-12 01:24 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-01-19 21:53 - 2013-01-19 21:54 - 00004434 ____A C:\Windows\SysWOW64\jupdate-1.7.0_11-b21.log
2013-01-18 01:13 - 2013-01-18 01:22 - 81468907 ____A C:\Users\Heartless\Downloads\dgblack2ap_bafe7.7z
2013-01-18 01:09 - 2013-01-18 01:09 - 00002596 ____A C:\Users\Heartless\Downloads\XXXX - Pokemon Black 2 (USA)(Patched) (1).zip
2013-01-18 01:08 - 2013-01-18 01:08 - 00002596 ____A C:\Users\Heartless\Downloads\XXXX - Pokemon Black 2 (USA)(Patched).zip
2013-01-18 01:00 - 2013-01-18 01:00 - 00052672 ____A C:\Users\Heartless\Downloads\pbw2app.7z
2013-01-14 20:31 - 2013-01-14 20:34 - 71349192 ____A C:\Users\Heartless\Downloads\Final Fantasy Tactics A2 - Grimoire of the Rift.zip
2013-01-14 20:23 - 2013-01-14 20:30 - 106084622 ____A C:\Users\Heartless\Downloads\Dragon Quest IX - Sentinels of the Starry Skies.zip
2013-01-14 20:02 - 2013-01-14 20:04 - 59782202 ____A C:\Users\Heartless\Downloads\Pokemon SoulSilver.zip
2013-01-14 19:50 - 2013-01-14 20:01 - 88052844 ____A C:\Users\Heartless\Downloads\Lunar Knights.zip
2013-01-14 19:40 - 2013-01-14 19:46 - 19808359 ____A C:\Users\Heartless\Downloads\Lunar - Dragon Song.zip
2013-01-13 22:34 - 2013-01-13 22:34 - 05818005 ____A C:\Users\Heartless\Downloads\Final Fantasy VI Advance.zip
2013-01-12 22:17 - 2013-01-28 23:25 - 00000000 ____D C:\Users\Heartless\Documents\My Games
2013-01-12 22:17 - 2013-01-12 22:17 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2013-01-12 22:17 - 2010-02-04 08:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-01-12 22:17 - 2010-02-04 08:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-01-12 22:17 - 2010-02-04 08:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-01-12 22:17 - 2009-03-09 13:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-01-12 22:17 - 2007-03-12 14:42 - 03495784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-01-12 22:16 - 2013-01-13 00:36 - 00772214 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-01-10 14:53 - 2013-01-10 14:53 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-01-10 14:53 - 2013-01-10 14:53 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-01-10 03:05 - 2012-08-23 06:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2013-01-10 03:05 - 2012-08-23 06:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2013-01-10 03:05 - 2012-08-23 06:08 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbGD.sys
2013-01-10 03:05 - 2012-08-23 06:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2013-01-10 03:05 - 2012-08-23 05:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-01-10 03:05 - 2012-08-23 05:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-01-10 03:05 - 2012-08-23 05:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-01-10 03:05 - 2012-08-23 05:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-01-10 03:05 - 2012-08-23 05:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-01-10 03:05 - 2012-08-23 05:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2013-01-10 03:05 - 2012-08-23 05:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-01-10 03:05 - 2012-08-23 05:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2013-01-10 03:05 - 2012-08-23 05:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-01-10 03:05 - 2012-08-23 04:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-01-10 03:05 - 2012-08-23 03:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2013-01-10 03:05 - 2012-08-23 03:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-01-10 03:05 - 2012-08-23 03:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2013-01-10 03:05 - 2012-08-23 03:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-01-10 03:05 - 2012-08-23 02:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-01-10 03:05 - 2012-08-23 02:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2013-01-10 03:05 - 2012-08-23 02:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-01-10 03:05 - 2012-08-23 02:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-01-10 03:05 - 2012-08-23 01:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2013-01-10 03:05 - 2012-08-23 00:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-01-10 03:05 - 2012-08-23 00:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-01-10 03:04 - 2012-08-24 10:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-01-10 03:04 - 2012-08-24 10:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-01-10 03:04 - 2012-08-24 10:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-01-10 03:04 - 2012-08-24 10:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-01-10 03:04 - 2012-08-24 08:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-01-10 03:04 - 2012-08-24 08:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-01-10 03:04 - 2012-08-24 08:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-01-10 03:04 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2013-01-10 03:04 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-01-09 15:24 - 2013-01-30 03:01 - 00000000 ____D C:\Users\Heartless\AppData\Local\CrashDumps
2013-01-09 14:55 - 2012-12-07 05:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll
2013-01-09 14:55 - 2012-12-07 05:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
2013-01-09 14:55 - 2012-12-07 04:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-01-09 14:55 - 2012-12-07 04:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-01-09 14:55 - 2012-12-07 03:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs
2013-01-09 14:55 - 2012-12-07 03:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs
2013-01-09 14:55 - 2012-12-07 03:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs
2013-01-09 14:55 - 2012-12-07 03:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs
2013-01-09 14:55 - 2012-12-07 03:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs
2013-01-09 14:55 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs
2013-01-09 14:55 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs
2013-01-09 14:55 - 2012-12-07 03:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs
2013-01-09 14:55 - 2012-12-07 03:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs
2013-01-09 14:55 - 2012-12-07 03:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs
2013-01-09 14:55 - 2012-12-07 03:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs
2013-01-09 14:55 - 2012-12-07 03:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs
2013-01-09 14:55 - 2012-12-07 03:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs
2013-01-09 14:55 - 2012-12-07 03:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs
2013-01-09 14:55 - 2012-12-07 02:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-01-09 14:55 - 2012-12-07 02:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-01-09 14:55 - 2012-12-07 02:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-01-09 14:55 - 2012-12-07 02:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-01-09 14:55 - 2012-12-07 02:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-01-09 14:55 - 2012-12-07 02:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-01-09 14:55 - 2012-12-07 02:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-01-09 14:55 - 2012-12-07 02:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-01-09 14:55 - 2012-12-07 02:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-01-09 14:55 - 2012-12-07 02:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-01-09 14:55 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-01-09 14:55 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-01-09 14:55 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-01-09 14:55 - 2012-12-07 02:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-01-09 14:55 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-01-09 14:55 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-01-09 14:55 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-01-09 14:55 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-01-09 14:55 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-01-09 14:55 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-01-09 14:54 - 2012-11-29 21:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-01-09 14:54 - 2012-11-29 21:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-01-09 14:54 - 2012-11-29 21:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-01-09 14:54 - 2012-11-29 21:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-01-09 14:54 - 2012-11-29 21:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-01-09 14:54 - 2012-11-29 21:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-01-09 14:54 - 2012-11-29 21:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-01-09 14:54 - 2012-11-29 21:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 21:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 20:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-01-09 14:54 - 2012-11-29 20:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-01-09 14:54 - 2012-11-29 20:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-01-09 14:54 - 2012-11-29 20:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 20:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 19:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-01-09 14:54 - 2012-11-29 18:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-01-09 14:54 - 2012-11-29 18:44 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-01-09 14:54 - 2012-11-29 18:44 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-01-09 14:54 - 2012-11-29 18:44 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-01-09 14:54 - 2012-11-29 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-01-09 14:54 - 2012-11-29 15:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls
2013-01-09 14:54 - 2012-11-29 15:15 - 00420064 ____A C:\Windows\System32\locale.nls
2013-01-09 14:54 - 2012-11-21 21:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
2013-01-09 14:54 - 2012-11-21 20:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-01-09 14:54 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-01-09 14:54 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-01-09 14:53 - 2012-11-22 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-01-09 14:53 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-01-09 03:53 - 2010-02-04 08:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2013-01-09 03:53 - 2010-02-04 08:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-01-09 03:53 - 2007-04-04 16:54 - 00107368 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
2013-01-09 03:53 - 2007-04-04 16:53 - 00081768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2013-01-09 00:59 - 2013-01-09 00:59 - 01669632 ____A C:\Users\Heartless\Downloads\SteamInstall.msi
2013-01-05 01:21 - 2013-01-05 01:21 - 06792611 ____A C:\Users\Heartless\Downloads\Mario and Luigi - Superstar Saga.zip
2013-01-05 01:16 - 2013-01-05 01:16 - 00659797 ____A C:\Users\Heartless\Downloads\VisualBoyAdvance-1.8.0-beta3.zip
2013-01-02 02:04 - 2013-01-02 02:05 - 00000000 ____D C:\Program Files (x86)\Xvid
2013-01-02 02:04 - 2011-05-30 05:42 - 00255488 ____A C:\Windows\System32\xvidvfw.dll
2013-01-02 02:04 - 2011-05-30 05:42 - 00240640 ____A C:\Windows\SysWOW64\xvidvfw.dll
2013-01-02 02:04 - 2011-05-23 01:52 - 00153088 ____A C:\Windows\SysWOW64\xvid.ax
2013-01-02 02:04 - 2011-05-22 23:49 - 00173568 ____A C:\Windows\System32\xvid.ax
2013-01-02 02:04 - 2011-05-22 23:46 - 00645632 ____A C:\Windows\SysWOW64\xvidcore.dll
2013-01-02 02:04 - 2011-05-22 23:45 - 00696832 ____A C:\Windows\System32\xvidcore.dll
2013-01-02 02:03 - 2013-01-02 02:04 - 10768856 ____A (Xvid Team) C:\Users\Heartless\Downloads\Xvid-1.3.2-20110601.exe
2013-01-02 01:52 - 2013-01-02 01:52 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
2013-01-02 01:51 - 2013-01-02 01:52 - 00000000 ____D C:\Users\Heartless\Desktop\avisynth
2013-01-02 01:51 - 2013-01-02 01:51 - 05080168 ____A C:\Users\Heartless\Downloads\AviSynth_110525.zip
2013-01-02 01:41 - 2013-01-02 01:41 - 00000000 ____D C:\Program Files (x86)\x264vfw
2013-01-02 01:40 - 2013-01-02 01:40 - 01204839 ____A C:\Users\Heartless\Downloads\x264vfw_37_2200bm_33968.exe
2013-01-02 01:31 - 2013-01-02 01:31 - 00000000 ____D C:\Users\Heartless\Desktop\dub
2013-01-02 01:30 - 2013-01-02 01:31 - 01707366 ____A C:\Users\Heartless\Downloads\VirtualDub-1.9.11.zip
2013-01-02 01:13 - 2013-01-02 01:14 - 07174957 ____A (http://yamb.unite-video.com) C:\Users\Heartless\Downloads\Yamb-2.1.0.0_beta2_setup.exe
2013-01-02 01:01 - 2013-01-02 01:01 - 03196013 ____A C:\Users\Heartless\Downloads\MP4Cam2AVI_v2.99.zip
2013-01-02 01:01 - 2013-01-02 01:01 - 00000000 ____D C:\Users\Heartless\Desktop\convert
2013-01-02 00:58 - 2013-01-02 00:58 - 00087373 ____A C:\Users\Heartless\Downloads\Quicktime_VD_v0.2.0.0_bin.zip
2013-01-02 00:56 - 2013-01-02 00:56 - 00570702 ____A C:\Users\Heartless\Downloads\AVIcodec_1.2_b113.exe
2013-01-02 00:56 - 2013-01-02 00:56 - 00000000 ____D C:\Program Files (x86)\AVIcodec
2013-01-02 00:52 - 2013-01-02 00:52 - 01916953 ____A C:\Users\Heartless\Downloads\VirtualDub-1.9.11-AMD64.zip
2013-01-01 23:27 - 2013-01-01 23:27 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01007.Wdf
2013-01-01 23:24 - 2013-01-23 20:35 - 00000000 ____D C:\Users\Heartless\Desktop\joytokey
2013-01-01 23:24 - 2013-01-01 23:24 - 00751654 ____A C:\Users\Heartless\Downloads\JoyToKey_en.zip
2013-01-01 22:57 - 2013-01-01 22:57 - 01961052 ____A C:\Users\Heartless\Downloads\desmume-0.9.8-win32.zip

