Experienced some hackage last night on both my E-mail and a game account I have, thought some shady business was goin on so I followed steps and here are my logs.
Inactive 5/29 Duke's Malware Worries!
- Thread starter Duke Smith
- Start date
- Status
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 5/29/2014
Scan Time: 12:38:31 PM
Logfile: MBAM Scan 1.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.05.29.10
Rootkit Database: v2014.05.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Duke
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 264528
Time Elapsed: 10 min, 56 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 3
HackTool.Wpakill, C:\$Recycle.Bin\S-1-5-21-3296775914-1122361078-2872052496-1000\$RGXZADO.exe, Quarantined, [b97581d62e4d3600e21d0f3c0000c43c],
HackTool.Wpakill, C:\Users\Duke\Downloads\RemoveWAT.rar, Quarantined, [e648cf880576c175699636151ae6a65a],
PUP.Optional.OptimumInstaller.A, C:\Users\Duke\Downloads\Setup (1).exe, Quarantined, [1c128ec9b7c4171f5d5862ec837e49b7],
Physical Sectors: 0
(No malicious items detected)
(end)
www.malwarebytes.org
Scan Date: 5/29/2014
Scan Time: 12:38:31 PM
Logfile: MBAM Scan 1.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.05.29.10
Rootkit Database: v2014.05.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Duke
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 264528
Time Elapsed: 10 min, 56 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 3
HackTool.Wpakill, C:\$Recycle.Bin\S-1-5-21-3296775914-1122361078-2872052496-1000\$RGXZADO.exe, Quarantined, [b97581d62e4d3600e21d0f3c0000c43c],
HackTool.Wpakill, C:\Users\Duke\Downloads\RemoveWAT.rar, Quarantined, [e648cf880576c175699636151ae6a65a],
PUP.Optional.OptimumInstaller.A, C:\Users\Duke\Downloads\Setup (1).exe, Quarantined, [1c128ec9b7c4171f5d5862ec837e49b7],
Physical Sectors: 0
(No malicious items detected)
(end)
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/1/2008 3:18:21 PM
System Uptime: 5/29/2014 12:51:59 PM (0 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | M5A97 LE R2.0
Processor: AMD FX(tm)-8350 Eight-Core Processor | Socket 942 | 4000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 160.521 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP85: 5/26/2014 6:08:19 PM - Installed DirectX
RP86: 5/29/2014 12:36:51 PM - avast! antivirus system restore point
.
==== Installed Programs ======================
.
Adobe Flash Player 13 Plugin
Adobe Reader XI (11.0.07)
AMD APP SDK Runtime
AMD Catalyst Install Manager
AmrAddonInstall
Ask Mr. Robot
Asmedia ASM104x USB 3.0 Host Controller Driver
ASUS Product Register Program
avast! Free Antivirus
Battle.net
BattleBlock Theater
Battlefield 4™
Battlelog Web Plugins
Borderlands 2
Curse Client
Dawngate
Deus Ex: Human Revolution - Director's Cut
Diablo III
ESN Sonar
From The Depths version 1.19
Google Chrome
Google Update Helper
Guns of Icarus Online
Hearthstone
Hi-Rez Studios Authenticate and Update Service
Java 7 Update 55
Java 7 Update 55 (64-bit)
Java Auto Updater
League of Legends
LogMeIn Hamachi
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Minimum
My Game Long Name
NVIDIA 3D Vision Controller Driver 337.88
NVIDIA 3D Vision Driver 337.88
NVIDIA Control Panel 337.88
NVIDIA GeForce Experience 2.0.1
NVIDIA Graphics Driver 337.88
NVIDIA HD Audio Driver 1.3.30.1
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.1220
NVIDIA ShadowPlay 12.4.67
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 12.4.67
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.23
OpenOffice 4.0.1
Origin
Pando Media Booster
PlanetSide 2
PunkBuster Services
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Rust
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/1/2008 3:18:21 PM
System Uptime: 5/29/2014 12:51:59 PM (0 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | M5A97 LE R2.0
Processor: AMD FX(tm)-8350 Eight-Core Processor | Socket 942 | 4000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 160.521 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP85: 5/26/2014 6:08:19 PM - Installed DirectX
RP86: 5/29/2014 12:36:51 PM - avast! antivirus system restore point
.
==== Installed Programs ======================
.
Adobe Flash Player 13 Plugin
Adobe Reader XI (11.0.07)
AMD APP SDK Runtime
AMD Catalyst Install Manager
AmrAddonInstall
Ask Mr. Robot
Asmedia ASM104x USB 3.0 Host Controller Driver
ASUS Product Register Program
avast! Free Antivirus
Battle.net
BattleBlock Theater
Battlefield 4™
Battlelog Web Plugins
Borderlands 2
Curse Client
Dawngate
Deus Ex: Human Revolution - Director's Cut
Diablo III
ESN Sonar
From The Depths version 1.19
Google Chrome
Google Update Helper
Guns of Icarus Online
Hearthstone
Hi-Rez Studios Authenticate and Update Service
Java 7 Update 55
Java 7 Update 55 (64-bit)
Java Auto Updater
League of Legends
LogMeIn Hamachi
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Minimum
My Game Long Name
NVIDIA 3D Vision Controller Driver 337.88
NVIDIA 3D Vision Driver 337.88
NVIDIA Control Panel 337.88
NVIDIA GeForce Experience 2.0.1
NVIDIA Graphics Driver 337.88
NVIDIA HD Audio Driver 1.3.30.1
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.1220
NVIDIA ShadowPlay 12.4.67
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 12.4.67
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.23
OpenOffice 4.0.1
Origin
Pando Media Booster
PlanetSide 2
PunkBuster Services
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Rust
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.55.2
Run by Duke at 12:58:04 on 2014-05-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8095.5133 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\DAODx.exe
C:\Windows\SysWOW64\PnkBstrA.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\AskMrRobot\AmrTray.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Users\Duke\AppData\Roaming\Spotify\spotify.exe
C:\Users\Duke\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Users\Duke\AppData\Local\Apps\2.0\0DGNNYJ0.DNP\JC8KNK5E.8P0\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\Duke\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Duke\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Duke\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Duke\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Duke\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [Spotify] "C:\Users\Duke\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\Duke\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\Duke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{089D2F49-FBE4-4B70-BCA3-F3D6891DBEF5} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [Ask Mr. Robot] C:\Program Files\AskMrRobot\AmrTray.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2008-1-1 82560]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2008-1-1 42624]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-5-29 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-5-29 208416]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-5-29 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-5-29 423240]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-29 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-5-29 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-5-29 85328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-5-29 50344]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-5-13 2228048]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2014-1-9 9216]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-4-15 377616]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-7 1618888]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2008-1-1 21009352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-5-26 413128]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-5-29 122584]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-5-26 19744]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-5-26 40392]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2008-1-1 726160]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2008-1-1 58536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe --> C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [?]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-29 111616]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-12-8 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-12-7 1255736]
.
=============== File Associations ===============
.
ShellExec: SC2Editor.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Editor.exe" "%1"
ShellExec: SC2Switcher.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Switcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-05-29 19:49:58 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-05-29 19:38:50 -------- d-----w- C:\Users\Duke\AppData\Roaming\AVAST Software
2014-05-29 19:38:03 85328 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-05-29 19:38:03 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-05-29 19:38:03 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-05-29 19:38:03 423240 ----a-w- C:\Windows\System32\drivers\aswsp.sys.1401392306728
2014-05-29 19:38:03 208416 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-05-29 19:38:03 1039096 ----a-w- C:\Windows\System32\drivers\aswsnx.sys.1401392306728
2014-05-29 19:38:03 1039096 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-05-29 19:38:02 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-05-29 19:38:02 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-05-29 19:37:59 43152 ----a-w- C:\Windows\avastSS.scr
2014-05-29 19:37:31 -------- d-----w- C:\Program Files\AVAST Software
2014-05-29 19:37:09 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-29 19:36:18 -------- d-----w- C:\ProgramData\AVAST Software
2014-05-29 19:35:21 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-29 19:35:21 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-29 19:35:21 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-29 19:35:21 -------- d-----w- C:\ProgramData\Malwarebytes
2014-05-29 19:35:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-28 11:47:40 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CA4FD36D-351F-4F0A-9B41-CCD283B2CEEF}\offreg.dll
2014-05-28 11:46:24 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CA4FD36D-351F-4F0A-9B41-CCD283B2CEEF}\mpengine.dll
2014-05-27 06:24:03 601432 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-05-27 01:07:21 40392 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-05-27 01:07:21 34760 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-05-15 16:37:34 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2014-05-14 23:31:58 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-14 23:31:58 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-11 04:32:22 -------- d-----w- C:\Users\Duke\AppData\Local\dxhr
2014-05-11 04:31:27 -------- d-----w- C:\Users\Duke\AppData\Local\238010
2014-05-09 04:21:06 -------- d-----w- C:\Users\Duke\AppData\Roaming\DawngateData
2014-05-06 15:57:48 -------- d-sh--w- C:\Users\Duke\AppData\Local\EmieUserList
2014-05-06 15:57:48 -------- d-sh--w- C:\Users\Duke\AppData\Local\EmieSiteList
.
==================== Find3M ====================
.
2014-05-25 01:48:18 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-05-20 01:25:42 6769096 ----a-w- C:\Windows\System32\nvcpl.dll
2014-05-20 01:25:42 3514144 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-05-20 01:25:39 927520 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-05-20 01:25:38 62808 ----a-w- C:\Windows\System32\nvshext.dll
2014-05-20 01:25:38 387528 ----a-w- C:\Windows\System32\nvmctray.dll
2014-05-14 23:49:42 3774821 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-05-14 07:16:06 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 07:16:06 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-30 18:29:25 1081112 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-04-30 18:29:03 1225920 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-04-15 03:13:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-12 18:04:21 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-03-31 16:42:42 37320 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 14:35:23 1885472 ----a-w- C:\Windows\System32\nvdispco6433523.dll
2014-03-04 14:35:23 1516488 ----a-w- C:\Windows\System32\nvdispgenco6433523.dll
2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
.
============= FINISH: 12:58:43.30 ===============
Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.55.2
Run by Duke at 12:58:04 on 2014-05-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8095.5133 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\DAODx.exe
C:\Windows\SysWOW64\PnkBstrA.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\AskMrRobot\AmrTray.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Users\Duke\AppData\Roaming\Spotify\spotify.exe
C:\Users\Duke\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Users\Duke\AppData\Local\Apps\2.0\0DGNNYJ0.DNP\JC8KNK5E.8P0\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\Duke\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Duke\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Duke\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Duke\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Duke\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [Spotify] "C:\Users\Duke\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\Duke\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\Duke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{089D2F49-FBE4-4B70-BCA3-F3D6891DBEF5} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [Ask Mr. Robot] C:\Program Files\AskMrRobot\AmrTray.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2008-1-1 82560]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2008-1-1 42624]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-5-29 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-5-29 208416]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-5-29 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-5-29 423240]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-29 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-5-29 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-5-29 85328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-5-29 50344]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-5-13 2228048]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2014-1-9 9216]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-4-15 377616]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-7 1618888]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2008-1-1 21009352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-5-26 413128]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-5-29 122584]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-5-26 19744]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-5-26 40392]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2008-1-1 726160]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2008-1-1 58536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe --> C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [?]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-29 111616]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-12-8 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-12-7 1255736]
.
=============== File Associations ===============
.
ShellExec: SC2Editor.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Editor.exe" "%1"
ShellExec: SC2Switcher.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Switcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-05-29 19:49:58 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-05-29 19:38:50 -------- d-----w- C:\Users\Duke\AppData\Roaming\AVAST Software
2014-05-29 19:38:03 85328 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-05-29 19:38:03 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-05-29 19:38:03 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-05-29 19:38:03 423240 ----a-w- C:\Windows\System32\drivers\aswsp.sys.1401392306728
2014-05-29 19:38:03 208416 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-05-29 19:38:03 1039096 ----a-w- C:\Windows\System32\drivers\aswsnx.sys.1401392306728
2014-05-29 19:38:03 1039096 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-05-29 19:38:02 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-05-29 19:38:02 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-05-29 19:37:59 43152 ----a-w- C:\Windows\avastSS.scr
2014-05-29 19:37:31 -------- d-----w- C:\Program Files\AVAST Software
2014-05-29 19:37:09 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-29 19:36:18 -------- d-----w- C:\ProgramData\AVAST Software
2014-05-29 19:35:21 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-29 19:35:21 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-29 19:35:21 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-29 19:35:21 -------- d-----w- C:\ProgramData\Malwarebytes
2014-05-29 19:35:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-28 11:47:40 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CA4FD36D-351F-4F0A-9B41-CCD283B2CEEF}\offreg.dll
2014-05-28 11:46:24 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CA4FD36D-351F-4F0A-9B41-CCD283B2CEEF}\mpengine.dll
2014-05-27 06:24:03 601432 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-05-27 01:07:21 40392 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-05-27 01:07:21 34760 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-05-15 16:37:34 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2014-05-14 23:31:58 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-14 23:31:58 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-11 04:32:22 -------- d-----w- C:\Users\Duke\AppData\Local\dxhr
2014-05-11 04:31:27 -------- d-----w- C:\Users\Duke\AppData\Local\238010
2014-05-09 04:21:06 -------- d-----w- C:\Users\Duke\AppData\Roaming\DawngateData
2014-05-06 15:57:48 -------- d-sh--w- C:\Users\Duke\AppData\Local\EmieUserList
2014-05-06 15:57:48 -------- d-sh--w- C:\Users\Duke\AppData\Local\EmieSiteList
.
==================== Find3M ====================
.
2014-05-25 01:48:18 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-05-20 01:25:42 6769096 ----a-w- C:\Windows\System32\nvcpl.dll
2014-05-20 01:25:42 3514144 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-05-20 01:25:39 927520 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-05-20 01:25:38 62808 ----a-w- C:\Windows\System32\nvshext.dll
2014-05-20 01:25:38 387528 ----a-w- C:\Windows\System32\nvmctray.dll
2014-05-14 23:49:42 3774821 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-05-14 07:16:06 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 07:16:06 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-30 18:29:25 1081112 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-04-30 18:29:03 1225920 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-04-15 03:13:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-12 18:04:21 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-03-31 16:42:42 37320 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 14:35:23 1885472 ----a-w- C:\Windows\System32\nvdispco6433523.dll
2014-03-04 14:35:23 1516488 ----a-w- C:\Windows\System32\nvdispgenco6433523.dll
2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
.
============= FINISH: 12:58:43.30 ===============
Broni
Posts: 56,041 +516
Welcome aboard
Please, observe following rules:
=====================================
Download RogueKiller from one of the following links and save it to your Desktop:
Link 1
Link 2
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/
Download Malwarebytes Anti-Rootkit (MBAR) from HERE
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
=====================================
Link 1
Link 2
- Close all the running programs
- Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
- Otherwise just double-click on RogueKiller.exe
- Pre-scan will start. Let it finish.
- Click on SCAN button.
- Wait until the Status box shows Scan Finished
- Click on Delete.
- Wait until the Status box shows Deleting Finished.
- Click on Report and copy/paste the content of the Notepad into your next reply.
- RKreport.txt could also be found on your desktop.
- If more than one log is produced post all logs.
- If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/
Download Malwarebytes Anti-Rootkit (MBAR) from HERE
- Unzip downloaded file.
- Open the folder where the contents were unzipped and run mbar.exe
- Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
- Click on the Cleanup button to remove any threats and reboot if prompted to do so.
- Wait while the system shuts down and the cleanup process is performed.
- Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
- When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
- Status
Similar threads
Latest posts
-
Sound comes 1 sec delayed in the beginnig- hdeveci replied
-
These credit cards feature OLEDs that light up upon payment- techstrike replied
