Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unsure of what this is? [Solved]


  • This topic is locked This topic is locked

#1
hattrick1

hattrick1

    Member

  • Member
  • PipPip
  • 45 posts
Hi,

Like the title says I don't know what this is or even if it is malware related. What I can say is that the pc is used strictly for gaming and that about two weeks to a month ago it has been acting strange. During online with games it stutters and has hiccups, when offline I notice it does not display the graphics like it used to, the graphics overlay in places is sometime a lower grade than what it used to be.. It feels like something else is running in the background and using resources when it shouldn't be.

I have run malware bytes and spy-bot with them showing no signs of malware. I did a number online scans a number of weeks ago and that turned up nothing also. I have done anything and everything before I came to post on this sight, I have tried to think of everything it could be but now I am out of ideas.. I have reinstalled direct x I have reinstalled drivers etc...

When I ran Rogue killer on the first quick scan it came back with [term proc] run service exe. and it deleted it. Not sure if this is anything, every time I reboot its there.

I appreciate the help, thanks in advance.

Here are my log. I have another one called extra's if needed.

OTL logfile created on: 7/15/2012 6:18:16 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Jeff\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 58.30% Memory free
6.22 Gb Paging File | 5.08 Gb Available in Paging File | 81.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.63 Gb Total Space | 19.90 Gb Free Space | 8.98% Space Free | Partition Type: NTFS
Drive D: | 11.25 Gb Total Space | 1.54 Gb Free Space | 13.68% Space Free | Partition Type: NTFS
Drive E: | 368.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 3.74 Gb Total Space | 3.00 Gb Free Space | 80.34% Space Free | Partition Type: FAT32

Computer Name: MYPC | User Name: Jeff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/15 15:45:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe
PRC - [2012/05/24 13:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jeff\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/05/15 05:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/05/15 04:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/05/15 04:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/05/02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/02 00:31:38 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/04/24 02:11:59 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (XAudioService)
SRV - File not found [Disabled | Stopped] -- -- (Norton Internet Security)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/01 12:31:00 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/15 21:14:44 | 000,002,560 | ---- | M] () [Auto | Stopped] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2012/06/04 02:29:13 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/05/15 05:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/05/02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/12/15 14:07:17 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\xaudio.sys -- (XAudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSX_CNXT.sys -- (winachsf)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX)
DRV - File not found [File_System | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- c:\pcdr5\pcdsrvc.pkms -- (PCDSRVC{D5068648-4046B656-06000000}_0)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSXHWBS2.sys -- (HSXHWBS2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSX_DP.sys -- (HSF_DP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Jeff\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/07/15 15:20:32 | 000,140,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2012/05/15 05:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/05/05 13:32:01 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/04/27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/04/25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/04/18 12:08:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2012/04/16 21:18:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/30 17:09:44 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/04/30 17:09:22 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/08/01 07:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/21 11:12:50 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/07/21 11:12:22 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008/01/20 21:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2005/07/01 16:48:42 | 000,043,008 | ---- | M] (D-Link ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dlkfet5b.sys -- (FETNDISB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {D3D0EAB6-820D-4A67-AC7D-5594C487C670}
IE - HKLM\..\SearchScopes\{1C6FD81D-6C8D-41E4-988D-BF5F45FC3D3A}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKLM\..\SearchScopes\{D3D0EAB6-820D-4A67-AC7D-5594C487C670}: "URL" = http://search.live.c...ms}&FORM=HPDTDF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{1C6FD81D-6C8D-41E4-988D-BF5F45FC3D3A}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-05-28 17:28:21&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{D3D0EAB6-820D-4A67-AC7D-5594C487C670}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....ms}&fr=chr-atty
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.2163
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.11.0.9874
FF - prefs.js..extensions.enabledItems: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2166
FF - prefs.js..extensions.enabledItems: [email protected]:11.1.0.7
FF - prefs.js..keyword.URL: "http://isearch.avg.c...8:21&sap=ku&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/01 12:31:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/30 11:30:29 | 000,000,000 | ---D | M]