==================== One Month Modified Files and Folders =======

2013-01-31 00:36 - 2013-01-31 00:36 - 00000000 ____D C:\FRST
2013-01-30 04:14 - 2012-11-24 03:19 - 01465417 ____A C:\Windows\WindowsUpdate.log
2013-01-30 04:01 - 2012-12-13 21:56 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-01-30 04:00 - 2012-12-13 22:56 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-30 03:52 - 2013-01-30 03:52 - 00365568 ____A C:\Users\Heartless\Downloads\vbzz9b7n.exe
2013-01-30 03:52 - 2013-01-30 03:52 - 00365568 ____A C:\Users\Heartless\Desktop\vbzz9b7n.exe
2013-01-30 03:50 - 2013-01-30 03:50 - 00044855 ____A C:\Users\Heartless\Desktop\ark.txt
2013-01-30 03:42 - 2013-01-30 03:42 - 00365568 ____A C:\Users\Heartless\Downloads\ius91chq.exe
2013-01-30 03:40 - 2013-01-30 03:40 - 00688992 ____R (Swearware) C:\Users\Heartless\Desktop\dds.scr
2013-01-30 03:40 - 2013-01-30 03:40 - 00022409 ____A C:\Users\Heartless\Desktop\dds.txt
2013-01-30 03:40 - 2013-01-30 03:40 - 00009118 ____A C:\Users\Heartless\Desktop\attach.txt
2013-01-30 03:40 - 2012-12-13 22:23 - 00000000 ____D C:\Users\All Users\AVG2013
2013-01-30 03:36 - 2013-01-30 03:36 - 00010548 ____A C:\Users\Heartless\Downloads\hijackthis.log
2013-01-30 03:36 - 2012-12-10 13:22 - 00000000 ____D C:\Users\Heartless\AppData\Local\VirtualStore
2013-01-30 03:35 - 2013-01-30 03:35 - 00388608 ____A (Trend Micro Inc.) C:\Users\Heartless\Desktop\HijackThis.exe
2013-01-30 03:27 - 2013-01-30 03:27 - 00000000 ____D C:\Users\Heartless\AppData\Roaming\Malwarebytes
2013-01-30 03:26 - 2013-01-30 03:26 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-01-30 03:26 - 2013-01-30 03:26 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-01-30 03:26 - 2013-01-30 03:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-30 03:26 - 2012-12-13 22:13 - 00000000 ____D C:\Users\All Users\MFAData
2013-01-30 03:24 - 2013-01-30 03:24 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Heartless\Downloads\mbam-setup-1.70.0.1100.exe
2013-01-30 03:16 - 2009-07-13 20:45 - 00021664 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-30 03:16 - 2009-07-13 20:45 - 00021664 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-30 03:10 - 2013-01-28 23:10 - 00000000 ____D C:\Program Files (x86)\Steam
2013-01-30 03:10 - 2013-01-23 23:18 - 00000000 ____D C:\Users\Heartless\Tracing
2013-01-30 03:10 - 2012-12-24 21:18 - 00000004 ____A C:\Windows\SysWOW64\GVTunner.ref
2013-01-30 03:10 - 2012-12-20 23:23 - 00000000 ____D C:\Users\Heartless\AppData\Local\LogMeIn Hamachi
2013-01-30 03:10 - 2012-12-10 13:46 - 00030528 ____A C:\Windows\GVTDrv64.sys
2013-01-30 03:09 - 2012-12-13 21:56 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-01-30 03:09 - 2012-12-10 13:46 - 00025640 ____A (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2013-01-30 03:09 - 2011-06-29 10:51 - 00004806 ____A C:\Windows\setupact.log
2013-01-30 03:09 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-30 03:09 - 2009-07-13 20:45 - 02199288 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-30 03:01 - 2013-01-09 15:24 - 00000000 ____D C:\Users\Heartless\AppData\Local\CrashDumps
2013-01-30 02:52 - 2013-01-30 02:52 - 00000000 ____D C:\Users\All Users\Adobe
2013-01-30 02:52 - 2013-01-30 02:51 - 00000000 ____D C:\Users\Heartless\AppData\Local\Adobe
2013-01-30 02:52 - 2012-12-13 22:57 - 00000000 ____D C:\Users\Heartless\AppData\Roaming\Adobe
2013-01-30 02:52 - 2012-12-10 13:23 - 00058016 ____A C:\Users\Heartless\AppData\Local\GDIPFONTCACHEV1.DAT
2013-01-30 02:49 - 2013-01-30 02:22 - 00000000 ____D C:\Users\Heartless\Desktop\New folder (2)
2013-01-30 02:47 - 2013-01-30 02:47 - 00156320 ____A C:\Users\Heartless\Downloads\Adobe.Premiere.Pro.CS3.keygen.by.Inferno.zip
2013-01-30 02:40 - 2013-01-30 02:40 - 00000000 ____D C:\Users\Heartless\Documents\Adobe
2013-01-30 02:40 - 2013-01-30 02:40 - 00000000 ____D C:\Users\All Users\FLEXnet
2013-01-30 02:36 - 2013-01-30 02:36 - 00001203 ____A C:\Users\Heartless\Desktop\Adobe Premiere Pro CS3.lnk
2013-01-30 02:35 - 2013-01-30 02:27 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-01-30 02:34 - 2013-01-30 02:34 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-01-30 02:31 - 2013-01-30 02:31 - 00000000 ____D C:\Windows\SysWOW64\spool
2013-01-28 23:25 - 2013-01-28 23:24 - 00002106 ____A C:\Users\Public\Desktop\Path of Exile.lnk
2013-01-28 23:25 - 2013-01-12 22:17 - 00000000 ____D C:\Users\Heartless\Documents\My Games
2013-01-28 23:24 - 2013-01-28 23:24 - 00000000 ____D C:\Program Files (x86)\Grinding Gear Games
2013-01-28 23:24 - 2013-01-28 23:23 - 06987776 ____A C:\Users\Heartless\Downloads\PathOfExileInstaller.msi
2013-01-28 23:10 - 2013-01-28 23:10 - 00000917 ____A C:\Users\Public\Desktop\Steam.lnk
2013-01-28 23:10 - 2012-12-10 13:22 - 00000000 ____D C:\users\Heartless
2013-01-28 22:59 - 2013-01-23 23:04 - 00000000 ____D C:\Users\Heartless\AppData\Local\Windows Live
2013-01-28 05:06 - 2013-01-24 20:48 - 00002088 ____A C:\Users\Heartless\Desktop\Xpadder.ini
2013-01-28 02:10 - 2013-01-28 02:10 - 00000000 ____D C:\Users\Heartless\Desktop\N64 Roms
2013-01-28 01:10 - 2013-01-28 01:07 - 00000072 ____A C:\Users\Heartless\Downloads\ZELDA.jsf
2013-01-28 00:41 - 2013-01-23 22:14 - 00000000 ____D C:\Users\Heartless\Documents\oot saves
2013-01-26 20:25 - 2012-12-15 20:21 - 00000000 ____D C:\Users\Heartless\AppData\Roaming\.techniclauncher
2013-01-24 23:29 - 2013-01-24 23:29 - 00000000 ____D C:\Users\Heartless\Documents\W-Split
2013-01-24 23:29 - 2013-01-24 23:29 - 00000000 ____D C:\Users\Heartless\AppData\Local\WSplit
2013-01-24 23:25 - 2013-01-24 23:25 - 00066114 ____A C:\Users\Heartless\Downloads\wsplit-1.4.4.7z
2013-01-24 23:25 - 2013-01-24 23:25 - 00000000 ____D C:\Users\Heartless\Desktop\WSPLIT
2013-01-24 18:15 - 2012-12-14 21:06 - 00703117 ____A C:\Users\Heartless\AppData\Roaming\technic-launcher.jar
2013-01-23 23:16 - 2013-01-23 23:16 - 00000000 ____D C:\Windows\en
2013-01-23 23:15 - 2011-03-01 15:04 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-01-23 23:08 - 2013-01-23 23:08 - 00000000 ____D C:\Program Files\Windows Live
2013-01-23 23:06 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-01-23 23:05 - 2011-03-01 15:05 - 00032201 ____A C:\Windows\DirectX.log
2013-01-23 23:03 - 2013-01-23 23:03 - 01239552 ____A (Microsoft Corporation) C:\Users\Heartless\Downloads\wlsetup-web.exe
