Came home yesterday to find 'System Progressive Protection' on my desktop, telling me I have viruses (no ****?) and killing all programs. Went to safemode ran MBAM and took care of that (I think). I noticed I was getting redirected from google ( had this virus awhile ago, I don't think I properly removed it. I also see 2-3 instances of iexplore.exe, when I kill them they respawn. I think I had a vulnerability in an outdated adobe flash/shockwave, managed to update it..
Here's a couple MBAM logs from yesterday, and one from just now. DDS at bottom.
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.12.02.03
Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
brennan :: BRENNAN-PC [administrator]
12/2/2012 4:38:12 PM
mbam-log-2012-12-02 (16-38-12).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 250085
Time elapsed: 2 minute(s), 3 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|90C8D7D43C48D252000090C84712D936 (Trojan.LameShield) -> Data: C:\ProgramData\90C8D7D43C48D252000090C84712D936\90C8D7D43C48D252000090C84712D936.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 1
C:\Users\brennan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection (Rogue.SystemProgressiveProtection) -> Quarantined and deleted successfully.
Files Detected: 7
C:\ProgramData\90C8D7D43C48D252000090C84712D936\90C8D7D43C48D252000090C84712D936.exe (Trojan.LameShield) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-18\$ef4f13ab809ee2402a68b6a08a24a7c2\n (Trojan.0Access) -> Delete on reboot.
C:\$RECYCLE.BIN\S-1-5-21-3642155210-3731716482-610003898-1000\$ef4f13ab809ee2402a68b6a08a24a7c2\n (Trojan.0Access) -> Delete on reboot.
C:\Users\brennan\AppData\Local\Temp\msimg32.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Users\brennan\AppData\Local\Temp\wpbt0.dll (Trojan.Agent.GNI) -> Quarantined and deleted successfully.
C:\Users\brennan\Desktop\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Quarantined and deleted successfully.
C:\Users\brennan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Quarantined and deleted successfully.
(end)
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.12.02.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
brennan :: BRENNAN-PC [administrator]
12/2/2012 4:56:05 PM
mbam-log-2012-12-02 (16-56-05).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 474226
Time elapsed: 37 minute(s), 48 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 13
C:\$RECYCLE.BIN\S-1-5-18\$ef4f13ab809ee2402a68b6a08a24a7c2\U\00000001.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-18\$ef4f13ab809ee2402a68b6a08a24a7c2\U\80000000.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-18\$ef4f13ab809ee2402a68b6a08a24a7c2\U\800000cb.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-3642155210-3731716482-610003898-1000\$ef4f13ab809ee2402a68b6a08a24a7c2\U\00000004.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-3642155210-3731716482-610003898-1000\$ef4f13ab809ee2402a68b6a08a24a7c2\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-3642155210-3731716482-610003898-1000\$ef4f13ab809ee2402a68b6a08a24a7c2\U\000000cb.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-3642155210-3731716482-610003898-1000\$ef4f13ab809ee2402a68b6a08a24a7c2\U\80000000.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-3642155210-3731716482-610003898-1000\$ef4f13ab809ee2402a68b6a08a24a7c2\U\80000064.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\U\00000008.@.vir (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\U\000000cb.@.vir (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\U\80000000.@.vir (Rootkit.0Access.64) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\U\80000032.@.vir (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\U\80000064.@.vir (Rootkit.0Access) -> Quarantined and deleted successfully.
(end)
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.12.03.13
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
brennan :: BRENNAN-PC [administrator]
12/3/2012 3:29:15 PM
mbam-log-2012-12-03 (15-29-15).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 249347
Time elapsed: 1 minute(s), 27 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 1
C:\Users\brennan\AppData\Local\Temp\mmction.dll (Trojan.Agent) -> Delete on reboot.
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Users\brennan\AppData\Local\Temp\mmction.dll (Trojan.Agent) -> Delete on reboot.
C:\Users\brennan\AppData\Local\Temp\mmction64.dll (Trojan.Agent) -> Delete on reboot.
(end)
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by brennan at 16:10:46 on 2012-12-03
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8104.6213 [GMT -6:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ASRock\XFast LAN\spd.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
C:\Windows\system32\taskhost.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\XFastUsb\XFastUsb.exe
C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mumble\mumble.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Octoshape Streaming Services] "C:\Users\brennan\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
uRun: [F.lux] "C:\Users\brennan\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [CPN Notifier] C:\Program Files (x86)\Lock Poker\PokerNotifier.exe
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [<NO NAME>] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
mRun: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe
mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5153ACA3-1F01-419C-B280-00F0061F62C3} : DhcpNameServer = 8.8.8.8
TCP: Interfaces\{CCBA1BC7-03D1-4509-8F93-393E8610B531} : NameServer = 173.234.163.178,97.107.141.156
TCP: Interfaces\{CCBA1BC7-03D1-4509-8F93-393E8610B531} : DhcpNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\PROGRA~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll C:\Windows\SysWOW64\nvinit.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
mRun-x64: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe
mRun-x64: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
AppInit_DLLs-X64: C:\PROGRA~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll C:\Windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\brennan\AppData\Roaming\Mozilla\Firefox\Profiles\dufcgsb9.default\
FF - prefs.js: browser.startup.homepage - www.youtube.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\Users\brennan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\brennan\AppData\Roaming\Mozilla\Firefox\Profiles\dufcgsb9.default\extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d}\plugins\npwidevinemediaoptimizer.dll
FF - plugin: C:\Users\brennan\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-9-17 8704]
R1 AsrAppCharger;AsrAppCharger;C:\Windows\system32\DRIVERS\AsrAppCharger.sys --> C:\Windows\system32\DRIVERS\AsrAppCharger.sys [?]
R1 FNETURPX;FNETURPX;C:\Windows\system32\drivers\FNETURPX.SYS --> C:\Windows\system32\drivers\FNETURPX.SYS [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-9-23 65192]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-12-2 1258856]
R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w --> C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-1-13 2656280]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 VirtuWDDM;VirtuWDDM;C:\Windows\system32\DRIVERS\VirtuWDDM.sys --> C:\Windows\system32\DRIVERS\VirtuWDDM.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-10-10 277024]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 FNETTBOH_305;FNETTBOH_305;C:\Windows\system32\drivers\FNETTBOH_305.SYS --> C:\Windows\system32\drivers\FNETTBOH_305.SYS [?]
S3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;C:\Windows\system32\DRIVERS\hidusbf.sys --> C:\Windows\system32\DRIVERS\hidusbf.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 115168]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2012-1-22 24176]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-11-19 2848168]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
.
=============== Created Last 30 ================
.
2012-12-03 02:52:52 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-03 02:52:52 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-03 01:53:17 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-12-03 01:53:17 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-12-03 01:53:17 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-12-03 01:53:17 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-12-03 01:48:35 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-12-03 01:48:35 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-12-03 01:48:35 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-12-03 01:48:35 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-12-03 01:48:35 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-12-03 01:48:35 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-12-03 01:48:35 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-12-02 22:27:50 -------- d-----w- C:\ProgramData\90C8D7D43C48D252000090C84712D936
2012-12-02 22:26:53 570368 ----a-w- C:\Users\brennan\AppData\Roaming\sanpor.dll
2012-12-02 22:26:04 176128 ----a-w- C:\Users\brennan\AppData\Roaming\urcui.dll
2012-11-30 11:42:06 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{04AE93B4-20CB-4B39-99CB-7956E62569F9}\mpengine.dll