[2010/04/21 20:21:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Extensions
[2012/05/30 19:17:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\h97kec2g.default\extensions
[2011/07/23 21:04:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\h97kec2g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/30 11:30:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/12 15:23:49 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/01 12:31:00 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/05/28 17:28:19 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/04/20 20:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/20 20:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/10 11:13:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jeff\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD0A4FAB-9828-4066-AABD-466CBE694A98}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2002/12/30 14:51:38 | 000,000,061 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/15 18:14:47 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe
[2012/07/15 15:46:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/15 15:46:58 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/07/15 15:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/10 20:03:59 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2012/07/10 19:25:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2012/07/10 19:25:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2012/07/10 19:25:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2012/07/10 17:30:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012/07/10 11:18:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/10 11:18:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/10 11:18:29 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Local\temp
[2012/07/07 20:55:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2012/07/07 20:41:20 | 000,000,000 | ---D | C] -- C:\Program Files\GOG.com
[2012/07/06 22:40:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Napoleon's Campaigns
[2012/07/06 20:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012/06/30 18:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\BioWare
[2012/06/30 18:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012/06/30 18:51:55 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Local\EA Core
[2012/06/30 18:39:55 | 000,000,000 | ---D | C] -- C:\Users\Jeff\Documents\BioWare
[2012/06/30 18:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2012/06/30 18:39:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/06/30 14:08:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/06/30 13:48:27 | 787,537,696 | ---- | C] (BioWare) -- C:\Users\Jeff\Documents\DAO_GolemsOfAmgarrak.exe
[2012/06/30 13:48:11 | 468,050,696 | ---- | C] (BioWare) -- C:\Users\Jeff\Documents\DAO_Darkspawn.exe
[2012/06/30 13:39:08 | 000,000,000 | ---D | C] -- C:\Program Files\Dragon Age
[2012/06/30 13:39:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BioWare
[2012/06/29 23:15:23 | 000,000,000 | ---D | C] -- C:\Users\Jeff\Documents\GamersGate temporary files
[2012/06/29 15:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1C Company
[2012/06/29 15:07:17 | 000,000,000 | ---D | C] -- C:\Program Files\1C Company
[2012/06/29 03:49:04 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Local\Macromedia
[2012/06/25 22:04:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HPS Market-Garden '44
[2012/06/15 20:58:53 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Roaming\Avira