2013-01-23 22:58 - 2013-01-23 22:58 - 00379064 ____A (Softonic) C:\Users\Heartless\Downloads\SoftonicDownloader_for_pinnacle-videospin.exe
2013-01-23 20:51 - 2013-01-23 20:51 - 00000000 ____D C:\Users\Heartless\Desktop\X-Padder
2013-01-23 20:46 - 2013-01-23 20:46 - 00002087 ____A C:\Users\Heartless\Desktop\Project64 1.6.lnk
2013-01-23 20:44 - 2013-01-23 20:44 - 00000072 ____A C:\Users\Heartless\Downloads\hnjkhl.jsf
2013-01-23 20:35 - 2013-01-01 23:24 - 00000000 ____D C:\Users\Heartless\Desktop\joytokey
2013-01-23 20:34 - 2013-01-23 20:13 - 00000000 ____D C:\Program Files (x86)\Project64 1.6
2013-01-23 20:12 - 2013-01-23 20:12 - 02080797 ____A (Project64 ) C:\Users\Heartless\Downloads\project64_1.6.exe
2013-01-23 18:33 - 2012-12-25 14:43 - 00000000 ____D C:\Users\Heartless\AppData\Roaming\Audacity
2013-01-23 17:40 - 2013-01-23 17:40 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2013-01-23 17:36 - 2012-12-18 22:34 - 00000000 ____D C:\Users\Heartless\Desktop\Emu
2013-01-23 16:27 - 2012-12-14 21:06 - 00703104 ____A C:\Users\Heartless\AppData\Roaming\technic-launcher.jar.bak
2013-01-23 16:25 - 2012-12-21 22:38 - 00001857 ____A C:\Users\Public\Desktop\ooVoo.lnk
2013-01-23 16:25 - 2012-12-21 22:38 - 00000000 ____D C:\Program Files (x86)\ooVoo
2013-01-20 23:32 - 2013-01-20 23:32 - 00000000 ____A C:\Users\Heartless\Desktop\LogisticsPipes-Request.log
2013-01-19 21:54 - 2013-01-19 21:53 - 00004434 ____A C:\Windows\SysWOW64\jupdate-1.7.0_11-b21.log
2013-01-19 21:54 - 2012-12-14 04:12 - 00000000 ____D C:\Program Files (x86)\Java
2013-01-18 01:22 - 2013-01-18 01:13 - 81468907 ____A C:\Users\Heartless\Downloads\dgblack2ap_bafe7.7z
2013-01-18 01:09 - 2013-01-18 01:09 - 00002596 ____A C:\Users\Heartless\Downloads\XXXX - Pokemon Black 2 (USA)(Patched) (1).zip
2013-01-18 01:08 - 2013-01-18 01:08 - 00002596 ____A C:\Users\Heartless\Downloads\XXXX - Pokemon Black 2 (USA)(Patched).zip
2013-01-18 01:00 - 2013-01-18 01:00 - 00052672 ____A C:\Users\Heartless\Downloads\pbw2app.7z
2013-01-14 20:34 - 2013-01-14 20:31 - 71349192 ____A C:\Users\Heartless\Downloads\Final Fantasy Tactics A2 - Grimoire of the Rift.zip
2013-01-14 20:30 - 2013-01-14 20:23 - 106084622 ____A C:\Users\Heartless\Downloads\Dragon Quest IX - Sentinels of the Starry Skies.zip
2013-01-14 20:04 - 2013-01-14 20:02 - 59782202 ____A C:\Users\Heartless\Downloads\Pokemon SoulSilver.zip
2013-01-14 20:01 - 2013-01-14 19:50 - 88052844 ____A C:\Users\Heartless\Downloads\Lunar Knights.zip
2013-01-14 19:46 - 2013-01-14 19:40 - 19808359 ____A C:\Users\Heartless\Downloads\Lunar - Dragon Song.zip
2013-01-13 22:34 - 2013-01-13 22:34 - 05818005 ____A C:\Users\Heartless\Downloads\Final Fantasy VI Advance.zip
2013-01-13 00:36 - 2013-01-12 22:16 - 00772214 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-01-13 00:36 - 2009-07-13 21:13 - 00772214 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-12 22:17 - 2013-01-12 22:17 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2013-01-12 21:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-01-12 16:35 - 2012-12-13 21:58 - 00002255 ____A C:\Users\Heartless\Desktop\Google Chrome.lnk
2013-01-12 01:30 - 2013-01-19 21:54 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-01-12 01:26 - 2013-01-19 21:54 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-01-12 01:24 - 2013-01-19 21:54 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-01-10 14:53 - 2013-01-10 14:53 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-01-10 14:53 - 2013-01-10 14:53 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-01-10 14:53 - 2012-12-13 22:25 - 00000965 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-01-10 03:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-01-09 22:24 - 2012-12-19 23:13 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-01-09 00:59 - 2013-01-09 00:59 - 01669632 ____A C:\Users\Heartless\Downloads\SteamInstall.msi
2013-01-08 19:11 - 2012-12-20 23:41 - 00000000 ____D C:\Users\Heartless\Desktop\world_nether
2013-01-08 19:11 - 2012-12-20 23:41 - 00000000 ____D C:\Users\Heartless\Desktop\world
2013-01-08 17:01 - 2012-12-13 22:56 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-01-08 17:01 - 2012-12-13 22:56 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-01-05 01:21 - 2013-01-05 01:21 - 06792611 ____A C:\Users\Heartless\Downloads\Mario and Luigi - Superstar Saga.zip
2013-01-05 01:16 - 2013-01-05 01:16 - 00659797 ____A C:\Users\Heartless\Downloads\VisualBoyAdvance-1.8.0-beta3.zip
2013-01-02 02:05 - 2013-01-02 02:04 - 00000000 ____D C:\Program Files (x86)\Xvid
2013-01-02 02:04 - 2013-01-02 02:03 - 10768856 ____A (Xvid Team) C:\Users\Heartless\Downloads\Xvid-1.3.2-20110601.exe
2013-01-02 01:52 - 2013-01-02 01:52 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
2013-01-02 01:52 - 2013-01-02 01:51 - 00000000 ____D C:\Users\Heartless\Desktop\avisynth
2013-01-02 01:51 - 2013-01-02 01:51 - 05080168 ____A C:\Users\Heartless\Downloads\AviSynth_110525.zip
2013-01-02 01:41 - 2013-01-02 01:41 - 00000000 ____D C:\Program Files (x86)\x264vfw
2013-01-02 01:40 - 2013-01-02 01:40 - 01204839 ____A C:\Users\Heartless\Downloads\x264vfw_37_2200bm_33968.exe
2013-01-02 01:31 - 2013-01-02 01:31 - 00000000 ____D C:\Users\Heartless\Desktop\dub
2013-01-02 01:31 - 2013-01-02 01:30 - 01707366 ____A C:\Users\Heartless\Downloads\VirtualDub-1.9.11.zip
2013-01-02 01:14 - 2013-01-02 01:13 - 07174957 ____A (http://yamb.unite-video.com) C:\Users\Heartless\Downloads\Yamb-2.1.0.0_beta2_setup.exe
2013-01-02 01:01 - 2013-01-02 01:01 - 03196013 ____A C:\Users\Heartless\Downloads\MP4Cam2AVI_v2.99.zip
2013-01-02 01:01 - 2013-01-02 01:01 - 00000000 ____D C:\Users\Heartless\Desktop\convert
2013-01-02 00:58 - 2013-01-02 00:58 - 00087373 ____A C:\Users\Heartless\Downloads\Quicktime_VD_v0.2.0.0_bin.zip
2013-01-02 00:56 - 2013-01-02 00:56 - 00570702 ____A C:\Users\Heartless\Downloads\AVIcodec_1.2_b113.exe
2013-01-02 00:56 - 2013-01-02 00:56 - 00000000 ____D C:\Program Files (x86)\AVIcodec
2013-01-02 00:52 - 2013-01-02 00:52 - 01916953 ____A C:\Users\Heartless\Downloads\VirtualDub-1.9.11-AMD64.zip
2013-01-01 23:27 - 2013-01-01 23:27 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01007.Wdf
2013-01-01 23:24 - 2013-01-01 23:24 - 00751654 ____A C:\Users\Heartless\Downloads\JoyToKey_en.zip
2013-01-01 22:57 - 2013-01-01 22:57 - 01961052 ____A C:\Users\Heartless\Downloads\desmume-0.9.8-win32.zip

