Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Infected with Widgi Toolbar and have MBAM Pro

Started by Eganrac1239, May 10 2012 05:20 PM

This topic is locked
Go to first unread post

10 replies to this topic

#1
Eganrac1239

Posted 10 May 2012 - 05:20 PM

New Member

Members
5 posts

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Eganrac at 15:15:23 on 2012-05-10
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.8172.6144 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Users\Eganrac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eganrac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eganrac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eganrac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eganrac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eganrac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eganrac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eganrac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eganrac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eganrac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\World of Warcraft\Launcher.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.6\youtubedownloaderToolbarIE.dll
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.6\youtubedownloaderToolbarIE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.6\youtubedownloaderToolbarIE.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\Eganrac\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [CreativeTaskScheduler] "C:\Program Files (x86)\Creative\Shared Files\CTSched.exe" /logon
uRun: [PlayNC Launcher]
uRun: [Creative Software Update] "C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" /Silent
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [<NO NAME>]
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{A4042599-6155-4B2F-AC7B-6E46F7B5B00B} : DhcpNameServer = 192.168.0.1 205.171.3.25
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.6\youtubedownloaderToolbarIE.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.6\youtubedownloaderToolbarIE.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [CTxfiHlp] CTXFIHLP.EXE
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [(Default)]
IE-X64: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eganrac\AppData\Roaming\Mozilla\Firefox\Profiles\5br2vx7q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - component: C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\Users\Eganrac\AppData\Roaming\Mozilla\Firefox\Profiles\5br2vx7q.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll
FF - plugin: C:\Users\Eganrac\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\Eganrac\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - Ext: Targeted Advertising Cookie Opt-Out (TACO): optout@dubfire.net - C:\Program Files (x86)\Mozilla Firefox\extensions\optout@dubfire.net
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Update Notifier: {95f24680-9e31-11da-a746-0800200c9a66} - C:\Program Files (x86)\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - C:\Program Files (x86)\Mozilla Firefox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - C:\Program Files (x86)\Mozilla Firefox\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: XHTML Mobile Profile: {8ea9957e-2953-402f-80e0-bceb5f169d6f} - %profile%\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}
FF - Ext: wmlbrowser: {c4dc572a-3295-40eb-b30f-b54aa4cdc4b7} - %profile%\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}
FF - Ext: EWOQ Mobile Setup extension: {f035aa18-ee32-4e6e-81d2-57e32867f8a7} - %profile%\extensions\{f035aa18-ee32-4e6e-81d2-57e32867f8a7}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG2012\Firefox
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: FiddlerHook: fiddlerhook@fiddler2.com - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-4-23 785304]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2011-2-25 23680]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-10 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-4-30 2348352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 VaneFltr;Lachesis Mouse Driver;C:\Windows\system32\drivers\Lachesis.sys --> C:\Windows\system32\drivers\Lachesis.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-6-18 401920]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-5-19 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-3-2 79360]
S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SSMO3v2Filter;MMO3v2 Mouse;C:\Windows\system32\drivers\MO3v2Driver.sys --> C:\Windows\system32\drivers\MO3v2Driver.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 BCSWAP;BCSWAP;C:\Windows\system32\drivers\BCSWAP.sys --> C:\Windows\system32\drivers\BCSWAP.sys [?]
.
=============== Created Last 30 ================
.
2012-05-10 20:03:04 -------- d-----w- C:\Windows\pss
2012-05-07 22:56:26 -------- d-----w- C:\Users\Eganrac\AppData\Local\Red 5 Studios
2012-05-07 22:03:49 -------- d-----w- C:\Program Files (x86)\Xiph.Org
2012-05-07 22:00:10 -------- d-----w- C:\Program Files (x86)\Red 5 Studios
2012-05-05 16:51:19 -------- d-----w- C:\Program Files (x86)\YouTube Downloader Toolbar
2012-05-05 16:51:19 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2012-05-05 16:51:19 -------- d-----w- C:\Program Files (x86)\Application Updater
2012-04-12 16:27:46 -------- d--h--w- C:\$AVG
.
==================== Find3M ====================
.
2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-29 21:00:22 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-02-29 21:00:09 6074176 ----a-w- C:\Windows\System32\nvcpl.dll
2012-02-29 20:59:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-02-29 20:59:47 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-02-29 20:59:47 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-02-29 20:26:56 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-01-23 04:31:45 859497 ----a-w- C:\Program Files (x86)\BPClientSetup.exe
2012-01-23 04:31:41 229060345 ----a-w- C:\Program Files (x86)\BPClientSetup-2b.bin
2012-01-23 04:29:26 1566000000 ----a-w- C:\Program Files (x86)\BPClientSetup-2a.bin
2012-01-23 04:14:59 1566000000 ----a-w- C:\Program Files (x86)\BPClientSetup-1c.bin
2012-01-23 03:59:24 1566000000 ----a-w- C:\Program Files (x86)\BPClientSetup-1b.bin
2012-01-23 03:41:32 1565140352 ----a-w- C:\Program Files (x86)\BPClientSetup-1a.bin
2011-02-15 21:45:50 1867776 ----a-w- C:\Program Files (x86)\LaunchKaros.exe
2011-02-09 05:54:46 1088786096 ----a-w- C:\Program Files (x86)\KarosOnline_02_1067.exe
2011-01-25 22:45:06 1583104 ----a-w- C:\Program Files (x86)\AMo.exe
2011-01-21 04:27:36 200704 ----a-w- C:\Program Files (x86)\Karos_Launcher.dll
2010-09-21 00:20:04 726016 ----a-w- C:\Program Files (x86)\7z.dll
2009-12-12 00:01:00 292545 ----a-w- C:\Program Files (x86)\GameGuard.des
2009-09-09 05:30:08 4378632 ----a-w- C:\Program Files (x86)\D3DX9_40.dll
2009-09-09 05:29:54 991752 ----a-w- C:\Program Files (x86)\dbghelp.dll
2009-09-09 05:29:36 484872 ----a-w- C:\Program Files (x86)\msvcm80.dll
2009-09-09 05:29:18 554504 ----a-w- C:\Program Files (x86)\msvcp80.dll
2009-09-09 05:29:02 632328 ----a-w- C:\Program Files (x86)\msvcr80.dll
2009-09-09 05:28:00 101896 ----a-w- C:\Program Files (x86)\atl80.dll
2009-08-14 19:32:08 425984 ----a-w- C:\Program Files (x86)\WeberForClient.dll
2009-08-14 19:22:22 1875968 ----a-w- C:\Program Files (x86)\WeberForClientD.dll
2009-08-11 04:33:46 180224 ----a-w- C:\Program Files (x86)\HanReportForClient.dll
2009-08-11 04:33:44 651264 ----a-w- C:\Program Files (x86)\HanReportForClientD.dll
.
============= FINISH: 15:16:23.13 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 1/7/2005 8:20:43 AM
System Uptime: 5/10/2012 3:10:56 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P8P67 PRO
Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz | LGA1155 | 3301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 53.278 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_1C3A&SUBSYS_844D1043&REV_04\3&11583659&0&B0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_1C3A&SUBSYS_844D1043&REV_04\3&11583659&0&B0
Service:
.
Class GUID:
Description:
Device ID: USB\VID_0CF3&PID_3000\6&F57D961&0&7
Manufacturer:
Name:
PNP Device ID: USB\VID_0CF3&PID_3000\6&F57D961&0&7
Service:
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_03\4&12102E1&0&00E4
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_03\4&12102E1&0&00E4
Service:
.
Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_844D1043&REV_04\3&11583659&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_844D1043&REV_04\3&11583659&0&FB
Service:
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_03\4&1E524C1D&0&00E1
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_03\4&1E524C1D&0&00E1
Service:
.
==== System Restore Points ===================
.
RP145: 5/9/2012 2:34:43 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.5
Aion
Alice Madness Returns
Amazon Games & Software Downloader
And Yet It Moves 1.2.0
Apple Application Support
Apple Software Update
Aquaria
Assassin's Creed
Assassin's Creed II
Atom Zombie Smasher
µTorrent
Audiosurf
Avid Codecs LE
Batman: Arkham Asylum GOTY Edition
BCWipe 3.0
Beat Hazard
BioShock
Black Prophecy
Braid
BufferChm
Charles
Cogs
Crayon Physics Deluxe version 55
Creative ALchemy
Creative Audio Control Panel
Creative Console Launcher
Creative MediaSource 5
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Creative WaveStudio 7
CrimeCraft GangWars
Curse Client
D110
Day of Defeat: Source
Destinations
DeviceDiscovery
Diablo III Beta
Dota 2
Dragonsphere
EasyBits GO
EVEREST Ultimate Edition
Fallout
Fiddler2
FINAL FANTASY XI: Chains of Promathia
FINAL FANTASY XI: Rise of the Zilart
FINAL FANTASY XI: Treasures of Aht Urhgan
FINAL FANTASY XI: Wings of the Goddess
Gish
Global Agenda Launcher
GOM Player
GOMTV Streamer
Google Chrome
Google Talk Plugin
HandBrake 0.9.5
Hellgate
HPAppStudio
HPPhotoGadget
ioquake3
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 30
KarosOnline
Killing Floor
LastPass (uninstall only)
League of Legends
Magicka
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Excel Viewer
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
mIRC
Mozilla Firefox (en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mumble 1.2.3
Music Manager
NCsoft Launcher
Need For Speed™ World
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
OpenOffice.org 3.3
Orcs Must Die!
Origin
Pando Media Booster
Plants vs. Zombies: Game of the Year
Pokemon World Online version 1.73
Portal 2
PS_AIO_07_D110_SW_Min
Quake III Arena
QuickPar 0.9
QuickTime
QuickTransfer
Revenge of the Titans
RIFT
Saints Row: The Third
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Sequence
Skype Toolbars
Skype™ 5.3
SmartWebPrinting
Spiral Knights
Spotify
Star Wars: The Old Republic
StarCraft II
Status
Steam
Steel Storm - Burning Retribution (remove only)
System Requirements Lab CYRI
Team Fortress 2
Terraria
The Elder Scrolls V: Skyrim
Toolbox
TrayApp
Treasure Adventure Game
Ubisoft Game Launcher
Ultima 4 - Quest of the Avatar
Unity Web Player
Universal Extractor 1.6
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.9
VVVVVV version 2.0
WebReg
Win7codecs
World of Warcraft
World of Warcraft Beta
World of Warcraft Public Test
Worms Ultimate Mayhem
Xiph.Org Open Codecs 0.85.17777
YouTube Downloader 3.4
YouTube Downloader Toolbar v5.6
.
==== Event Viewer Messages From Past Week ========
.
5/10/2012 12:24:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Hi-Rez Studios Authenticate and Update Service service to connect.
5/10/2012 12:24:10 PM, Error: Service Control Manager [7000] - The Hi-Rez Studios Authenticate and Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

Hope these help!

Attached Files

DDS.txt 25.19K 8 downloads
Attach DDS.txt 6.88K 14 downloads

#2
Elise

Posted 11 May 2012 - 09:51 AM

Forum Deity

Experts
8,720 posts

Gender:Female
Location:Romania

Hello and

COMBOFIX
---------------
Please download ComboFix from one of these locations:

Bleepingcomputer

ForoSpyware

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
Double click on Combofix.exe and follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

#3
Eganrac1239

Posted 19 May 2012 - 01:38 PM

New Member

Members
5 posts

0_0 im so sorry. Apparently malwarebytes didnt e-mail me a notification letting me know someone commented on my post. Here is my combofix log. Thanks again!

_________________________________________________________________________________________________________________________________

ComboFix 12-05-19.01 - Eganrac 05/19/2012 11:20:04.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.8172.5392 [GMT -7:00]
Running from: c:\users\Eganrac\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\KarosOnline_02_1067.exe
c:\users\Eganrac\AppData\Local\assembly\tmp
c:\users\Eganrac\AppData\Roaming\Love
c:\users\Eganrac\AppData\Roaming\Love\not_tetris_2\highscoresA.txt
c:\users\Eganrac\AppData\Roaming\Love\not_tetris_2\highscoresB.txt
c:\users\Eganrac\AppData\Roaming\Love\not_tetris_2\options.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-04-19 to 2012-05-19 )))))))))))))))))))))))))))))))
.
.
2012-05-19 18:27 . 2012-05-19 18:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-18 17:18 . 2012-05-18 17:18 -------- d-----w- c:\program files (x86)\YouTube Downloader Toolbar
2012-05-18 17:18 . 2012-05-18 17:18 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2012-05-18 17:18 . 2012-05-18 17:18 -------- d-----w- c:\program files (x86)\Application Updater
2012-05-14 16:56 . 2012-05-14 17:10 -------- d-----w- c:\program files (x86)\Diablo III
2012-05-12 23:05 . 2012-05-12 23:05 -------- d-----w- c:\program files (x86)\Diablo 3
2012-05-11 20:38 . 2012-05-11 20:38 -------- d-----w- c:\users\Eganrac\AppData\Roaming\Amazon
2012-05-11 20:38 . 2012-05-11 20:38 -------- d-----w- c:\users\Eganrac\AppData\Local\Amazon
2012-05-07 22:56 . 2012-05-07 22:56 -------- d-----w- c:\users\Eganrac\AppData\Local\Red 5 Studios
2012-05-07 22:03 . 2012-05-07 22:03 -------- d-----w- c:\program files (x86)\Xiph.Org
2012-05-07 22:00 . 2012-05-07 22:00 -------- d-----w- c:\program files (x86)\Red 5 Studios
2012-04-30 20:12 . 2012-05-10 19:25 -------- d-----w- c:\users\UpdatusUser
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 22:56 . 2011-04-24 18:50 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 00:02 . 2011-11-15 10:46 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-03-01 00:02 . 2011-11-15 10:46 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-03-01 00:02 . 2011-11-15 10:46 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-03-01 00:02 . 2011-11-15 10:46 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-03-01 00:02 . 2010-07-10 05:38 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-03-01 00:02 . 2009-07-13 21:59 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-02-29 21:00 . 2011-02-23 08:39 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-02-29 21:00 . 2011-02-23 08:39 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:59 . 2011-02-23 08:38 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:59 . 2011-02-23 08:38 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:59 . 2010-07-09 16:27 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-02-29 20:26 . 2012-02-29 20:26 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-01-23 04:31 . 2012-01-23 04:31 859497 ----a-w- c:\program files (x86)\BPClientSetup.exe
2012-01-23 04:31 . 2012-01-23 04:29 229060345 ----a-w- c:\program files (x86)\BPClientSetup-2b.bin
2012-01-23 04:29 . 2012-01-23 04:14 1566000000 ----a-w- c:\program files (x86)\BPClientSetup-2a.bin
2012-01-23 04:14 . 2012-01-23 03:59 1566000000 ----a-w- c:\program files (x86)\BPClientSetup-1c.bin
2012-01-23 03:59 . 2012-01-23 03:41 1566000000 ----a-w- c:\program files (x86)\BPClientSetup-1b.bin
2012-01-23 03:41 . 2012-01-23 03:23 1565140352 ----a-w- c:\program files (x86)\BPClientSetup-1a.bin
2011-02-15 21:45 . 2011-03-30 00:48 1867776 ----a-w- c:\program files (x86)\LaunchKaros.exe
2011-01-25 22:45 . 2011-03-30 00:48 1583104 ----a-w- c:\program files (x86)\AMo.exe
2011-01-21 04:27 . 2011-03-30 00:48 200704 ----a-w- c:\program files (x86)\Karos_Launcher.dll
2010-09-21 00:20 . 2010-09-21 00:20 726016 ----a-w- c:\program files (x86)\7z.dll
2009-12-12 00:01 . 2011-03-30 00:48 292545 ----a-w- c:\program files (x86)\GameGuard.des
2009-09-09 05:30 . 2011-03-30 00:48 4378632 ----a-w- c:\program files (x86)\D3DX9_40.dll
2009-09-09 05:29 . 2011-03-30 00:48 991752 ----a-w- c:\program files (x86)\dbghelp.dll
2009-09-09 05:29 . 2011-03-30 00:48 484872 ----a-w- c:\program files (x86)\msvcm80.dll
2009-09-09 05:29 . 2011-03-30 00:48 554504 ----a-w- c:\program files (x86)\msvcp80.dll
2009-09-09 05:29 . 2011-03-30 00:48 632328 ----a-w- c:\program files (x86)\msvcr80.dll
2009-09-09 05:28 . 2011-03-30 00:48 101896 ----a-w- c:\program files (x86)\atl80.dll
2009-08-14 19:32 . 2011-03-30 00:48 425984 ----a-w- c:\program files (x86)\WeberForClient.dll
2009-08-14 19:22 . 2011-03-30 00:48 1875968 ----a-w- c:\program files (x86)\WeberForClientD.dll
2009-08-11 04:33 . 2011-03-30 00:48 180224 ----a-w- c:\program files (x86)\HanReportForClient.dll
2009-08-11 04:33 . 2011-03-30 00:48 651264 ----a-w- c:\program files (x86)\HanReportForClientD.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CreativeTaskScheduler"="c:\program files (x86)\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
"Creative Software Update"="c:\program files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" [2009-01-15 430968]
"MusicManager"="c:\users\Eganrac\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-05-10 13805568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-05-17 992648]
.
c:\users\Eganrac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-5-11 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2011-04-21 23680]
R3 ALSysIO;ALSysIO;c:\users\Eganrac\AppData\Local\Temp\ALSysIO64.sys [x]
R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-05-19 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-03-03 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SSMO3v2Filter;MMO3v2 Mouse;c:\windows\system32\drivers\MO3v2Driver.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 BCSWAP;BCSWAP; [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-05-17 785344]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3997576125-1133855517-1033892153-1000Core.job
- c:\users\Eganrac\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-03 05:11]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3997576125-1133855517-1033892153-1000UA.job
- c:\users\Eganrac\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-03 05:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 190472]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-14 415752]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-14 2093064]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-14 4195848]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-11 1873256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
FF - ProfilePath - c:\users\Eganrac\AppData\Roaming\Mozilla\Firefox\Profiles\5br2vx7q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - Ext: Targeted Advertising Cookie Opt-Out (TACO): optout@dubfire.net - c:\program files (x86)\Mozilla Firefox\extensions\optout@dubfire.net
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Update Notifier: {95f24680-9e31-11da-a746-0800200c9a66} - c:\program files (x86)\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\program files (x86)\Mozilla Firefox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - c:\program files (x86)\Mozilla Firefox\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: XHTML Mobile Profile: {8ea9957e-2953-402f-80e0-bceb5f169d6f} - %profile%\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}
FF - Ext: wmlbrowser: {c4dc572a-3295-40eb-b30f-b54aa4cdc4b7} - %profile%\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}
FF - Ext: EWOQ Mobile Setup extension: {f035aa18-ee32-4e6e-81d2-57e32867f8a7} - %profile%\extensions\{f035aa18-ee32-4e6e-81d2-57e32867f8a7}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files (x86)\AVG\AVG2012\Firefox
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: FiddlerHook: fiddlerhook@fiddler2.com - c:\program files (x86)\Fiddler2\FiddlerHook
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3997576125-1133855517-1033892153-1000\Software\SecuROM\License information*]
"datasecu"=hex:7f,79,b0,52,45,47,9e,d0,d6,d9,95,bb,a7,ef,f2,ca,65,56,68,29,d2,
cf,c0,00,cb,f3,2f,7f,f2,db,75,25,31,ec,3c,9e,3f,21,3e,f7,27,e6,e7,f0,6b,77,\
"rkeysecu"=hex:b7,86,a4,1d,e9,d1,63,3d,ad,54,a8,46,4c,8b,0d,37
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\windows\SysWOW64\Ctxfihlp.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDMedia.exe
c:\windows\SysWOW64\CTXFISPI.EXE
.
**************************************************************************
.
Completion time: 2012-05-19 11:35:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-19 18:35
.
Pre-Run: 36,837,146,624 bytes free
Post-Run: 37,807,017,984 bytes free
.
- - End Of File - - 208A7A661ACF3EE11C6A4A3318CD1CEF

#4
Elise

Posted 19 May 2012 - 02:33 PM

Forum Deity

Experts
8,720 posts

Gender:Female
Location:Romania

No problem, notifications don't always work as they should, best is to check your Content on the site as well.

P2P WARNING
-------------------
Going over your logs I noticed that you have uTorrent installed.

Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Download the latest version of Java Runtime Environment (JRE) Version 7u3.
Look for "JDK 7u3 (JDK or JRE).
Click the "Download JRE" button at the right.
Read the License Agreement, and then check the box that says: "Accept License Agreement".
- Select "Windows x86 Offline" and click on jre-7-windows-i586.exe
Save it to your desktop
Close any programs you may have running - especially your web browser.
Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
Reboot your computer once all Java components are removed.
Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

Please launch MBAM, update it and run a full scan. Post me the resulting log.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

#5
Eganrac1239

Posted 23 May 2012 - 12:46 AM

New Member

Members
5 posts

<p> </p>
<div>Malwarebytes Anti-Malware (PRO) 1.61.0.1400</div>
<div>www.malwarebytes.org</div>
<div> </div>
<div>Database version: v2012.05.22.01</div>
<div> </div>
<div>Windows 7 Service Pack 1 x64 NTFS</div>
<div>Internet Explorer 9.0.8112.16421</div>
<div>Eganrac :: EGANRAC-PC [administrator]</div>
<div> </div>
<div>Protection: Enabled</div>
<div> </div>
<div>5/22/2012 8:51:29 PM</div>
<div>mbam-log-2012-05-22 (20-51-29).txt</div>
<div> </div>
<div>Scan type: Full scan</div>
<div>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</div>
<div>Scan options disabled: P2P</div>
<div>Objects scanned: 489899</div>
<div>Time elapsed: 1 hour(s), 34 minute(s), 22 second(s)</div>
<div> </div>
<div>Memory Processes Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Memory Modules Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Registry Keys Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Registry Values Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Registry Data Items Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Folders Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Files Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>(end)</div>
<div> </div>
<div> </div>
<div>Got rid of the old java and got the new one. Don't even use UTorrent anymore. Haven't in a long time and won't be anymore

Nothing malicious but Widgi still comes up on startup.</div>

#6
Elise

Posted 23 May 2012 - 12:56 AM

Forum Deity

Experts
8,720 posts

Gender:Female
Location:Romania

Hi, the following should take care of that.

CF-SCRIPT
-------------
We need to execute a CF-script.

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-

Folder::
c:\program files (x86)\Common Files\Spigot

Firefox::
FF - ProfilePath - C:\Users\Eganrac\AppData\Roaming\Mozilla\Firefox\Profiles\5br2vx7q.default\
FF - component: C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on this link to open ESET OnlineScan in a new window.
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
- Double click on the
  icon on your desktop.
Check "YES, I accept the Terms of Use."
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
- Scan potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

#7
Eganrac1239

Posted 23 May 2012 - 01:41 AM

New Member

Members
5 posts

The ESET link isnt working so I went to their main page and tried to use the link to run the scanner and that link isn't working either unfortunately. Here's the combofix log

ComboFix 12-05-19.01 - Eganrac 05/22/2012 23:10:13.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.8172.5294 [GMT -7:00]
Running from: c:\users\Eganrac\Downloads\ComboFix.exe
Command switches used :: c:\users\Eganrac\Downloads\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Spigot
c:\program files (x86)\Common Files\Spigot\Search Settings\baidu_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\baidu_ie.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\config.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1031.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1033.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1034.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1036.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1040.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files (x86)\Common Files\Spigot\Search Settings\wth.dll
c:\program files (x86)\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\yandex_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\yandex_ie.xml
c:\program files (x86)\Common Files\Spigot\wtxpcom\chrome.manifest
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\chrome.manifest
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\install.rdf
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9
c:\program files (x86)\Common Files\Spigot\wtxpcom\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2012-04-23 to 2012-05-23 )))))))))))))))))))))))))))))))
.
.
2012-05-23 06:15 . 2012-05-23 06:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-23 04:32 . 2012-05-23 04:32 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-23 04:31 . 2012-05-23 04:31 -------- d-----w- c:\program files (x86)\Oracle
2012-05-23 04:31 . 2012-04-05 01:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-23 03:40 . 2012-05-23 03:40 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-23 03:40 . 2012-05-23 03:40 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-23 03:40 . 2012-05-23 03:40 -------- d-----w- c:\program files\Java
2012-05-22 23:10 . 2011-07-07 20:51 1452648 ----a-w- c:\windows\system32\nvhdagenco6420102.dll
2012-05-22 23:08 . 2011-10-20 09:50 3074368 ----a-r- c:\windows\system32\nvsvcr.dll
2012-05-22 23:06 . 2012-05-15 10:48 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-22 23:06 . 2012-05-15 10:48 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-22 23:06 . 2012-05-15 10:48 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-22 23:06 . 2012-05-15 10:48 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-22 23:00 . 2012-05-15 09:29 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-18 17:18 . 2012-05-18 17:18 -------- d-----w- c:\program files (x86)\YouTube Downloader Toolbar
2012-05-18 17:18 . 2012-05-18 17:18 -------- d-----w- c:\program files (x86)\Application Updater
2012-05-15 09:21 . 2012-05-15 09:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-14 16:56 . 2012-05-14 17:10 -------- d-----w- c:\program files (x86)\Diablo III
2012-05-12 23:05 . 2012-05-12 23:05 -------- d-----w- c:\program files (x86)\Diablo 3
2012-05-11 20:38 . 2012-05-11 20:38 -------- d-----w- c:\users\Eganrac\AppData\Roaming\Amazon
2012-05-11 20:38 . 2012-05-11 20:38 -------- d-----w- c:\users\Eganrac\AppData\Local\Amazon
2012-05-07 22:56 . 2012-05-07 22:56 -------- d-----w- c:\users\Eganrac\AppData\Local\Red 5 Studios
2012-05-07 22:03 . 2012-05-07 22:03 -------- d-----w- c:\program files (x86)\Xiph.Org
2012-05-07 22:00 . 2012-05-07 22:00 -------- d-----w- c:\program files (x86)\Red 5 Studios
2012-04-30 20:12 . 2012-05-22 23:10 -------- d-----w- c:\users\UpdatusUser
2012-04-30 20:10 . 2012-05-15 10:48 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-15 10:48 . 2011-11-15 10:46 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-11-15 10:46 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2010-07-10 05:38 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2009-07-13 21:59 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 09:29 . 2011-02-23 08:38 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-02-23 08:38 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2010-07-09 16:27 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2011-02-23 08:39 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-02-23 08:39 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-04-05 01:47 . 2011-03-03 11:21 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 22:56 . 2011-04-24 18:50 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-23 04:31 . 2012-01-23 04:31 859497 ----a-w- c:\program files (x86)\BPClientSetup.exe
2012-01-23 04:31 . 2012-01-23 04:29 229060345 ----a-w- c:\program files (x86)\BPClientSetup-2b.bin
2012-01-23 04:29 . 2012-01-23 04:14 1566000000 ----a-w- c:\program files (x86)\BPClientSetup-2a.bin
2012-01-23 04:14 . 2012-01-23 03:59 1566000000 ----a-w- c:\program files (x86)\BPClientSetup-1c.bin
2012-01-23 03:59 . 2012-01-23 03:41 1566000000 ----a-w- c:\program files (x86)\BPClientSetup-1b.bin
2012-01-23 03:41 . 2012-01-23 03:23 1565140352 ----a-w- c:\program files (x86)\BPClientSetup-1a.bin
2011-02-15 21:45 . 2011-03-30 00:48 1867776 ----a-w- c:\program files (x86)\LaunchKaros.exe
2011-01-25 22:45 . 2011-03-30 00:48 1583104 ----a-w- c:\program files (x86)\AMo.exe
2011-01-21 04:27 . 2011-03-30 00:48 200704 ----a-w- c:\program files (x86)\Karos_Launcher.dll
2010-09-21 00:20 . 2010-09-21 00:20 726016 ----a-w- c:\program files (x86)\7z.dll
2009-12-12 00:01 . 2011-03-30 00:48 292545 ----a-w- c:\program files (x86)\GameGuard.des
2009-09-09 05:30 . 2011-03-30 00:48 4378632 ----a-w- c:\program files (x86)\D3DX9_40.dll
2009-09-09 05:29 . 2011-03-30 00:48 991752 ----a-w- c:\program files (x86)\dbghelp.dll
2009-09-09 05:29 . 2011-03-30 00:48 484872 ----a-w- c:\program files (x86)\msvcm80.dll
2009-09-09 05:29 . 2011-03-30 00:48 554504 ----a-w- c:\program files (x86)\msvcp80.dll
2009-09-09 05:29 . 2011-03-30 00:48 632328 ----a-w- c:\program files (x86)\msvcr80.dll
2009-09-09 05:28 . 2011-03-30 00:48 101896 ----a-w- c:\program files (x86)\atl80.dll
2009-08-14 19:32 . 2011-03-30 00:48 425984 ----a-w- c:\program files (x86)\WeberForClient.dll
2009-08-14 19:22 . 2011-03-30 00:48 1875968 ----a-w- c:\program files (x86)\WeberForClientD.dll
2009-08-11 04:33 . 2011-03-30 00:48 180224 ----a-w- c:\program files (x86)\HanReportForClient.dll
2009-08-11 04:33 . 2011-03-30 00:48 651264 ----a-w- c:\program files (x86)\HanReportForClientD.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-19_18.30.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-05-23 06:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-18 17:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-18 17:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-23 06:16 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-18 17:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-23 06:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-03 05:09 . 2012-05-23 03:19 36968 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-23 03:19 27590 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-05-22 23:17 . 2012-04-18 17:08 31040 c:\windows\system32\nvhdap64.dll
- 2009-07-14 05:30 . 2012-04-30 20:12 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-05-22 23:19 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-05-22 23:10 . 2011-07-07 20:51 29288 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_d9dc0257f3c16ec3\nvhdap64.dll
+ 2012-05-22 23:10 . 2011-07-07 20:51 70760 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_d9dc0257f3c16ec3\nvapo64v.dll
+ 2012-05-22 23:17 . 2012-04-18 17:08 31040 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_9f01b2372a747820\nvhdap64.dll
+ 2012-05-22 23:17 . 2012-04-18 17:08 72512 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_9f01b2372a747820\nvapo64v.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 68928 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\OpenCL64.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 61248 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\OpenCL.dll
+ 2012-05-22 23:06 . 2011-10-20 09:50 68928 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\OpenCL64.dll
+ 2012-05-22 23:06 . 2011-10-20 09:50 61248 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\OpenCL.dll
+ 2005-01-07 16:14 . 2012-05-22 23:08 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2005-01-07 16:14 . 2012-05-10 19:32 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2005-01-07 16:14 . 2012-05-10 19:32 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2005-01-07 16:14 . 2012-05-22 23:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-10 19:32 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-22 23:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-11 23:41 . 2012-05-23 06:15 4222 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2005-01-07 16:23 . 2012-05-23 03:19 9918 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3997576125-1133855517-1033892153-1000_UserData.bin
+ 2012-05-22 23:17 . 2012-05-15 10:48 4096 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvdetx.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 4096 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvdet.dll
+ 2012-05-23 06:16 . 2012-05-23 06:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-19 18:30 . 2012-05-19 18:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-23 06:16 . 2012-05-23 06:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-19 18:30 . 2012-05-19 18:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-22 23:17 . 2012-05-15 10:48 818496 c:\windows\SysWOW64\nvumdshim.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 202048 c:\windows\SysWOW64\nvinit.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 301376 c:\windows\SysWOW64\nvdecodemft.dll
+ 2012-05-23 04:31 . 2012-04-05 01:47 227720 c:\windows\SysWOW64\javaws.exe
+ 2012-05-23 04:30 . 2012-05-23 04:30 174024 c:\windows\SysWOW64\javaw.exe
+ 2012-05-23 04:30 . 2012-05-23 04:30 174024 c:\windows\SysWOW64\java.exe
+ 2009-07-14 02:36 . 2012-05-22 23:12 666718 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-15 07:02 666718 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-22 23:12 126444 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-15 07:02 126444 c:\windows\system32\perfc009.dat
+ 2012-05-22 23:17 . 2012-05-15 10:48 246592 c:\windows\system32\nvinitx.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 364352 c:\windows\system32\nvdecodemft.dll
+ 2012-05-23 03:40 . 2012-05-23 03:40 268744 c:\windows\system32\javaws.exe
+ 2012-05-23 03:40 . 2012-05-23 03:40 189384 c:\windows\system32\javaw.exe
+ 2012-05-23 03:40 . 2012-05-23 03:40 188872 c:\windows\system32\java.exe
+ 2009-07-14 05:30 . 2012-05-22 23:19 239616 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-04-30 20:12 239616 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-05-22 23:19 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-04-30 20:12 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2012-05-22 23:17 . 2012-05-15 12:55 398656 c:\windows\system32\DriverStore\FileRepository\nvstusb.inf_amd64_neutral_9040728c38bb13af\nvstusb64.sys
+ 2012-05-22 23:09 . 2011-10-20 12:45 291648 c:\windows\system32\DriverStore\FileRepository\nvstusb.inf_amd64_neutral_6bd42d842972ff19\nvstusb64.sys
+ 2012-05-22 23:10 . 2011-07-07 20:51 174184 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_d9dc0257f3c16ec3\nvhda64v.sys
+ 2012-05-22 23:10 . 2011-07-07 20:51 150120 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_d9dc0257f3c16ec3\nvhda64.sys
+ 2012-05-22 23:17 . 2012-04-18 17:08 188736 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_9f01b2372a747820\nvhda64v.sys
+ 2012-05-22 23:17 . 2012-04-18 17:08 156480 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_9f01b2372a747820\nvhda64.sys
+ 2012-05-22 23:17 . 2012-05-15 10:48 949056 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvumdshimx.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 818496 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvumdshim.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 313664 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvml.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 246592 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvinitx.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 202048 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvinit.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 202560 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvidia-smi.exe
+ 2012-05-22 23:17 . 2012-05-15 10:48 333120 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvEncodeAPI64.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 282432 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvEncodeAPI.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 249856 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvdxgiwrapx.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 220480 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvdxgiwrap.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 301376 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvdecodemft32.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 364352 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvdecodemft.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 316928 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\Nvd3d9wrapx.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 285504 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\Nvd3d9wrap.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 232768 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\dbInstaller.exe
+ 2012-05-22 23:06 . 2011-10-20 09:50 284480 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvml.dll
+ 2012-05-22 23:06 . 2011-10-20 09:50 200512 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvidia-smi.exe
+ 2012-05-22 23:06 . 2011-10-20 09:50 316928 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvdrsdb.bin
+ 2012-05-22 23:06 . 2011-10-20 09:50 224064 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\dbInstaller.exe
+ 2012-05-22 23:17 . 2012-04-18 17:08 188736 c:\windows\system32\drivers\nvhda64v.sys
- 2009-07-14 05:01 . 2012-05-19 18:29 281292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-23 06:15 281292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-23 04:31 . 2012-05-23 04:31 179200 c:\windows\Installer\43a9c3.msi
+ 2012-05-23 04:31 . 2012-05-23 04:31 461312 c:\windows\Installer\43a9be.msi
+ 2012-05-23 03:39 . 2012-05-23 03:39 891392 c:\windows\Installer\15afb2.msi
+ 2012-05-22 23:17 . 2012-05-15 10:48 8105280 c:\windows\SysWOW64\nvwgf2um.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 2524992 c:\windows\SysWOW64\nvcuvid.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 2445120 c:\windows\SysWOW64\nvcuvenc.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 5982528 c:\windows\SysWOW64\nvcuda.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 2368832 c:\windows\SysWOW64\nvapi.dll
+ 2012-05-22 23:17 . 2012-04-18 17:08 1451840 c:\windows\system32\nvhdagenco6420103.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 2681664 c:\windows\system32\nvcuvid.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 2881856 c:\windows\system32\nvcuvenc.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 8139072 c:\windows\system32\nvcuda.dll
+ 2012-05-22 23:17 . 2012-05-15 12:55 1468224 c:\windows\system32\DriverStore\FileRepository\nvstusb.inf_amd64_neutral_9040728c38bb13af\nvgenco64.dll
+ 2012-05-22 23:09 . 2011-10-20 12:45 1454912 c:\windows\system32\DriverStore\FileRepository\nvstusb.inf_amd64_neutral_6bd42d842972ff19\nvgenco64.dll
+ 2012-05-22 23:10 . 2011-07-07 20:51 1452648 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_d9dc0257f3c16ec3\nvgenco64.dll
+ 2012-05-22 23:17 . 2012-04-18 17:08 1451840 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_9f01b2372a747820\nvgenco64.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 8105280 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvwgf2um.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 1468224 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvgenco64.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 1066872 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvdrsdb.bin
+ 2012-05-22 23:17 . 2012-05-15 10:48 1738048 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvdispco64.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 2524992 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvcuvid32.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 2681664 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvcuvid.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 2881856 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvcuvenc64.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 2445120 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvcuvenc.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 5982528 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvcuda32.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 8139072 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvcuda.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 2741568 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvapi64.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 2368832 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvapi.dll
+ 2012-05-22 23:06 . 2011-10-20 09:50 8791360 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvwgf2umx.dll
+ 2012-05-22 23:06 . 2011-10-20 09:50 7042368 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvwgf2um.dll
+ 2012-05-22 23:08 . 2011-10-20 09:50 1454400 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvgenco64.dll
+ 2012-05-22 23:08 . 2011-10-20 09:50 1533248 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvdispco64.dll
+ 2012-05-22 23:06 . 2011-10-20 09:50 2401600 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvcuvid32.dll
+ 2012-05-22 23:06 . 2011-10-20 09:50 2543936 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvcuvid.dll
+ 2012-05-22 23:06 . 2011-10-20 09:50 2232128 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvcuvenc64.dll
+ 2012-05-22 23:06 . 2011-10-20 09:50 2099520 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvcuvenc.dll
+ 2012-05-22 23:06 . 2011-10-20 09:50 5581632 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvcuda32.dll
+ 2012-05-22 23:06 . 2011-10-20 09:50 7585600 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvcuda.dll
+ 2012-05-22 23:06 . 2011-10-20 09:50 2808640 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvapi64.dll
+ 2012-05-22 23:06 . 2011-10-20 09:50 2458432 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvapi.dll
+ 2011-03-09 11:17 . 2012-05-23 06:15 9090192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3997576125-1133855517-1033892153-1000-12288.dat
+ 2012-05-22 23:17 . 2012-05-15 10:48 19607872 c:\windows\SysWOW64\nvoglv32.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 17551680 c:\windows\SysWOW64\nvcompiler.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 25743168 c:\windows\system32\nvoglv64.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 25248064 c:\windows\system32\nvcompiler.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 10194752 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvwgf2umx.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 25743168 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvoglv64.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 19607872 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvoglv32.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 14298944 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvlddmkm.sys
+ 2012-05-22 23:17 . 2012-05-15 10:48 18044224 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvd3dumx.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 15322432 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvd3dum.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 30945512 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\NvCplSetupEng.exe
+ 2012-05-22 23:17 . 2012-05-15 10:48 17551680 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvcompiler32.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 25248064 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvcompiler.dll
+ 2012-05-22 23:06 . 2011-10-20 09:50 24743744 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvoglv64.dll
+ 2012-05-22 23:06 . 2011-10-20 09:50 18872128 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvoglv32.dll
+ 2012-05-22 23:06 . 2011-10-20 09:50 12972352 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvlddmkm.sys
+ 2012-05-22 23:06 . 2011-10-20 09:50 15694144 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvd3dumx.dll
+ 2012-05-22 23:06 . 2011-10-20 09:50 13205824 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvd3dum.dll
+ 2012-05-22 23:06 . 2011-10-20 09:50 17248576 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvcompiler32.dll
+ 2012-05-22 23:06 . 2011-10-20 09:50 24796992 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_1fea808aa86028da\nvcompiler.dll
+ 2012-05-22 23:17 . 2012-05-15 10:48 14298944 c:\windows\system32\drivers\nvlddmkm.sys
+ 2012-05-23 04:29 . 2012-05-23 04:29 17379840 c:\windows\Installer\43a9ba.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CreativeTaskScheduler"="c:\program files (x86)\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
"Creative Software Update"="c:\program files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" [2009-01-15 430968]
"MusicManager"="c:\users\Eganrac\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-05-10 13805568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Eganrac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-5-11 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ALSysIO;ALSysIO;c:\users\Eganrac\AppData\Local\Temp\ALSysIO64.sys [x]
R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-05-19 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-03-03 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SSMO3v2Filter;MMO3v2 Mouse;c:\windows\system32\drivers\MO3v2Driver.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 BCSWAP;BCSWAP; [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-05-17 785344]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2011-04-21 23680]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3997576125-1133855517-1033892153-1000Core.job
- c:\users\Eganrac\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-03 05:11]
.
2012-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3997576125-1133855517-1033892153-1000UA.job
- c:\users\Eganrac\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-03 05:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 190472]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-14 415752]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-14 2093064]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-14 4195848]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-11 1873256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
FF - ProfilePath - c:\users\Eganrac\AppData\Roaming\Mozilla\Firefox\Profiles\5br2vx7q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - Ext: Targeted Advertising Cookie Opt-Out (TACO): optout@dubfire.net - c:\program files (x86)\Mozilla Firefox\extensions\optout@dubfire.net
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Update Notifier: {95f24680-9e31-11da-a746-0800200c9a66} - c:\program files (x86)\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\program files (x86)\Mozilla Firefox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - c:\program files (x86)\Mozilla Firefox\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: XHTML Mobile Profile: {8ea9957e-2953-402f-80e0-bceb5f169d6f} - %profile%\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}
FF - Ext: wmlbrowser: {c4dc572a-3295-40eb-b30f-b54aa4cdc4b7} - %profile%\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}
FF - Ext: EWOQ Mobile Setup extension: {f035aa18-ee32-4e6e-81d2-57e32867f8a7} - %profile%\extensions\{f035aa18-ee32-4e6e-81d2-57e32867f8a7}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files (x86)\AVG\AVG2012\Firefox
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: FiddlerHook: fiddlerhook@fiddler2.com - c:\program files (x86)\Fiddler2\FiddlerHook
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3997576125-1133855517-1033892153-1000\Software\SecuROM\License information*]
"datasecu"=hex:7f,79,b0,52,45,47,9e,d0,d6,d9,95,bb,a7,ef,f2,ca,65,56,68,29,d2,
cf,c0,00,cb,f3,2f,7f,f2,db,75,25,31,ec,3c,9e,3f,21,3e,f7,27,e6,e7,f0,6b,77,\
"rkeysecu"=hex:b7,86,a4,1d,e9,d1,63,3d,ad,54,a8,46,4c,8b,0d,37
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
.
**************************************************************************
.
Completion time: 2012-05-22 23:39:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-23 06:39
ComboFix2.txt 2012-05-19 18:35
.
Pre-Run: 72,054,411,264 bytes free
Post-Run: 71,979,479,040 bytes free
.
- - End Of File - - 488574A439D060D2D118A9AFBB7CDFA2

#8
Elise

Posted 23 May 2012 - 02:53 AM

Forum Deity

Experts
8,720 posts

Gender:Female
Location:Romania

Is the widgi problem resolved now?

If ESET isn't running please run a full scan with your installed AVG and let me know what was found, if anything.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

#9
Eganrac1239

Posted 25 May 2012 - 08:58 PM

New Member

Members
5 posts

ran a full scan with avg and nothing was found. =/ It doesnt seem to be causing any issues, just dont like seeing it in my startup knowing that it's spyware

#10
Elise

Posted 26 May 2012 - 01:28 AM

Forum Deity

Experts
8,720 posts

Gender:Female
Location:Romania

I can imagine that.

To disable unnecessary startup items you can also use Startup Lite.

ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean

Please do the following to remove the remaining programs from your PC:

Delete the tools used during the disinfection:
- Press windows key + r on your keyboard at the same time. In the run box type combofix /uninstall, then press OK.
- This will remove Combofix and other tools we used from your computer.
You can delete any other tool or log by simply deleting them.

Please read the following advice on how to prevent reinfecting your PC:

Install and update the following programs regularly:
- an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
  A comprehensive tutorial and a list of possible firewalls can be found here.
- an AntiVirus Software
  It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
- an Anti-Spyware program
  Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
  SUPERAntiSpyware is another good scanner with high detection and removal rates.
  Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
- Spyware Blaster
  A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
Keep Windows (and your other Microsoft software) up to date!
I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
Keep your other software up to date as well
Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
Stay up to date!
The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Miekies' prevention suggestions
So How did I get infected?
Microsoft - 'Security at home'
Calendar of Updates: See which updates have been released.
How to backup your Data with Cobian Backup:because you never know, when your harddisk might fail :wink:
Commonly Used Freeware Replacements: a nice list of freeware programs in all categories, that are regarded as useful by the users of this forum.
osalt: Find (free) open source alternatives to known commercial software.

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

#11
Maurice Naggar

Posted 14 June 2012 - 04:12 PM

Eradicator de logiciels malveillants

Moderators
13,165 posts

Gender:Male
Location:USA
Interests:Security, Windows, Windows Update, malware prevention

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

~Maurice Naggar

I close my threads if there is 5 days without a response.