[2012/06/15 20:57:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/06/15 20:57:05 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012/06/15 20:57:04 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/06/15 20:57:04 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/06/15 20:57:04 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/06/15 20:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/06/15 20:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/06/15 20:27:08 | 000,000,000 | ---D | C] -- C:\game
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/15 17:00:15 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/15 17:00:15 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/15 15:46:59 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/15 15:45:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe
[2012/07/15 15:37:03 | 000,664,200 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/15 15:37:03 | 000,128,840 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/15 15:20:32 | 000,140,304 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/07/15 15:20:24 | 000,281,032 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2012/07/15 15:19:36 | 000,280,856 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2012/07/15 15:00:27 | 000,004,345 | -HS- | M] () -- C:\Windows\System32\mmf.sys
[2012/07/15 15:00:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/15 15:00:07 | 3219,513,344 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/14 21:32:10 | 001,558,528 | ---- | M] () -- C:\Users\Jeff\Desktop\RogueKiller.exe
[2012/07/11 12:20:47 | 000,307,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/11 11:47:55 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/07/11 11:47:55 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/07/11 11:47:44 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/07/10 14:52:58 | 000,099,328 | ---- | M] () -- C:\Users\Jeff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/10 11:13:37 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/07/07 20:55:56 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\IL-2 Sturmovik 1946.lnk
[2012/07/06 22:40:58 | 000,000,659 | ---- | M] () -- C:\Users\Jeff\Desktop\Napoleon's Campaigns.lnk
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/07/02 12:33:28 | 000,000,765 | ---- | M] () -- C:\Users\Jeff\Desktop\DAOriginsLauncher.exe - Shortcut.lnk
[2012/06/30 14:53:43 | 787,537,696 | ---- | M] (BioWare) -- C:\Users\Jeff\Documents\DAO_GolemsOfAmgarrak.exe
[2012/06/30 14:35:36 | 468,050,696 | ---- | M] (BioWare) -- C:\Users\Jeff\Documents\DAO_Darkspawn.exe
[2012/06/29 23:14:46 | 000,290,825 | ---- | M] () -- C:\Users\Jeff\Documents\Download Dragon Age Origins Ultimate Edition.exe
[2012/06/29 15:11:56 | 000,002,181 | ---- | M] () -- C:\Users\Jeff\Desktop\Men of War. Assault Squad.lnk
[2012/06/29 13:50:20 | 000,290,825 | ---- | M] () -- C:\Users\Jeff\Documents\Download Men of War Assault Squad Game of the Year edition.exe
[2012/06/26 16:56:25 | 000,000,680 | ---- | M] () -- C:\Users\Jeff\AppData\Local\d3d9caps.dat
[2012/06/25 22:18:23 | 000,000,929 | ---- | M] () -- C:\Users\Jeff\Desktop\MarketGarden44.exe - Shortcut.lnk
[2012/06/23 01:13:59 | 000,001,059 | ---- | M] () -- C:\Users\Jeff\Desktop\CM Battle for Normandy.lnk
[2012/06/21 13:00:11 | 000,002,337 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/06/15 21:14:44 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe
[2012/06/15 21:13:48 | 000,000,963 | ---- | M] () -- C:\Users\Jeff\Desktop\CM Shock Force.lnk
[2012/06/15 20:57:12 | 000,001,813 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/15 15:46:59 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/15 13:40:45 | 001,558,528 | ---- | C] () -- C:\Users\Jeff\Desktop\RogueKiller.exe