ZeroAccess:
C:\Windows\Installer\{80f7b7a2-818c-fe87-f196-90df9b357a74}
C:\Windows\Installer\{80f7b7a2-818c-fe87-f196-90df9b357a74}\@
C:\Windows\Installer\{80f7b7a2-818c-fe87-f196-90df9b357a74}\L
C:\Windows\Installer\{80f7b7a2-818c-fe87-f196-90df9b357a74}\U
C:\Windows\Installer\{80f7b7a2-818c-fe87-f196-90df9b357a74}\U\00000004.@
C:\Windows\Installer\{80f7b7a2-818c-fe87-f196-90df9b357a74}\U\00000008.@
C:\Windows\Installer\{80f7b7a2-818c-fe87-f196-90df9b357a74}\U\000000cb.@
C:\Windows\Installer\{80f7b7a2-818c-fe87-f196-90df9b357a74}\U\80000000.@
C:\Windows\Installer\{80f7b7a2-818c-fe87-f196-90df9b357a74}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-01-13 00:11:14
Restore point made on: 2013-01-19 21:53:04
Restore point made on: 2013-01-23 20:13:06
Restore point made on: 2013-01-23 23:04:25
Restore point made on: 2013-01-23 23:05:01
Restore point made on: 2013-01-23 23:05:22
Restore point made on: 2013-01-23 23:05:48
Restore point made on: 2013-01-23 23:07:48
Restore point made on: 2013-01-28 23:09:27
Restore point made on: 2013-01-28 23:10:40
Restore point made on: 2013-01-28 23:24:26