2012-11-23 20:37:10 -------- d-----w- C:\Users\brennan\Launchpad.libs
2012-11-22 22:04:00 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-11-22 22:04:00 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2012-11-22 22:04:00 -------- d-----w- C:\Program Files (x86)\MPIO
2012-11-20 05:01:41 -------- d-----w- C:\phonepics
2012-11-19 08:07:36 -------- d-----w- C:\Program Files (x86)\TeamViewer
2012-11-18 13:14:58 -------- d-----w- C:\Users\brennan\AppData\Roaming\Roaming
2012-11-18 11:03:33 -------- d-----w- C:\Users\brennan\AppData\Local\cache
2012-11-17 06:28:36 -------- d-----w- C:\Users\brennan\AppData\Local\In The Money
2012-11-17 06:28:36 -------- d-----w- C:\HMArchive
2012-11-17 06:27:51 -------- d-----w- C:\ProgramData\XHEO INC
2012-11-17 06:08:54 -------- d-----w- C:\Users\brennan\AppData\Local\IsolatedStorage
2012-11-17 06:08:53 -------- d-----w- C:\Users\brennan\AppData\Roaming\HEM Data
2012-11-17 06:05:23 -------- d-----w- C:\Program Files (x86)\PostgreSQL
2012-11-17 06:05:00 -------- d-----w- C:\Program Files (x86)\RVG Software
2012-11-17 06:04:04 -------- d-----w- C:\Program Files (x86)\PSQLINSTALL
2012-11-17 03:36:04 -------- d-----w- C:\Users\brennan\AppData\Local\FullTiltPoker
2012-11-17 03:35:33 -------- d-----w- C:\Program Files (x86)\Full Tilt Poker
2012-11-17 02:45:46 -------- d-----w- C:\Users\brennan\AppData\Roaming\OverPlay.net, LP
2012-11-17 02:44:43 -------- d-----w- C:\Users\brennan\AppData\Local\Deployment
2012-11-17 02:44:08 -------- d-----w- C:\Program Files (x86)\Tap0901
2012-11-14 00:45:30 -------- d-----w- C:\Program Files (x86)\MyFree Codec
2012-11-14 00:33:10 203104 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2012-11-14 00:33:10 102368 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2012-11-14 00:20:18 172032 ----a-w- C:\Windows\SysWow64\muzapp.exe
2012-11-07 22:49:15 -------- d-----w- C:\Program Files\Realtek
2012-11-07 22:49:14 -------- d-----w- C:\Windows\SysWow64\RTCOM
2012-11-07 22:49:05 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2012-11-07 22:49:05 1284712 ----a-w- C:\Windows\RtlExUpd.dll
2012-11-07 22:46:51 525792 ----a-w- C:\Windows\DIFxAPI.dll
2012-11-05 08:49:54 -------- d-----w- C:\Users\brennan\AppData\Local\ElevatedDiagnostics
.
==================== Find3M ====================
.
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-10-02 19:51:15 3536817 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-10-02 19:51:11 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-10-02 19:51:04 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
2012-10-02 19:50:57 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-10-02 19:50:57 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-10-02 19:50:57 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-10-02 19:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-10-01 06:46:03 7808 ----a-w- C:\Windows\System32\drivers\hidusbf.sys
2012-09-30 00:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-21 22:01:24 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-21 22:01:24 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 16:11:12.27 ===============
Here's a couple MBAM logs from yesterday, and one from just now. DDS at bottom.
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.12.02.03
Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
brennan :: BRENNAN-PC [administrator]
12/2/2012 4:38:12 PM
mbam-log-2012-12-02 (16-38-12).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 250085
Time elapsed: 2 minute(s), 3 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|90C8D7D43C48D252000090C84712D936 (Trojan.LameShield) -> Data: C:\ProgramData\90C8D7D43C48D252000090C84712D936\90C8D7D43C48D252000090C84712D936.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 1
C:\Users\brennan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection (Rogue.SystemProgressiveProtection) -> Quarantined and deleted successfully.
Files Detected: 7
C:\ProgramData\90C8D7D43C48D252000090C84712D936\90C8D7D43C48D252000090C84712D936.exe (Trojan.LameShield) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-18\$ef4f13ab809ee2402a68b6a08a24a7c2\n (Trojan.0Access) -> Delete on reboot.
C:\$RECYCLE.BIN\S-1-5-21-3642155210-3731716482-610003898-1000\$ef4f13ab809ee2402a68b6a08a24a7c2\n (Trojan.0Access) -> Delete on reboot.
C:\Users\brennan\AppData\Local\Temp\msimg32.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Users\brennan\AppData\Local\Temp\wpbt0.dll (Trojan.Agent.GNI) -> Quarantined and deleted successfully.
C:\Users\brennan\Desktop\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Quarantined and deleted successfully.
C:\Users\brennan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Quarantined and deleted successfully.
(end)
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.12.02.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
brennan :: BRENNAN-PC [administrator]
12/2/2012 4:56:05 PM
mbam-log-2012-12-02 (16-56-05).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 474226
Time elapsed: 37 minute(s), 48 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 13
C:\$RECYCLE.BIN\S-1-5-18\$ef4f13ab809ee2402a68b6a08a24a7c2\U\00000001.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-18\$ef4f13ab809ee2402a68b6a08a24a7c2\U\80000000.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-18\$ef4f13ab809ee2402a68b6a08a24a7c2\U\800000cb.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-3642155210-3731716482-610003898-1000\$ef4f13ab809ee2402a68b6a08a24a7c2\U\00000004.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-3642155210-3731716482-610003898-1000\$ef4f13ab809ee2402a68b6a08a24a7c2\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-3642155210-3731716482-610003898-1000\$ef4f13ab809ee2402a68b6a08a24a7c2\U\000000cb.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-3642155210-3731716482-610003898-1000\$ef4f13ab809ee2402a68b6a08a24a7c2\U\80000000.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-3642155210-3731716482-610003898-1000\$ef4f13ab809ee2402a68b6a08a24a7c2\U\80000064.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\U\00000008.@.vir (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\U\000000cb.@.vir (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\U\80000000.@.vir (Rootkit.0Access.64) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\U\80000032.@.vir (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\Installer\{ef4f13ab-809e-e240-2a68-b6a08a24a7c2}\U\80000064.@.vir (Rootkit.0Access) -> Quarantined and deleted successfully.
(end)
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.12.03.13
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
brennan :: BRENNAN-PC [administrator]
12/3/2012 3:29:15 PM
mbam-log-2012-12-03 (15-29-15).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 249347
Time elapsed: 1 minute(s), 27 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 1
C:\Users\brennan\AppData\Local\Temp\mmction.dll (Trojan.Agent) -> Delete on reboot.
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Users\brennan\AppData\Local\Temp\mmction.dll (Trojan.Agent) -> Delete on reboot.
C:\Users\brennan\AppData\Local\Temp\mmction64.dll (Trojan.Agent) -> Delete on reboot.
(end)
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by brennan at 16:10:46 on 2012-12-03
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8104.6213 [GMT -6:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ASRock\XFast LAN\spd.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
C:\Windows\system32\taskhost.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\XFastUsb\XFastUsb.exe
C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mumble\mumble.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Octoshape Streaming Services] "C:\Users\brennan\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
uRun: [F.lux] "C:\Users\brennan\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [CPN Notifier] C:\Program Files (x86)\Lock Poker\PokerNotifier.exe
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [<NO NAME>] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
mRun: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe
mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5153ACA3-1F01-419C-B280-00F0061F62C3} : DhcpNameServer = 8.8.8.8
TCP: Interfaces\{CCBA1BC7-03D1-4509-8F93-393E8610B531} : NameServer = 173.234.163.178,97.107.141.156
TCP: Interfaces\{CCBA1BC7-03D1-4509-8F93-393E8610B531} : DhcpNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\PROGRA~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll C:\Windows\SysWOW64\nvinit.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
mRun-x64: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe
mRun-x64: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
AppInit_DLLs-X64: C:\PROGRA~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll C:\Windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\brennan\AppData\Roaming\Mozilla\Firefox\Profiles\dufcgsb9.default\
FF - prefs.js: browser.startup.homepage - www.youtube.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\Users\brennan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\brennan\AppData\Roaming\Mozilla\Firefox\Profiles\dufcgsb9.default\extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d}\plugins\npwidevinemediaoptimizer.dll
FF - plugin: C:\Users\brennan\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-9-17 8704]
R1 AsrAppCharger;AsrAppCharger;C:\Windows\system32\DRIVERS\AsrAppCharger.sys --> C:\Windows\system32\DRIVERS\AsrAppCharger.sys [?]
R1 FNETURPX;FNETURPX;C:\Windows\system32\drivers\FNETURPX.SYS --> C:\Windows\system32\drivers\FNETURPX.SYS [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-9-23 65192]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-12-2 1258856]
R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w --> C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-1-13 2656280]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 VirtuWDDM;VirtuWDDM;C:\Windows\system32\DRIVERS\VirtuWDDM.sys --> C:\Windows\system32\DRIVERS\VirtuWDDM.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-10-10 277024]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 FNETTBOH_305;FNETTBOH_305;C:\Windows\system32\drivers\FNETTBOH_305.SYS --> C:\Windows\system32\drivers\FNETTBOH_305.SYS [?]
S3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;C:\Windows\system32\DRIVERS\hidusbf.sys --> C:\Windows\system32\DRIVERS\hidusbf.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 115168]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2012-1-22 24176]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-11-19 2848168]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
.
=============== Created Last 30 ================
.
2012-12-03 02:52:52 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-03 02:52:52 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-03 01:53:17 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-12-03 01:53:17 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-12-03 01:53:17 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-12-03 01:53:17 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-12-03 01:48:35 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-12-03 01:48:35 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-12-03 01:48:35 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-12-03 01:48:35 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-12-03 01:48:35 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-12-03 01:48:35 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-12-03 01:48:35 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-12-02 22:27:50 -------- d-----w- C:\ProgramData\90C8D7D43C48D252000090C84712D936
2012-12-02 22:26:53 570368 ----a-w- C:\Users\brennan\AppData\Roaming\sanpor.dll
2012-12-02 22:26:04 176128 ----a-w- C:\Users\brennan\AppData\Roaming\urcui.dll
2012-11-30 11:42:06 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{04AE93B4-20CB-4B39-99CB-7956E62569F9}\mpengine.dll
2012-11-23 20:37:10 -------- d-----w- C:\Users\brennan\Launchpad.libs
2012-11-22 22:04:00 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-11-22 22:04:00 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2012-11-22 22:04:00 -------- d-----w- C:\Program Files (x86)\MPIO
2012-11-20 05:01:41 -------- d-----w- C:\phonepics
2012-11-19 08:07:36 -------- d-----w- C:\Program Files (x86)\TeamViewer
2012-11-18 13:14:58 -------- d-----w- C:\Users\brennan\AppData\Roaming\Roaming
2012-11-18 11:03:33 -------- d-----w- C:\Users\brennan\AppData\Local\cache
2012-11-17 06:28:36 -------- d-----w- C:\Users\brennan\AppData\Local\In The Money
2012-11-17 06:28:36 -------- d-----w- C:\HMArchive
2012-11-17 06:27:51 -------- d-----w- C:\ProgramData\XHEO INC
2012-11-17 06:08:54 -------- d-----w- C:\Users\brennan\AppData\Local\IsolatedStorage
2012-11-17 06:08:53 -------- d-----w- C:\Users\brennan\AppData\Roaming\HEM Data
2012-11-17 06:05:23 -------- d-----w- C:\Program Files (x86)\PostgreSQL
2012-11-17 06:05:00 -------- d-----w- C:\Program Files (x86)\RVG Software
2012-11-17 06:04:04 -------- d-----w- C:\Program Files (x86)\PSQLINSTALL
2012-11-17 03:36:04 -------- d-----w- C:\Users\brennan\AppData\Local\FullTiltPoker
2012-11-17 03:35:33 -------- d-----w- C:\Program Files (x86)\Full Tilt Poker
2012-11-17 02:45:46 -------- d-----w- C:\Users\brennan\AppData\Roaming\OverPlay.net, LP
2012-11-17 02:44:43 -------- d-----w- C:\Users\brennan\AppData\Local\Deployment
2012-11-17 02:44:08 -------- d-----w- C:\Program Files (x86)\Tap0901
2012-11-14 00:45:30 -------- d-----w- C:\Program Files (x86)\MyFree Codec
2012-11-14 00:33:10 203104 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2012-11-14 00:33:10 102368 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2012-11-14 00:20:18 172032 ----a-w- C:\Windows\SysWow64\muzapp.exe
2012-11-07 22:49:15 -------- d-----w- C:\Program Files\Realtek
2012-11-07 22:49:14 -------- d-----w- C:\Windows\SysWow64\RTCOM
2012-11-07 22:49:05 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2012-11-07 22:49:05 1284712 ----a-w- C:\Windows\RtlExUpd.dll
2012-11-07 22:46:51 525792 ----a-w- C:\Windows\DIFxAPI.dll
2012-11-05 08:49:54 -------- d-----w- C:\Users\brennan\AppData\Local\ElevatedDiagnostics
.
==================== Find3M ====================
.
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-10-02 19:51:15 3536817 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-10-02 19:51:11 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-10-02 19:51:04 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
2012-10-02 19:50:57 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-10-02 19:50:57 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-10-02 19:50:57 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-10-02 19:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-10-01 06:46:03 7808 ----a-w- C:\Windows\System32\drivers\hidusbf.sys
2012-09-30 00:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-21 22:01:24 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-21 22:01:24 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 16:11:12.27 ===============