[2012/07/11 12:23:06 | 000,000,915 | ---- | C] () -- C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/07/11 11:47:44 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/07/10 17:29:29 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2012/07/10 17:29:28 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2012/07/10 17:29:23 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2012/07/10 17:29:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/07/10 17:29:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/07/10 17:29:20 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2012/07/10 17:29:18 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2012/07/10 17:29:08 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2012/07/10 17:29:07 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2012/07/10 17:28:49 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2012/07/07 20:55:56 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\IL-2 Sturmovik 1946.lnk
[2012/07/06 22:40:58 | 000,000,659 | ---- | C] () -- C:\Users\Jeff\Desktop\Napoleon's Campaigns.lnk
[2012/07/02 12:33:28 | 000,000,765 | ---- | C] () -- C:\Users\Jeff\Desktop\DAOriginsLauncher.exe - Shortcut.lnk
[2012/06/29 23:14:45 | 000,290,825 | ---- | C] () -- C:\Users\Jeff\Documents\Download Dragon Age Origins Ultimate Edition.exe
[2012/06/29 15:11:56 | 000,002,181 | ---- | C] () -- C:\Users\Jeff\Desktop\Men of War. Assault Squad.lnk
[2012/06/29 13:50:20 | 000,290,825 | ---- | C] () -- C:\Users\Jeff\Documents\Download Men of War Assault Squad Game of the Year edition.exe
[2012/06/26 18:35:49 | 3219,513,344 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/25 22:18:23 | 000,000,929 | ---- | C] () -- C:\Users\Jeff\Desktop\MarketGarden44.exe - Shortcut.lnk
[2012/06/23 01:07:25 | 000,001,059 | ---- | C] () -- C:\Users\Jeff\Desktop\CM Battle for Normandy.lnk
[2012/06/15 21:14:44 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2012/06/15 21:03:54 | 000,000,963 | ---- | C] () -- C:\Users\Jeff\Desktop\CM Shock Force.lnk
[2012/06/15 20:57:12 | 000,001,813 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/06/04 18:51:03 | 000,243,564 | ---- | C] () -- C:\Users\Jeff\AppData\Local\census.cache
[2012/06/04 18:50:46 | 000,193,915 | ---- | C] () -- C:\Users\Jeff\AppData\Local\ars.cache
[2012/06/04 18:39:00 | 000,000,036 | ---- | C] () -- C:\Users\Jeff\AppData\Local\housecall.guid.cache
[2012/05/30 13:40:00 | 000,000,680 | ---- | C] () -- C:\Users\Jeff\AppData\Local\d3d9caps.dat
[2012/05/25 10:19:56 | 000,140,304 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/05/25 10:19:41 | 000,281,032 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012/03/07 15:00:34 | 000,008,192 | -HS- | C] () -- C:\ProgramData\reg546ms.dll
[2011/12/10 23:55:04 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/07/24 12:08:20 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/07/24 12:08:20 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/05/17 20:30:25 | 000,008,192 | -HS- | C] () -- C:\ProgramData\reg441tiff.lib
[2010/11/13 19:39:54 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/09/17 20:24:23 | 000,138,056 | ---- | C] () -- C:\Users\Jeff\AppData\Roaming\PnkBstrK.sys
[2010/09/17 20:24:10 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/09/11 23:37:31 | 000,000,092 | ---- | C] () -- C:\Users\Jeff\AppData\Local\fusioncache.dat
[2010/04/28 02:32:39 | 000,002,992 | ---- | C] () -- C:\Users\Jeff\AppData\Roaming\wklnhst.dat
[2010/02/22 23:16:35 | 000,099,328 | ---- | C] () -- C:\Users\Jeff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/09/11 03:01:38 | 000,009,932 | ---- | C] () -- C:\Users\Jeff\State Farm 79#2.scn
[2003/09/10 23:00:06 | 000,000,274 | ---- | C] () -- C:\Users\Jeff\State Farm 79#2.map
[2003/09/10 20:16:04 | 000,007,932 | ---- | C] () -- C:\Users\Jeff\State Farm 79#1.scn
[2003/09/05 14:25:44 | 000,037,169 | ---- | C] () -- C:\Users\Jeff\State Farm 79.oob
[2003/09/05 03:30:00 | 000,000,117 | ---- | C] () -- C:\Users\Jeff\State Farm 79#1.map