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 8173.54 MB
Available physical RAM: 7378.76 MB
Total Pagefile: 8171.73 MB
Available Pagefile: 7367.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:408.62 GB) NTFS
3 Drive f: () (Removable) (Total:3.72 GB) (Free:2.81 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 3815 MB 0 B

Partitions of Disk 0:
===============

Disk ID: C8DFDE62

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 465 GB 101 MB

=========================================================================== =======

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 465 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Disk ID: 00000000

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3814 MB 8 KB

=========================================================================== =======

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 3814 MB Healthy

=========================================================

Last Boot: 2013-01-24 17:30

==================== End Of Log =============================

and


Farbar Recovery Scan Tool (x64) Version: 30-01-2013 02
Ran by SYSTEM at 2013-01-31 00:38:57
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\ser vices.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,631 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
31-Jan-2013, 03:11 AM #4
OK, continue as follows:

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

Code:
start
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe  
C:\Windows\Installer\{80f7b7a2-818c-fe87-f196-90df9b357a74}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
end
Now please enter System Recovery Options as you did to get the log.

Run FRST64 or FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next,

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/comb...o-use-combofix if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin

Post bot logs, also give update on current issues/concerns..

Kevin
heartlessdeath0's Avatar
heartlessdeath0 heartlessdeath0 is offline
Member with 6 posts.
THREAD STARTER
 
Join Date: Jan 2013
31-Jan-2013, 04:22 AM #5
My computer isn't really experiencing any performance issues, but i thought it best to get rid of this problem asap.

I scanned my computer again and now it says no threats were found.


Here is the fixlog.txt log


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-01-2013 02
Ran by SYSTEM at 2013-01-31 02:36:43 Run:1
Running from F:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\ser vices.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\Installer\{80f7b7a2-818c-fe87-f196-90df9b357a74} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