[2003/08/13 22:54:52 | 000,009,140 | ---- | C] () -- C:\Users\Jeff\VLuki.scn
[2003/08/09 15:37:22 | 000,012,482 | ---- | C] () -- C:\Users\Jeff\VLuki.oob
[2003/08/09 14:58:02 | 000,000,102 | ---- | C] () -- C:\Users\Jeff\VLuki.map
[2003/08/09 14:37:06 | 000,004,897 | ---- | C] () -- C:\Users\Jeff\VLuki-full.map
[2003/07/30 05:03:16 | 000,017,708 | ---- | C] () -- C:\Users\Jeff\Blizzard of Steel.scn
[2003/07/30 03:00:46 | 000,015,984 | ---- | C] () -- C:\Users\Jeff\#9_H2H.oob
[2003/07/30 03:00:24 | 000,006,641 | ---- | C] () -- C:\Users\Jeff\#9_H2H.scn
[2003/07/30 02:18:28 | 000,009,243 | ---- | C] () -- C:\Users\Jeff\#6_H2H.scn
[2003/07/30 01:36:24 | 000,016,802 | ---- | C] () -- C:\Users\Jeff\#8_H2H.scn
[2003/07/29 14:29:54 | 000,035,435 | ---- | C] () -- C:\Users\Jeff\#8_H2H.oob
[2003/07/29 12:58:46 | 000,008,841 | ---- | C] () -- C:\Users\Jeff\#7_H2H.scn
[2003/07/28 10:18:44 | 000,004,444 | ---- | C] () -- C:\Users\Jeff\#3_H2H.scn
[2003/07/28 10:13:30 | 000,018,966 | ---- | C] () -- C:\Users\Jeff\#3_H2H.oob
[2003/07/28 04:58:38 | 000,014,853 | ---- | C] () -- C:\Users\Jeff\#2_H2H.scn
[2003/07/28 04:58:20 | 000,006,533 | ---- | C] () -- C:\Users\Jeff\#4_H2H.scn
[2003/07/28 04:58:12 | 000,008,336 | ---- | C] () -- C:\Users\Jeff\#5_H2H.scn
[2003/07/28 04:54:48 | 000,009,708 | ---- | C] () -- C:\Users\Jeff\#1_H2H.scn
[2003/07/22 02:12:56 | 000,029,294 | ---- | C] () -- C:\Users\Jeff\#5_H2H.oob
[2003/07/21 20:53:00 | 000,028,653 | ---- | C] () -- C:\Users\Jeff\#1_H2H.oob
[2003/07/15 09:51:58 | 000,028,894 | ---- | C] () -- C:\Users\Jeff\#2_H2H.oob
[2003/07/04 18:58:08 | 000,007,923 | ---- | C] () -- C:\Users\Jeff\410107-Borisov by Dusk F (Center).scn
[2003/07/04 18:49:12 | 000,007,957 | ---- | C] () -- C:\Users\Jeff\410107-Borisov by Dusk E (Center).scn
[2003/07/04 18:39:20 | 000,007,941 | ---- | C] () -- C:\Users\Jeff\410107-Borisov by Dusk D (Center).scn
[2003/07/04 18:38:00 | 000,007,566 | ---- | C] () -- C:\Users\Jeff\410107-Borisov by Dusk C (Center).scn
[2003/07/04 18:18:20 | 000,007,930 | ---- | C] () -- C:\Users\Jeff\410107-Borisov by Dusk B (Center).scn
[2003/07/04 16:19:20 | 000,007,963 | ---- | C] () -- C:\Users\Jeff\410107-Borisov by Dusk A (Center).scn
[2003/06/22 13:19:22 | 000,014,234 | ---- | C] () -- C:\Users\Jeff\Borisov by Dusk.oob
[2003/06/20 18:15:52 | 000,000,100 | ---- | C] () -- C:\Users\Jeff\Borisov by Dusk.map
[2003/06/18 23:32:00 | 000,009,147 | ---- | C] () -- C:\Users\Jeff\01-Byte Size-Desperate Lunge.scn
[2003/06/18 23:32:00 | 000,004,150 | ---- | C] () -- C:\Users\Jeff\01-Byte Size-Desperate Lunge.oob
[2003/06/18 23:32:00 | 000,000,103 | ---- | C] () -- C:\Users\Jeff\01-Byte Size-Desperate Lunge.map
[2003/06/15 04:21:38 | 000,023,988 | ---- | C] () -- C:\Users\Jeff\Blizzard of Steel.oob
[2003/06/14 03:54:04 | 000,000,169 | ---- | C] () -- C:\Users\Jeff\Blizzard of Steel.map
[2003/06/04 19:57:00 | 000,009,706 | ---- | C] () -- C:\Users\Jeff\04-Byte Size-Fog of War.scn
[2003/06/04 19:57:00 | 000,008,610 | ---- | C] () -- C:\Users\Jeff\04-Byte Size-Fog of War.oob
[2003/06/04 19:57:00 | 000,000,239 | ---- | C] () -- C:\Users\Jeff\04-Byte Size-Fog of War.map
[2003/06/04 14:10:00 | 000,010,288 | ---- | C] () -- C:\Users\Jeff\03-Byte Size-On the Run.scn
[2003/06/04 14:10:00 | 000,006,127 | ---- | C] () -- C:\Users\Jeff\03-Byte Size-On the Run.oob
[2003/06/04 14:10:00 | 000,000,144 | ---- | C] () -- C:\Users\Jeff\03-Byte Size-On the Run.map
[2003/06/03 23:07:00 | 000,008,729 | ---- | C] () -- C:\Users\Jeff\02-Byte Size-Kalach the Key.scn
[2003/06/03 23:07:00 | 000,003,697 | ---- | C] () -- C:\Users\Jeff\02-Byte Size-Kalach the Key.oob
[2003/06/03 23:07:00 | 000,000,031 | ---- | C] () -- C:\Users\Jeff\02-Byte Size-Kalach the Key.map
[2002/04/30 11:18:14 | 000,000,033 | ---- | C] () -- C:\Users\Jeff\#5_H2H.map

========== LOP Check ==========

[2010/12/30 14:31:00 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\AVG10
[2011/11/29 11:45:27 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\AVG2012
[2012/05/28 21:51:48 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\DAEMON Tools Lite
[2011/09/04 18:30:52 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Downloaded Installations
[2010/03/06 15:06:31 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\DriverCure
[2012/07/15 18:15:24 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Dropbox
[2011/03/28 11:44:47 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\HyperLobby
[2012/05/29 15:31:53 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\IObit
[2011/07/19 17:42:32 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\IrfanView
[2011/10/12 22:10:52 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Mount&Blade
[2011/10/12 21:58:13 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Mount&Blade Warband
[2012/04/04 21:53:16 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Out of the Park Developments
[2010/09/02 14:49:48 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Sports Interactive
[2011/11/25 18:29:07 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Stardock
[2010/04/28 02:32:39 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Template
[2012/04/10 14:05:55 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\The Creative Assembly
[2010/11/06 01:29:58 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\W
[2010/12/24 16:31:10 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\wargaming.net
[2012/07/15 14:59:23 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 55920 bytes -> C:\ProgramData:$SS_DESCRIPTOR_MVPUV9PFSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFLPXB564BPLBB5N14D0B8F0LFUTVLJVMVFVV14TE
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:CB0AACC9

< End of report >
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello hattrick1 and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Please note that I can help you only if this is caused by malware. We're going to run some scans and if there is malware we will detect and remove it. Let's begin.

Step 1

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

  • AVP log
  • GMER log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
hattrick1

hattrick1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Hi Maliprog,

Thanks for the help!

Sorry for the delay the scans took forever... The Kaspersky virus removal tool didnt find any threats, so nothing to post.