==== End of Fixlog ====


and here is the ComboFix log



ComboFix 13-01-30.04 - Heartless 01/31/2013 2:59.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8174.6496 [GMT -6:00]
Running from: c:\users\Heartless\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-31 )))))))))))))))))))))))))))))))
.
.
2013-01-31 08:36 . 2013-01-31 08:36 -------- d-----w- C:\FRST
2013-01-30 11:27 . 2013-01-30 11:27 -------- d-----w- c:\users\Heartless\AppData\Roaming\Malwarebytes
2013-01-30 11:26 . 2013-01-30 11:26 -------- d-----w- c:\programdata\Malwarebytes
2013-01-30 11:26 . 2013-01-30 11:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-30 11:26 . 2012-12-14 22:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-30 11:26 . 2013-01-30 11:26 -------- d-----w- c:\users\Heartless\AppData\Local\Programs
2013-01-30 10:51 . 2013-01-30 10:52 -------- d-----w- c:\users\Heartless\AppData\Local\Adobe
2013-01-30 10:40 . 2013-01-30 10:40 -------- d-----w- c:\programdata\FLEXnet
2013-01-30 10:34 . 2013-01-30 10:34 -------- d-----w- c:\program files (x86)\Bonjour
2013-01-30 10:31 . 2013-01-30 10:31 -------- d-----w- c:\windows\SysWow64\spool
2013-01-30 10:27 . 2013-01-30 10:27 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2013-01-30 10:25 . 2013-01-30 10:35 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-01-29 07:24 . 2009-09-04 23:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2013-01-29 07:24 . 2009-09-04 23:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2013-01-29 07:24 . 2013-01-29 07:24 -------- d-----w- c:\program files (x86)\Grinding Gear Games
2013-01-29 07:10 . 2013-01-31 08:41 -------- d-----w- c:\program files (x86)\Steam
2013-01-25 07:29 . 2013-01-25 07:29 -------- d-----w- c:\users\Heartless\AppData\Local\WSplit
2013-01-24 07:18 . 2013-01-31 08:41 -------- d-----w- c:\users\Heartless\Tracing
2013-01-24 07:16 . 2013-01-24 07:16 -------- d-----w- c:\windows\en
2013-01-24 07:08 . 2013-01-24 07:08 -------- d-----w- c:\program files\Windows Live
2013-01-24 07:05 . 2009-09-04 23:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2013-01-24 07:05 . 2009-09-04 23:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-01-24 07:04 . 2013-01-24 07:04 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1bcd22ec1cdfa0104\DSETUP.dll
2013-01-24 07:04 . 2013-01-24 07:04 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1bcd22ec1cdfa0104\DXSETUP.exe
2013-01-24 07:04 . 2013-01-24 07:04 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1bcd22ec1cdfa0104\dsetup32.dll
2013-01-24 07:04 . 2013-01-24 07:04 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\17a1920b1cdfa0103\DSETUP.dll
2013-01-24 07:04 . 2013-01-24 07:04 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\17a1920b1cdfa0103\DXSETUP.exe
2013-01-24 07:04 . 2013-01-24 07:04 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\17a1920b1cdfa0103\dsetup32.dll
2013-01-24 07:04 . 2013-01-24 07:04 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\12b9da581cdfa0102\DSETUP.dll
2013-01-24 07:04 . 2013-01-24 07:04 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\12b9da581cdfa0102\DXSETUP.exe
2013-01-24 07:04 . 2013-01-24 07:04 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\12b9da581cdfa0102\dsetup32.dll
2013-01-24 07:04 . 2013-01-31 08:42 -------- d-----w- c:\users\Heartless\AppData\Local\Windows Live
2013-01-24 04:13 . 2013-01-24 04:13 40960 ----a-r- c:\users\Heartless\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2013-01-24 04:13 . 2013-01-24 04:13 40960 ----a-r- c:\users\Heartless\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2013-01-24 04:13 . 2013-01-24 04:34 -------- d-----w- c:\program files (x86)\Project64 1.6
2013-01-20 05:54 . 2013-01-12 09:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-13 06:17 . 2010-02-04 16:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2013-01-13 06:17 . 2010-02-04 16:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2013-01-13 06:17 . 2010-02-04 16:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2013-01-13 06:17 . 2009-03-09 21:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2013-01-13 06:17 . 2007-03-12 22:42 3495784 ----a-w- c:\windows\SysWow64\d3dx9_33.dll
2013-01-13 06:17 . 2013-01-13 06:17 -------- d-----w- c:\program files (x86)\Microsoft XNA
2013-01-12 11:06 . 2013-01-12 11:07 8282192 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2013-01-10 22:53 . 2013-01-10 22:53 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2013-01-10 11:04 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-01-10 11:04 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-01-10 11:04 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-01-10 11:04 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-01-10 11:04 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-01-10 11:04 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-01-10 11:04 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-01-10 11:04 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-01-10 11:04 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-01-09 23:24 . 2013-01-30 11:01 -------- d-----w- c:\users\Heartless\AppData\Local\CrashDumps
2013-01-09 22:54 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
2013-01-09 22:53 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 22:53 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-09 11:53 . 2010-02-04 16:01 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2013-01-09 11:53 . 2010-02-04 16:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2013-01-09 11:53 . 2007-04-05 00:54 107368 ----a-w- c:\windows\system32\xinput1_3.dll
2013-01-09 11:53 . 2007-04-05 00:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2013-01-09 09:00 . 2013-01-20 05:52 -------- d-----w- c:\program files (x86)\Common Files\Steam
2013-01-02 10:04 . 2011-05-30 13:42 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2013-01-02 10:04 . 2011-05-30 13:42 255488 ----a-w- c:\windows\system32\xvidvfw.dll
2013-01-02 10:04 . 2011-05-23 09:52 153088 ----a-w- c:\windows\SysWow64\xvid.ax
2013-01-02 10:04 . 2011-05-23 07:49 173568 ----a-w- c:\windows\system32\xvid.ax
2013-01-02 10:04 . 2011-05-23 07:46 645632 ----a-w- c:\windows\SysWow64\xvidcore.dll
2013-01-02 10:04 . 2011-05-23 07:45 696832 ----a-w- c:\windows\system32\xvidcore.dll
2013-01-02 10:04 . 2013-01-02 10:05 -------- d-----w- c:\program files (x86)\Xvid
2013-01-02 09:52 . 2013-01-02 09:52 -------- d-----w- c:\program files (x86)\AviSynth 2.5
2013-01-02 09:41 . 2013-01-02 09:41 -------- d-----w- c:\program files (x86)\x264vfw
2013-01-02 08:56 . 2013-01-02 08:56 -------- d-----w- c:\program files (x86)\AVIcodec
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-31 09:05 . 2012-12-10 21:46 30528 ----a-w- c:\windows\GVTDrv64.sys
2013-01-31 09:05 . 2012-12-10 21:46 25640 ----a-w- c:\windows\gdrv.sys
2013-01-10 06:24 . 2012-12-20 07:13 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-09 01:01 . 2012-12-14 06:56 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 01:01 . 2012-12-14 06:56 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-16 17:11 . 2012-12-21 09:00 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 09:00 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 09:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 09:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-15 03:51 . 2012-12-15 03:51 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-12-14 12:12 . 2012-12-14 12:13 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-14 12:12 . 2012-12-14 12:13 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-12-14 06:26 . 2012-12-14 06:26 25640 ----a-w- c:\windows\etdrv.sys
2012-12-14 06:24 . 2012-12-14 06:25 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-11-30 04:45 . 2013-01-09 22:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-19 07:01 . 2012-12-18 07:46 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5AB93B51-95AD-43E8-A76B-D0A0A015D43F}\mpengine.dll
2012-11-16 05:33 . 2012-11-16 05:33 111968 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-11-14 07:06 . 2012-12-14 08:26 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-14 08:26 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-14 08:26 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-14 08:26 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-14 08:26 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-14 08:26 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-14 08:26 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-14 08:26 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-14 08:26 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-14 08:26 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-14 08:26 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-14 08:26 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-14 08:26 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-14 08:26 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-14 08:26 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-14 08:26 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-14 08:26 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-14 08:26 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-14 08:26 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-14 08:26 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-14 08:26 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-14 08:26 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-14 12:26 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-14 12:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A2ACB108-446D-4D93-B2F9-998A9534C288}]
2012-12-14 22:03 78136 ----a-w- c:\users\Heartless\AppData\Local\couponamazing\ie\couponamazing_1355522574. dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2013-01-20 28467264]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-01-29 1354736]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-05-25 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-29 642728]
"UVCSti"="c:\program files (x86)\UVC Video Camera\UVCSti.exe" [2010-03-26 245760]
"RunUVC"="c:\program files (x86)\UVC Video Camera\EffectDir\UVCtray.exe" [2010-06-18 7548928]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-12-14 1046984]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru nOnce]
"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETCall.exe" [2012-02-01 40960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-07 31272]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-12-14 25640]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-02 130976]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-01 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-16 111968]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-12-14 30568]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 Realtek11nCU;Realtek11nCU;c:\program files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
S2 vToolbarUpdater13.3.2;vToolbarUpdater13.3.2;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe [2012-12-14 894920]
S3 AODDriver;AODDriver;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2010-03-12 52280]
S3 Cam3820;Cam3820 PC Camera Driver;c:\windows\system32\Drivers\cam3820a.sys [2010-06-14 433536]
S3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2013-01-31 30528]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [2010-08-06 762472]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-25 00:01 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-14 01:01]
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-14 05:56]
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-14 05:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.msn.com
mDefault_Page_URL = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.2\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-Locked - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2198545607-827547869-2066008582-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2198545607-827547869-2066008582-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_ 5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Edimax\11n USB Wireless LAN Utility\RtWlan.exe
c:\program files (x86)\GIGABYTE\ET6\GUI.exe
.
**************************************************************************
.
Completion time: 2013-01-31 03:08:12 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-31 09:08
.
Pre-Run: 442,760,810,496 bytes free
Post-Run: 442,715,652,096 bytes free
.
- - End Of File - - 41254122283EABA14CDAF72AA240490D
heartlessdeath0's Avatar
heartlessdeath0 heartlessdeath0 is offline
Member with 6 posts.
THREAD STARTER
 
Join Date: Jan 2013
31-Jan-2013, 04:32 AM #6
Slight mistake on that last post. It says threats were found but removed, instead of remove manually.
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,631 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
31-Jan-2013, 05:29 AM #7
Continue, make sure we miss nothing!

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code:
ClearJavaCache::
Registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A2ACB108-446D-4D93-B2F9-998A9534C288}]
Folder::
c:\users\Heartless\AppData\Local\couponamazing
Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next,

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete
  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found
If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
close program
copy and paste the report here

Next,

Download Security Check by screen317 from either of the following:
http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Kevin
heartlessdeath0's Avatar
heartlessdeath0 heartlessdeath0 is offline
Member with 6 posts.
THREAD STARTER
 
Join Date: Jan 2013
31-Jan-2013, 06:39 AM #8
Okay, let's do this!


ComboFix Log


ComboFix 13-01-30.04 - Heartless 01/31/2013 4:38.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8174.5420 [GMT -6:00]
Running from: c:\users\Heartless\Desktop\ComboFix.exe
Command switches used :: c:\users\Heartless\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Heartless\AppData\Local\couponamazing
c:\users\Heartless\AppData\Local\couponamazing\sqlite3.exe
c:\users\Heartless\AppData\Local\couponamazing\uninst.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-31 )))))))))))))))))))))))))))))))
.
.
2013-01-31 10:42 . 2013-01-31 10:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-31 08:36 . 2013-01-31 08:36 -------- d-----w- C:\FRST
2013-01-30 11:27 . 2013-01-30 11:27 -------- d-----w- c:\users\Heartless\AppData\Roaming\Malwarebytes
2013-01-30 11:26 . 2013-01-30 11:26 -------- d-----w- c:\programdata\Malwarebytes
2013-01-30 11:26 . 2013-01-30 11:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-30 11:26 . 2012-12-14 22:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-30 11:26 . 2013-01-30 11:26 -------- d-----w- c:\users\Heartless\AppData\Local\Programs
2013-01-30 10:51 . 2013-01-30 10:52 -------- d-----w- c:\users\Heartless\AppData\Local\Adobe
2013-01-30 10:40 . 2013-01-30 10:40 -------- d-----w- c:\programdata\FLEXnet
2013-01-30 10:34 . 2013-01-30 10:34 -------- d-----w- c:\program files (x86)\Bonjour
2013-01-30 10:31 . 2013-01-30 10:31 -------- d-----w- c:\windows\SysWow64\spool
2013-01-30 10:27 . 2013-01-30 10:27 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2013-01-30 10:25 . 2013-01-30 10:35 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-01-29 07:24 . 2009-09-04 23:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2013-01-29 07:24 . 2009-09-04 23:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2013-01-29 07:24 . 2013-01-29 07:24 -------- d-----w- c:\program files (x86)\Grinding Gear Games
2013-01-29 07:10 . 2013-01-31 09:16 -------- d-----w- c:\program files (x86)\Steam
2013-01-25 07:29 . 2013-01-25 07:29 -------- d-----w- c:\users\Heartless\AppData\Local\WSplit
2013-01-24 07:18 . 2013-01-31 08:41 -------- d-----w- c:\users\Heartless\Tracing
2013-01-24 07:16 . 2013-01-24 07:16 -------- d-----w- c:\windows\en
2013-01-24 07:08 . 2013-01-24 07:08 -------- d-----w- c:\program files\Windows Live
2013-01-24 07:05 . 2009-09-04 23:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2013-01-24 07:05 . 2009-09-04 23:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-01-24 07:04 . 2013-01-24 07:04 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1bcd22ec1cdfa0104\DSETUP.dll
2013-01-24 07:04 . 2013-01-24 07:04 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1bcd22ec1cdfa0104\DXSETUP.exe
2013-01-24 07:04 . 2013-01-24 07:04 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1bcd22ec1cdfa0104\dsetup32.dll
2013-01-24 07:04 . 2013-01-24 07:04 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\17a1920b1cdfa0103\DSETUP.dll
2013-01-24 07:04 . 2013-01-24 07:04 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\17a1920b1cdfa0103\DXSETUP.exe
2013-01-24 07:04 . 2013-01-24 07:04 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\17a1920b1cdfa0103\dsetup32.dll
2013-01-24 07:04 . 2013-01-24 07:04 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\12b9da581cdfa0102\DSETUP.dll
2013-01-24 07:04 . 2013-01-24 07:04 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\12b9da581cdfa0102\DXSETUP.exe
2013-01-24 07:04 . 2013-01-24 07:04 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\12b9da581cdfa0102\dsetup32.dll
2013-01-24 07:04 . 2013-01-31 08:42 -------- d-----w- c:\users\Heartless\AppData\Local\Windows Live
2013-01-24 04:13 . 2013-01-24 04:13 40960 ----a-r- c:\users\Heartless\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2013-01-24 04:13 . 2013-01-24 04:13 40960 ----a-r- c:\users\Heartless\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2013-01-24 04:13 . 2013-01-24 04:34 -------- d-----w- c:\program files (x86)\Project64 1.6
2013-01-20 05:54 . 2013-01-12 09:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-13 06:17 . 2010-02-04 16:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2013-01-13 06:17 . 2010-02-04 16:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2013-01-13 06:17 . 2010-02-04 16:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2013-01-13 06:17 . 2009-03-09 21:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2013-01-13 06:17 . 2007-03-12 22:42 3495784 ----a-w- c:\windows\SysWow64\d3dx9_33.dll
2013-01-13 06:17 . 2013-01-13 06:17 -------- d-----w- c:\program files (x86)\Microsoft XNA
2013-01-12 11:06 . 2013-01-12 11:07 8282192 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2013-01-10 22:53 . 2013-01-10 22:53 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2013-01-10 11:04 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-01-10 11:04 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-01-10 11:04 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-01-10 11:04 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-01-10 11:04 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-01-10 11:04 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-01-10 11:04 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-01-10 11:04 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-01-10 11:04 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-01-09 23:24 . 2013-01-30 11:01 -------- d-----w- c:\users\Heartless\AppData\Local\CrashDumps
2013-01-09 22:54 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
2013-01-09 22:53 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 22:53 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-09 11:53 . 2010-02-04 16:01 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2013-01-09 11:53 . 2010-02-04 16:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2013-01-09 11:53 . 2007-04-05 00:54 107368 ----a-w- c:\windows\system32\xinput1_3.dll
2013-01-09 11:53 . 2007-04-05 00:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2013-01-09 09:00 . 2013-01-20 05:52 -------- d-----w- c:\program files (x86)\Common Files\Steam
2013-01-02 10:04 . 2011-05-30 13:42 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2013-01-02 10:04 . 2011-05-30 13:42 255488 ----a-w- c:\windows\system32\xvidvfw.dll
2013-01-02 10:04 . 2011-05-23 09:52 153088 ----a-w- c:\windows\SysWow64\xvid.ax
2013-01-02 10:04 . 2011-05-23 07:49 173568 ----a-w- c:\windows\system32\xvid.ax
2013-01-02 10:04 . 2011-05-23 07:46 645632 ----a-w- c:\windows\SysWow64\xvidcore.dll
2013-01-02 10:04 . 2011-05-23 07:45 696832 ----a-w- c:\windows\system32\xvidcore.dll
2013-01-02 10:04 . 2013-01-02 10:05 -------- d-----w- c:\program files (x86)\Xvid
2013-01-02 09:52 . 2013-01-02 09:52 -------- d-----w- c:\program files (x86)\AviSynth 2.5
2013-01-02 09:41 . 2013-01-02 09:41 -------- d-----w- c:\program files (x86)\x264vfw
2013-01-02 08:56 . 2013-01-02 08:56 -------- d-----w- c:\program files (x86)\AVIcodec
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-31 09:16 . 2012-12-10 21:46 30528 ----a-w- c:\windows\GVTDrv64.sys
2013-01-31 09:16 . 2012-12-10 21:46 25640 ----a-w- c:\windows\gdrv.sys
2013-01-10 06:24 . 2012-12-20 07:13 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-09 01:01 . 2012-12-14 06:56 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 01:01 . 2012-12-14 06:56 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-16 17:11 . 2012-12-21 09:00 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 09:00 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 09:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 09:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-15 03:51 . 2012-12-15 03:51 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-12-14 12:12 . 2012-12-14 12:13 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-14 12:12 . 2012-12-14 12:13 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-12-14 06:26 . 2012-12-14 06:26 25640 ----a-w- c:\windows\etdrv.sys
2012-12-14 06:24 . 2012-12-14 06:25 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-11-30 04:45 . 2013-01-09 22:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-19 07:01 . 2012-12-18 07:46 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5AB93B51-95AD-43E8-A76B-D0A0A015D43F}\mpengine.dll
2012-11-16 05:33 . 2012-11-16 05:33 111968 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-11-14 07:06 . 2012-12-14 08:26 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-14 08:26 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-14 08:26 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-14 08:26 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-14 08:26 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-14 08:26 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-14 08:26 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-14 08:26 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-14 08:26 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-14 08:26 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-14 08:26 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-14 08:26 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-14 08:26 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-14 08:26 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-14 08:26 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-14 08:26 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-14 08:26 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-14 08:26 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-14 08:26 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-14 08:26 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-14 08:26 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-14 08:26 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-14 12:26 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-14 12:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2013-01-20 28467264]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-01-29 1354736]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-05-25 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-29 642728]
"UVCSti"="c:\program files (x86)\UVC Video Camera\UVCSti.exe" [2010-03-26 245760]
"RunUVC"="c:\program files (x86)\UVC Video Camera\EffectDir\UVCtray.exe" [2010-06-18 7548928]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-12-14 1046984]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru nOnce]
"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETCall.exe" [2012-02-01 40960]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-12-14 1091432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-07 31272]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-12-14 25640]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-02 130976]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2013-01-31 30528]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-01 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-16 111968]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-12-14 30568]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 Realtek11nCU;Realtek11nCU;c:\program files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
S2 vToolbarUpdater13.3.2;vToolbarUpdater13.3.2;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe [2012-12-14 894920]
S3 AODDriver;AODDriver;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2010-03-12 52280]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 Cam3820;Cam3820 PC Camera Driver;c:\windows\system32\Drivers\cam3820a.sys [2010-06-14 433536]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [2010-08-06 762472]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-25 00:01 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-14 01:01]
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-14 05:56]
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-14 05:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.msn.com
mDefault_Page_URL = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.2\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-Locked - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
AddRemove-couponamazing - c:\users\Heartless\AppData\Local\couponamazing\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2198545607-827547869-2066008582-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2198545607-827547869-2066008582-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_ 5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-31 04:44:17
ComboFix-quarantined-files.txt 2013-01-31 10:44
ComboFix2.txt 2013-01-31 09:08
.
Pre-Run: 442,782,715,904 bytes free
Post-Run: 442,484,813,824 bytes free
.
- - End Of File - - B8E5F8D7A5F4B71CFA0B92BD3A2AD352



ESET SCAN


C:\FRST\Quarantine\{80f7b7a2-818c-fe87-f196-90df9b357a74}\U\00000004.@ Win64/Conedex.C trojan
C:\FRST\Quarantine\{80f7b7a2-818c-fe87-f196-90df9b357a74}\U\80000000.@ Win64/Sirefef.AW trojan
C:\FRST\Quarantine\{80f7b7a2-818c-fe87-f196-90df9b357a74}\U\80000064.@ a variant of Win64/Sirefef.AN trojan
C:\Users\Heartless\Downloads\Hamachi_v.2.1.0.215.exe a variant of Win32/DomaIQ.A application
C:\Users\Heartless\Downloads\SoftonicDownloader_for_pinnacle-videospin.exe a variant of Win32/SoftonicDownloader.E application



and finally the checkup


Results of screen317's Security Check version 0.99.57
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2013
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java 7 Update 11
Google Chrome 24.0.1312.52
Google Chrome 24.0.1312.56
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 7%
````````````````````End of Log``````````````````````
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,631 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
31-Jan-2013, 09:26 AM #9
OK, do the following:

Open Notepad, select "Format" from the menu bar, make sure "Word Wrap" is not checked. Copy the text from the code box below to Notepad.

Code:
@echo off
del /f /s /q "C:\FRST"
del /f /s /q "C:\Users\Heartless\Downloads\Hamachi_v.2.1.0.215.exe"
del /f /s /q "C:\Users\Heartless\Downloads\SoftonicDownloader_for_pinnacle-videospin.exe"
del %0
Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
It should look like this: <--XP <--vista or windows 7
Double click on delfile.bat to execute it.
A black CMD window will flash, then disappear...this is normal.
The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

Next,

Remove Combofix now that we're done with it
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")

  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
The above procedure will delete the following:
  • ComboFix and its associated files and folders.
  • VundoFix backups, if present
  • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.

It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.

Next,
  • Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.
  • Double click icon to start the program.
    If you are using Vista or Windows 7 accept UAC
  • Then Click the big button.
  • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
  • This will remove tools we have used and itself.

Any tools/logs remaining on the Desktop can be deleted.

Next,

AVG is showing as outdated, that needs to be updated ASAP. Also you need to Defrag your hard drive, follow the instructions here if required: http://windows.microsoft.com/en-GB/w...your-hard-disk

Let me know if those steps complete OK, if no more issues are you ok to mark this up as solved? If so I`ll post a closure with hints and tips...

Kevin
heartlessdeath0's Avatar
heartlessdeath0 heartlessdeath0 is offline
Member with 6 posts.
THREAD STARTER
 
Join Date: Jan 2013
31-Jan-2013, 04:48 PM #10
Thank you very much, Kevin. I appreciate you taking the time to help me out.

ComboFix has been successfully un-installed, along with the other tools.

I just updated AVG and the system is currently being de-fragmented. I'd say we're all finished.

I'll mark this as solved as soon as you post your tips and tricks.

Thanks again

~Korey
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,631 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
31-Jan-2013, 04:52 PM #11
Thanks for the update Korey, good to hear all is OK... here are some tips to reduce the potential for malware infection in the future:

Make proper use of your antivirus and firewall

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Install and use WinPatrol from here http://www.winpatrol.com/download.html This will inform you of any attempted unauthorized changes to your system.

WinPatrol features explained here http://www.winpatrol.com/features.html

Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates. (Use stand alone version, not a full install)
If Java or Adobe are updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed. <--- Very important

Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

FireFox http://www.mozilla.com/en-US/,

Opera http://www.opera.com/, and

Chrome http://www.google.com/chrome.

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here http://www.bleepingcomputer.com/tuto...torial102.html which will help you to make IE MUCH safer.

These browser add-ons will help to make your browser safer:

Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

Available for Firefox and Internet Explorer.

Green to go,
Yellow for caution, and
Red to stop.


Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at this article:
http://browsers.about.com/od/addonsp...ty_privacy.htm

Here a couple of links by two security experts that will give some excellent tips and advice.

So how did I get infected in the first place by Tony Klein

How to prevent Malware by Miekiemoes

Finally this link http://www.geekstogo.com/forum/topic...yware-software will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

Take care,

Kevin
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