Here is the GMER log.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-17 14:23:51
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000005c ST325031 rev.3.AH
Running: eikyn6wg.exe; Driver: C:\Users\Jeff\AppData\Local\Temp\ugldypog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwAdjustPrivilegesToken [0xC2A34E36]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwAlpcConnectPort [0xC2A37074]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwAlpcCreatePort [0xC2A372EE]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwAlpcSendWaitReceivePort [0xC2A37564]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwClose [0xC2A3574A]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwConnectPort [0xC2A3657E]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwCreateEvent [0xC2A36AC8]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwCreateFile [0xC2A35A26]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwCreateMutant [0xC2A369AE]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwCreateNamedPipeFile [0xC2A34A24]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwCreatePort [0xC2A36882]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwCreateSection [0xC2A34BCC]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwCreateSemaphore [0xC2A36BE8]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwCreateThread [0xC2A353D0]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwCreateWaitablePort [0xC2A36918]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwDebugActiveProcess [0xC2A382D6]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwDeviceIoControlFile [0xC2A35EA8]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwDuplicateObject [0xC2A394E4]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwFsControlFile [0xC2A35CB6]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwLoadDriver [0xC2A383C8]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwMapViewOfSection [0xC2A38B30]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwOpenEvent [0xC2A36B5E]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwOpenFile [0xC2A357CC]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwOpenMutant [0xC2A36A3E]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwOpenProcess [0xC2A35074]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwOpenSection [0xC2A388CA]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwOpenSemaphore [0xC2A36C7E]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwOpenThread [0xC2A34F64]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwQueryDirectoryObject [0xC2A37868]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwQuerySection [0xC2A38E6A]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwQueueApcThread [0xC2A3875C]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwReplaceKey [0xC2A336DE]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwReplyPort [0xC2A36FE2]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwReplyWaitReceivePort [0xC2A36EA8]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwRequestWaitReplyPort [0xC2A38070]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwRestoreKey [0xC2A33A56]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwResumeThread [0xC2A39386]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwSaveKey [0xC2A33676]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwSecureConnectPort [0xC2A362C4]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwSetContextThread [0xC2A355EC]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwSetInformationToken [0xC2A3790A]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwSetSecurityObject [0xC2A38566]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwSetSystemInformation [0xC2A38FBA]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwSuspendProcess [0xC2A390AC]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwSuspendThread [0xC2A391E6]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwSystemDebugControl [0xC2A381FA]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwTerminateProcess [0xC2A3521A]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwTerminateThread [0xC2A35170]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwUnmapViewOfSection [0xC2A38D0E]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwWriteVirtualMemory [0xC2A35306]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwCreateThreadEx [0xC2A354CE]
SSDT \SystemRoot\system32\DRIVERS\3407049drv.sys ZwCreateUserProcess [0xC2A377AE]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 119 826E17DC 4 Bytes [36, 4E, A3, C2]
.text ntkrnlpa.exe!KeSetEvent + 13D 826E1800 8 Bytes [74, 70, A3, C2, EE, 72, A3, ...]
.text ntkrnlpa.exe!KeSetEvent + 181 826E1844 4 Bytes [64, 75, A3, C2]
.text ntkrnlpa.exe!KeSetEvent + 1A9 826E186C 4 Bytes [4A, 57, A3, C2]
.text ntkrnlpa.exe!KeSetEvent + 1C1 826E1884 4 Bytes [7E, 65, A3, C2]
.text ...
? system32\DRIVERS\3407049drv.sys The system cannot find the path specified. !
? system32\DRIVERS\18077080.sys The system cannot find the path specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1A0D252D-9280-86B1-A654-C8B1708927E0}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1A0D252D-9280-86B1-A654-C8B1708927E0}@haoohkenppdfiaeg 0x6A 0x61 0x6D 0x6B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1A0D252D-9280-86B1-A654-C8B1708927E0}@iaiobabhffiddmgjnd 0x6A 0x61 0x6C 0x6B ...

---- EOF - GMER 1.0.15 ----
  • 0

#4
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
I don't see any type of infection in your logs. Let's try to clean your system a little bit and see if that helps. Test it after these three steps and let me know results.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Step 2

  • Go to Start -> My Computer
  • Right click on C: disk and clik on Properties
  • Click on tab Tools and click on Check now... button
  • Check Automatically fix system errors and Scan for and attempt recovery of bad sectors
  • Click Start button
  • Confirm schedule disk check next time computer starts with Yes button
  • Restart your system and wait while system checks your disk for errors

Step 3

Download and run Puran Disc Defragmenter
Click on Boot Time Defrag button and choose Restart-Defrag-Restart

Posted Image
  • 0

#5
hattrick1

hattrick1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

I don't see any type of infection in your logs. Let's try to clean your system a little bit and see if that helps. Test it after these three steps and let me know results.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Step 2

  • Go to Start -> My Computer
  • Right click on C: disk and clik on Properties
  • Click on tab Tools and click on Check now... button
  • Check Automatically fix system errors and Scan for and attempt recovery of bad sectors
  • Click Start button
  • Confirm schedule disk check next time computer starts with Yes button
  • Restart your system and wait while system checks your disk for errors

Step 3

Download and run Puran Disc Defragmenter
Click on Boot Time Defrag button and choose Restart-Defrag-Restart

Posted Image


Hi Maliprog,

I have done all that you suggested and then reinstalled some games. It seems they are better just not perfect. I can say that the only way for me to fix things is going to be a reinstall of windows.

Thank you very much for you assistance, its greatly appreciated..
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi hattrick1,

Your logs and system are clean now. This problem is not caused by malware.

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [clearallrestorepoints]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
Step 2

We need to clean up your PC from programs we used.

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end.

In case that any of the software we used in this fix still remains on your system please delete it manually (Right click on it and select Delete).

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Something to read

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

2. Make Backups of Important Files

Please read this article Home Computer Data Backup.

3. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#7
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP