Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Prompts to create Macromedia Flash .sols, IE randomly opening to amazo

Started by Synthergy , Dec 20 2012 08:25 AM

  • Please log in to reply

#16
Synthergy
Posted 28 December 2012 - 05:03 AM

Synthergy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
First Log---

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-12-28 04:59:56
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000059 ST350063 rev.3.AA
Running: nyw5wdfr.exe; Driver: C:\Users\Dad\AppData\Local\Temp\uwldapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x9179828A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x917B2342]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x917B2678]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x917B29EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x91798D04]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x917B202A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x91799276]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x91799164]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x917B24E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x91798046]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x9179938E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x917988BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x917B25B0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x9179974E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x91798D46]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x9179A750]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x91799840]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x91799DAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwNotifyChangeKey [0x917B0840]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x91799308]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x917991F0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x917984C4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x91799B90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x91799420]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x917983B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x9179955C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryObject [0x917B0A38]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x9179A0D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x917999E0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x917B27DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x917B272A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x917B2848]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x9179A5F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x917B21B2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x91798BA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x917995FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x9179A222]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x9179A316]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x9179A450]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x91799670]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x91798664]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x917985BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x91799F8A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x91798750]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x91798A2A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x917994A6]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 119 836BF7DC 4 Bytes [8A, 82, 79, 91]
.text ntkrnlpa.exe!KeSetEvent + 13D 836BF800 8 Bytes [42, 23, 7B, 91, 78, 26, 7B, ...] {INC EDX; AND EDI, [EBX-0x6f]; JS 0x2c; JNP 0xffffffffffffff99}
.text ntkrnlpa.exe!KeSetEvent + 181 836BF844 4 Bytes [EE, 29, 7B, 91] {OUT DX, AL ; SUB [EBX-0x6f], EDI}
.text ntkrnlpa.exe!KeSetEvent + 1A9 836BF86C 4 Bytes [04, 8D, 79, 91] {ADD AL, 0x8d; JNS 0xffffffffffffff95}
.text ntkrnlpa.exe!KeSetEvent + 1C1 836BF884 4 Bytes [2A, 20, 7B, 91] {SUB AH, [EAX]; JNP 0xffffffffffffff95}
.text ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74177817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [741BB4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7417BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7416F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741775E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7416E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [741A73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7417DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7416FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7416FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741671CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [741FCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7419C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7416D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74166853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7416687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74172AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
  • 0

Advertisements

#17
Synthergy
Posted 28 December 2012 - 05:18 AM

Synthergy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Second Log--- only non-MS files---

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-12-28 05:15:01
Windows 6.0.6002 Service Pack 2
Running: nyw5wdfr.exe; Driver: C:\Users\Dad\AppData\Local\Temp\uwldapow.sys


---- Modules - GMER 1.0.15 ----

Module \SystemRoot\system32\DRIVERS\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) 8460F000-84B31000 (5382144 bytes)
Module \SystemRoot\system32\drivers\nvstor.sys (NVIDIA® nForce™ Sata Performance Driver/NVIDIA Corporation) 84BE5000-84BF2000 (53248 bytes)
Module \SystemRoot\system32\DRIVERS\nvstor32.sys (NVIDIA® nForce™ Sata Performance Driver/NVIDIA Corporation) 80757000-8078F000 (229376 bytes)
Module \SystemRoot\system32\DRIVERS\timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) 8BB14000-8BB7F000 (438272 bytes)
Module \SystemRoot\system32\DRIVERS\tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) 8BD52000-8BDAB000 (364544 bytes)
Module \SystemRoot\system32\DRIVERS\snapman.sys (Acronis Snapshot API/Acronis) 8BDB3000-8BDD1000 (122880 bytes)
Module \SystemRoot\system32\DRIVERS\nvlddmkm.sys (NVIDIA Windows Kernel Mode Driver, Version 310.70 /NVIDIA Corporation) 9020A000-90B19000 (9498624 bytes)
Module \SystemRoot\System32\Drivers\nvBridge.kmd (NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 270.61 /NVIDIA Corporation) 90B19000-90B1B000 (8192 bytes)
Module \SystemRoot\system32\DRIVERS\nvmfdx32.sys (NVIDIA MCP Networking Function Driver./NVIDIA Corporation) 90E02000-90EFD000 (1028096 bytes)
Module \SystemRoot\system32\DRIVERS\rzjoystk.sys (Razer JoyStick Device/Razer USA Ltd) 90EFD000-90F06000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\rzhidmap.sys (Filter Driver for Razer Interface/Razer USA Ltd) 90F06000-90F0E000 (32768 bytes)
Module \SystemRoot\system32\DRIVERS\VClone.sys (VirtualCloneCD Driver/Elaborate Bytes AG) 90D21000-90D2D000 (49152 bytes)
Module \SystemRoot\system32\drivers\WmBEnum.sys (Logitech WingMan Virtual Bus Enumerator Driver/Logitech Inc.) 90FF9000-90FFD000 (16384 bytes)
Module \SystemRoot\system32\drivers\WmXlCore.sys (Logitech WingMan Translation Driver/Logitech Inc.) 90D7D000-90D8C000 (61440 bytes)
Module \SystemRoot\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) 90D8C000-90D96000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) 90DA3000-90DAD000 (40960 bytes)
Module \SystemRoot\system32\drivers\RTKVHDA.sys (Realtek® High Definition Audio Function Driver/Realtek Semiconductor Corp.) 91400000-91716000 (3235840 bytes)
Module \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) 91768000-917FD000 (610304 bytes)
Module \SystemRoot\system32\drivers\rdpencdd.sys (RDP Miniport/Microsoft Corporation) 90200000-90208000 (32768 bytes)
Module \SystemRoot\system32\DRIVERS\kl2.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) 90C00000-90C06000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\klim6.sys (Kaspersky Lab Intermediate Network Driver/Kaspersky Lab ZAO) 91ABA000-91AC2000 (32768 bytes)
Module \SystemRoot\System32\Drivers\ElbyCDIO.sys (ElbyCD Windows NT/2000/XP I/O driver/Elaborate Bytes AG) 91B29000-91B33000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\LHidFilt.Sys (Logitech HID Filter Driver./Logitech, Inc.) 91B61000-91B69000 (32768 bytes)
Module \SystemRoot\system32\DRIVERS\LMouFilt.Sys (Logitech Mouse Filter Driver./Logitech, Inc.) 91B7A000-91B82000 (32768 bytes)
Module \SystemRoot\system32\DRIVERS\klmouflt.sys (KLMOUFLT Mouse Device Filter [fre_wlh_x86]/Kaspersky Lab) 91B82000-91B8B000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\RzSynapse.sys (Razer Synapse Engine/Razer USA Ltd) 91BDA000-91BFA000 (131072 bytes)
Module \SystemRoot\System32\TSDDD.dll (Framebuffer Display Driver/Microsoft Corporation) 9AC20000-9AC29000 (36864 bytes)
Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) 9AC50000-9AC9D000 (315392 bytes)
Module \SystemRoot\system32\DRIVERS\tifsfilt.sys (Acronis True Image File System Filter/Acronis) 84600000-8460A000 (40960 bytes)
Module \SystemRoot\System32\Drivers\secdrv.SYS (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) A1200000-A120A000 (40960 bytes)
Module \??\C:\Users\Dad\AppData\Local\Temp\uwldapow.sys (GMER) AF02F000-AF048000 (102400 bytes)

---- Processes - GMER 1.0.15 ----

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 212
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75120000
Library C:\Windows\System32\npmproxy.dll (Network List Manager Proxy/Microsoft Corporation) 0x6EAE0000

Process C:\Windows\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 764
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000

Process C:\Windows\system32\wininit.exe (Windows Start-Up Application/Microsoft Corporation) 824
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75120000

Process C:\Windows\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 836
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000

Process C:\Windows\system32\services.exe (Services and Controller app/Microsoft Corporation) 868
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75120000

Process C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) 880
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75120000
Library C:\Windows\system32\relog_ap.dll (Acronis Relogon Authentication Package/Acronis) 0x10000000
Library C:\Windows\system32\pstorsvc.dll (Protected storage server/Microsoft Corporation) 0x69500000

Process C:\Windows\system32\lsm.exe (Local Session Manager Service/Microsoft Corporation) 888
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75120000

Process C:\Windows\system32\winlogon.exe (Windows Logon Application/Microsoft Corporation) 936
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1088
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75120000

Process C:\Windows\system32\nvvsvc.exe (NVIDIA Driver Helper Service, Version 310.70/NVIDIA Corporation) 1132
Library C:\Windows\system32\nvvsvc.exe (NVIDIA Driver Helper Service, Version 310.70/NVIDIA Corporation) 0x00110000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll (NVIDIA User Experience Driver Component/NVIDIA Corporation) 0x734A0000

Process C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Stereo Vision Control Panel API Server/NVIDIA Corporation) 1144
Library C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Stereo Vision Control Panel API Server/NVIDIA Corporation) 0x00400000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1184
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75120000

Process C:\Windows\system32\Dwm.exe (Desktop Window Manager/Microsoft Corporation) 1264
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\nvd3dum.dll (NVIDIA WDDM D3D Driver, Version 310.70 /NVIDIA Corporation) 0x709A0000
Library C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPI.dll (NVIDIA 3D Vision Control Panel API/NVIDIA Corporation) 0x10000000

Process C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1280
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\System32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75120000
Library C:\Windows\system32\RtkAPO.dll (Realtek® LFX/GFX DSP component/Realtek Semiconductor Corp.) 0x73900000

Process C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1304
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library c:\windows\system32\tabsvc.dll (Microsoft Tablet PC Input Service/Microsoft Corporation) 0x736C0000
Library c:\windows\system32\l2gpstore.dll (Policy Storage dll/Microsoft Corporation) 0x731E0000
Library C:\Windows\System32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75120000
Library C:\Windows\System32\ACTIVEDS.dll (ADs Router Layer DLL/Microsoft Corporation) 0x71C60000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1316
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75120000
Library C:\Windows\system32\ACTIVEDS.dll (ADs Router Layer DLL/Microsoft Corporation) 0x71C60000
Library C:\Windows\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x74A90000
Library C:\Windows\system32\vsstrace.dll (Microsoft® Volume Shadow Copy Requestor/Writer tracing DLL/Microsoft Corporation) 0x70030000
Library C:\Windows\system32\wbem\ncprov.dll (Non-COM WMI Event Provision APIs/Microsoft Corporation) 0x69FA0000

Process C:\Windows\system32\AUDIODG.EXE (Windows Audio Device Graph Isolation /Microsoft Corporation) 1428
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\RtkAPO.dll (Realtek® LFX/GFX DSP component/Realtek Semiconductor Corp.) 0x73900000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1456
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000

Process C:\Windows\system32\SLsvc.exe (Microsoft Software Licensing Service/Microsoft Corporation) 1476
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1520
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75120000
Library c:\windows\system32\webclnt.dll (Web DAV Service DLL/Microsoft Corporation) 0x71DC0000
Library C:\Windows\System32\npmproxy.dll (Network List Manager Proxy/Microsoft Corporation) 0x6EAE0000
Library c:\windows\system32\upnphost.dll (UPnP Device Host/Microsoft Corporation) 0x67B50000

Process C:\Program Files\Windows Media Player\wmpnscfg.exe (Windows Media Player Network Sharing Service Configuration Application/Microsoft Corporation) 1564
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000

Process C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA User Experience Driver Component/NVIDIA Corporation) 1628
Library C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA User Experience Driver Component/NVIDIA Corporation) 0x00AF0000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Program Files\NVIDIA Corporation\Display\nvxdapix.dll (NVIDIA User Experience Driver Component/NVIDIA Corporation) 0x724D0000
Library C:\Program Files\NVIDIA Corporation\Display\NvUI.dll (NVIDIA User Experience Driver Component/NVIDIA Corporation) 0x72BD0000
Library C:\Windows\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x74A90000
Library C:\Windows\system32\nvapi.dll (NVIDIA NVAPI Library, Version 310.70 /NVIDIA Corporation) 0x728A0000
Library C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll (NVIDIA User Experience Driver Component/NVIDIA Corporation) 0x734A0000
Library C:\Program Files\NVIDIA Corporation\Display\nvxdplcy.dll (NVIDIA User Experience Driver Component/NVIDIA Corporation) 0x71F60000

Process C:\Windows\system32\nvvsvc.exe (NVIDIA Driver Helper Service, Version 310.70/NVIDIA Corporation) 1640
Library C:\Windows\system32\nvvsvc.exe (NVIDIA Driver Helper Service, Version 310.70/NVIDIA Corporation) 0x00110000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\NVSVC.DLL (NVIDIA Driver Helper Service, Version 310.70/NVIDIA Corporation) 0x72F00000
Library C:\Windows\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x74A90000
Library C:\Windows\system32\nvapi.dll (NVIDIA NVAPI Library, Version 310.70 /NVIDIA Corporation) 0x728A0000
Library C:\Windows\system32\NVSVCR.DLL (NVIDIA Driver Helper Service, Version 266.58/NVIDIA Corporation) 0x10000000
Library C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll (NVIDIA User Experience Driver Component/NVIDIA Corporation) 0x734A0000
Library C:\Program Files\NVIDIA Corporation\Display\nvxdplcy.dll (NVIDIA User Experience Driver Component/NVIDIA Corporation) 0x71F60000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1772
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library c:\windows\system32\vsstrace.dll (Microsoft® Volume Shadow Copy Requestor/Writer tracing DLL/Microsoft Corporation) 0x70030000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75120000
Library c:\windows\system32\ACTIVEDS.dll (ADs Router Layer DLL/Microsoft Corporation) 0x71C60000
Library C:\Windows\system32\ndptsp.tsp (NDIS Proxy TAPI Service Provider/Microsoft Corporation) 0x6CAE0000

Process C:\Windows\System32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 2040
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\System32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75120000
Library C:\Windows\System32\CNCALAL.DLL (Canon Inkjet Fax Driver/CANON INC.) 0x705B0000
Library C:\Windows\System32\CNMLMAL.DLL (IJ Language Monitor/CANON INC.) 0x70520000
Library C:\Windows\System32\CNMNPPM.DLL (Canon IJ Network 32bit comm Module/CANON INC.) 0x00850000
Library C:\Windows\System32\usbmon.dll (Standard Dynamic Printing Port Monitor DLL/Microsoft Corporation) 0x6FA60000
Library C:\Windows\system32\spool\PRTPROCS\W32X86\CNMPDAL.DLL (IJ Print Processor Dispatcher/CANON INC.) 0x6CAF0000

Process C:\Windows\system32\taskeng.exe (Task Scheduler Engine/Microsoft Corporation) 2072
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x73F40000
Library C:\Windows\system32\pautoenr.dll (Auto Enrollment DLL/Microsoft Corporation) 0x63760000

Process C:\Windows\Explorer.EXE (Windows Explorer/Microsoft Corporation) 2088
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x74A90000
Library C:\Windows\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x73F40000
Library C:\Windows\System32\npmproxy.dll (Network List Manager Proxy/Microsoft Corporation) 0x6EAE0000
Library C:\Windows\system32\wscntfy.dll (Windows Security Center Notification App/Microsoft Corporation) 0x65210000
Library C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\prremote.dll (PR_REMOTE/Kaspersky Lab ZAO) 0x70110000
Library C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\prloader.dll (Prague Loader/Kaspersky Lab ZAO) 0x054A0000
Library C:\Program Files\Acronis\TrueImageHome\tishell.dll (Acronis True Image Shell Extensions/Acronis) 0x10000000
Library C:\Program Files\Acronis\TrueImageHome\timounter.dll (timounter Dynamic Link Library/Acronis) 0x03820000
Library C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll (Nero BackItUp/Nero AG) 0x04080000
Library C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Anti-Malware/Malwarebytes Corporation) 0x69B30000
Library C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\shellex.dll (Windows Shell Extension/Kaspersky Lab ZAO) 0x03C20000

Process C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis Scheduler 2/Acronis) 2156
Library C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis Scheduler 2/Acronis) 0x00400000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000

Process C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Acrobat Update Service/Adobe Systems Incorporated) 2184
Library C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Acrobat Update Service/Adobe Systems Incorporated) 0x00F30000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000

Process C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero BackItUp/Nero AG) 2280
Library C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero BackItUp/Nero AG) 0x00400000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Program Files\Nero\Nero8\Nero BackItUp\NB.dll (Nero BackItUp/Nero AG) 0x10000000
Library C:\Program Files\Nero\Nero8\Nero BackItUp\NeroAPIGlueLayerUnicode.dll (NeroAPIGlueLayerUnicode/Nero AG) 0x00390000
Library C:\Program Files\Nero\Nero8\Nero BackItUp\LBFC.dll (Nero BackItUp/Nero AG) 0x01600000
Library C:\Program Files\Nero\Nero8\Nero BackItUp\NBHDMgr.dll (Nero BackItUp/Nero AG) 0x01670000

Process C:\Windows\system32\IoctlSvc.exe (PLFlash DeviceIoControl Service/Prolific Technology Inc.) 2460
Library C:\Windows\system32\IoctlSvc.exe (PLFlash DeviceIoControl Service/Prolific Technology Inc.) 0x00400000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 2484
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75120000

Process C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (MemeoDashboardService/Memeo) 2520
Library C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (MemeoDashboardService/Memeo) 0x00970000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Program Files\Seagate\Seagate Dashboard\Memeo.Common.dll (Memeo.Common/Memeo) 0x6F960000
Library C:\Program Files\Seagate\Seagate Dashboard\Memeo.Dashboard.Remote.dll (Memeo.Dashboard.Remote/Memeo) 0x6F3A0000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 2612
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75120000

Process C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe 2660
Library C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe 0x00400000
Library C:\Windows\system32\acrotls.dll (TLS for Win32/Acronis) 0x10000000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Program Files\Common Files\Acronis\Common\resource.dll (Resource Loader for Win32/Acronis) 0x00900000
Library C:\Program Files\Common Files\Acronis\Common\gc.dll (GC/Acronis) 0x003F0000
Library C:\Program Files\Common Files\Acronis\Common\icu34.dll (IBM ICU Common DLL/IBM Corporation and others) 0x00FE0000
Library C:\Program Files\Common Files\Acronis\Common\icudt34.dll (ICU Data DLL/IBM Corporation and others) 0x01100000

Process C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 2724
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000

Process C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft® Windows Live ID Service/Microsoft Corp.) 2760
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75120000

Process C:\Windows\system32\SearchIndexer.exe (Microsoft Windows Search Indexer/Microsoft Corporation) 2832
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75120000
Library C:\Windows\system32\vsstrace.dll (Microsoft® Volume Shadow Copy Requestor/Writer tracing DLL/Microsoft Corporation) 0x70030000

Process C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft® Windows Live ID Service Monitor/Microsoft Corp.) 2928
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000

Process C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe (NVIDIA RAID Service English language/NVIDIA Corporation) 2940
Library C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe (NVIDIA RAID Service English language/NVIDIA Corporation) 0x01000000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Program Files\NVIDIA Corporation\Raid\NvRaidSvENU.dll (NVIDIA NVRAID Service U.S. English Resources/NVIDIA Corporation) 0x00E00000

Process C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE (Logitech KHAL Main Process/Logitech, Inc.) 3096
Library C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE (Logitech KHAL Main Process/Logitech, Inc.) 0x00400000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Program Files\Common Files\LogiShrd\KHAL3\KHALAPI.DLL (Logitech KHAL Client Interface/Logitech, Inc.) 0x10000000
Library C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.dll (Logitech Bluetooth API/Logitech, Inc.) 0x00460000
Library C:\Program Files\Common Files\LogiShrd\KHAL3\KHALITCH.DLL (Logitech KHAL Keyboard Interface/Logitech, Inc.) 0x00BA0000
Library C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMW.DLL (Logitech KHAL Mouse Interface/Logitech, Inc.) 0x00BF0000
Library C:\Program Files\Common Files\LogiShrd\KHAL3\KHALHPP.DLL (Logitech KHAL HID++ Interface/Logitech, Inc.) 0x02B30000
Library C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMOU.DLL (Logitech KHAL Mouse Filter Interface/Logitech, Inc.) 0x02820000
Library C:\Program Files\Common Files\LogiShrd\KHAL3\KHALHID.DLL (Logitech KHAL HID Filter Interface/Logitech, Inc.) 0x02BF0000
Library C:\Program Files\Common Files\LogiShrd\KHAL3\KHALUSB.DLL (Logitech KHAL USB Filter Interface/Logitech, Inc.) 0x02C50000

Process C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek HD Audio Manager/Realtek Semiconductor) 3620
Library C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek HD Audio Manager/Realtek Semiconductor) 0x00400000
Library C:\Windows\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x74A90000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000

Process C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis True Image Monitor/Acronis) 3628
Library C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis True Image Monitor/Acronis) 0x00400000
Library C:\Windows\system32\snapapi.dll (Acronis Snapshot Dynamic Link Library/Acronis) 0x10000000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Program Files\Common Files\Acronis\Common\resource.dll (Resource Loader for Win32/Acronis) 0x00390000
Library C:\Program Files\Common Files\Acronis\Common\gc.dll (GC/Acronis) 0x00370000
Library C:\Program Files\Common Files\Acronis\Fomatik\tdrpapi.dll (Acronis Try&Decide and Restore Points Volume Library/Acronis) 0x02110000
Library C:\Program Files\Common Files\Acronis\Common\rpc_client.dll (Acronis Dynamic RPC Client/Acronis) 0x003D0000

Process C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Monitor for Acronis True Image Backup Archive Explorer/Acronis) 3636
Library C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Monitor for Acronis True Image Backup Archive Explorer/Acronis) 0x00400000
Library C:\Program Files\Acronis\TrueImageHome\fox.dll 0x10000000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\msimg32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x74A90000
Library C:\Program Files\Common Files\Acronis\Common\icu34.dll (IBM ICU Common DLL/IBM Corporation and others) 0x01F70000
Library C:\Program Files\Common Files\Acronis\Common\icudt34.dll (ICU Data DLL/IBM Corporation and others) 0x02090000

Process C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis Scheduler Helper/Acronis) 3652
Library C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis Scheduler Helper/Acronis) 0x00400000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000

Process C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech SetPoint Event Manager (UNICODE)/Logitech, Inc.) 3664
Library C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech SetPoint Event Manager (UNICODE)/Logitech, Inc.) 0x00400000
Library C:\Program Files\Logitech\SetPointP\khalwrapper.dll (Logitech KHAL Wrapper (UNICODE)/Logitech, Inc.) 0x10000000
Library C:\Program Files\Logitech\SetPointP\KemUtil.dll (Logitech Utility (UNICODE)/Logitech, Inc.) 0x10700000
Library C:\Windows\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x74A90000
Library C:\Program Files\Logitech\SetPointP\KemXML.dll (Logitech XML Support (UNICODE)/Logitech, Inc.) 0x10900000
Library C:\Program Files\Logitech\SetPointP\kemutb.dll (Logitech Ultimate Toolbox (UNICODE)/Logitech, Inc.) 0x10800000
Library C:\Program Files\Logitech\SetPointP\KemWnd.dll (Logitech Windows Utilities Support (UNICODE)/Logitech, Inc.) 0x10B00000
Library C:\Program Files\Logitech\SetPointP\SetPointCOM.dll (Logitech Utility (UNICODE)/Logitech, Inc.) 0x12A00000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll (Logitech MacroCore (UNICODE)/Logitech, Inc.) 0x10600000
Library C:\Program Files\Logitech\SetPointP\WebBrowserSupport.dll (Logitech Web Browser Support (UNICODE)/Logitech, Inc.) 0x1F900000
Library C:\Program Files\Logitech\SetPointP\Macros\MacroAppSwitch.dll (Logitech MacroAppSwitch (UNICODE)/Logitech, Inc.) 0x02520000
Library C:\Program Files\Logitech\SetPointP\Macros\MacroMedia.dll (Logitech SetPoint User Interface (UNICODE)/Logitech, Inc.) 0x10F00000
Library C:\Program Files\Logitech\SetPointP\Macros\MacroEmail.dll (Logitech Email and IM Support (UNICODE)/Logitech, Inc.) 0x02570000
Library C:\Program Files\Logitech\SetPointP\KemMon.dll (Logitech Common Hooks (UNICODE)/Logitech, Inc.) 0x10300000
Library C:\Program Files\Common Files\LogiShrd\KHAL3\KhalApi.dll (Logitech KHAL Client Interface/Logitech, Inc.) 0x02F00000
Library C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.dll (Logitech Bluetooth API/Logitech, Inc.) 0x034D0000
Library C:\Program Files\Logitech\SetPointP\kgame.dll (Logitech Gaming Support (UNICODE)/Logitech, Inc.) 0x10E00000
Library C:\Program Files\Logitech\SetPointP\LCabHandler.dll (Handlers Cab files with device files (UNICODE)/Logitech, Inc.) 0x10A00000

Process C:\Program Files\Razer\Nostromo\RazerNostromoSysTray.exe (Razer Nostromo Systray/Razer USA Ltd) 3772
Library C:\Program Files\Razer\Nostromo\RazerNostromoSysTray.exe (Razer Nostromo Systray/Razer USA Ltd) 0x001B0000
Library C:\Windows\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x74A90000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\RzMwApi.dll (Razer Middleware/Razer USA Ltd) 0x5D4D0000

Process C:\Users\Dad\Downloads\nyw5wdfr.exe 3892
Library C:\Users\Dad\Downloads\nyw5wdfr.exe 0x00400000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000

Process C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Settings/NVIDIA Corporation) 3900
Library C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Settings/NVIDIA Corporation) 0x00070000
Library C:\Program Files\NVIDIA Corporation\Display\NvUI.dll (NVIDIA User Experience Driver Component/NVIDIA Corporation) 0x72BD0000
Library C:\Windows\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x74A90000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Program Files\NVIDIA Corporation\Update Common\easyDaemonAPIU.DLL (Easy daemon API/NVIDIA Corporation) 0x68C70000
Library C:\Program Files\NVIDIA Corporation\Update Common\NvUpdt.dll (NVIDIA Update Components, 1.11.3.0/NVIDIA Corporation) 0x687A0000
Library C:\Program Files\NVIDIA Corporation\Update Common\NVUPDTR.DLL (NVIDIA US English language resource library/NVIDIA Corporation) 0x6C740000

Process C:\Program Files\Common Files\Java\Java Update\jusched.exe (Java™ Update Scheduler/Sun Microsystems, Inc.) 3920
Library C:\Program Files\Common Files\Java\Java Update\jusched.exe (Java™ Update Scheduler/Sun Microsystems, Inc.) 0x00400000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000

Process C:\Program Files\Windows Media Player\wmpnetwk.exe (Windows Media Player Network Sharing Service/Microsoft Corporation) 3984
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\upnphost.dll (UPnP Device Host/Microsoft Corporation) 0x67B50000
Library C:\Windows\System32\npmproxy.dll (Network List Manager Proxy/Microsoft Corporation) 0x6EAE0000

Process C:\Windows\system32\taskeng.exe (Task Scheduler Engine/Microsoft Corporation) 4128
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\pautoenr.dll (Auto Enrollment DLL/Microsoft Corporation) 0x63760000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 4924
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000
Library c:\windows\system32\fntcache.dll (Windows Font Cache Service/Microsoft Corporation) 0x619C0000

Process C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Settings Update Manager/NVIDIA Corporation) 4932
Library C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Settings Update Manager/NVIDIA Corporation) 0x01390000
Library C:\Windows\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5EC10000
Library C:\Windows\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x73F40000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000

Process C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (wpffontcache_v0400.exe/Microsoft Corporation) 6128
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75DC0000

---- Services - GMER 1.0.15 ----

Service C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis Scheduler 2/Acronis) [AUTO] AcrSch2Svc
Service C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Acrobat Update Service/Adobe Systems Incorporated) [AUTO] AdobeARMservice
Service C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe® Flash® Player Update Service 11.5 r502/Adobe Systems Incorporated) [MANUAL] AdobeFlashPlayerUpdateSvc
Service Aspi32
Service C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Anti-Virus/Kaspersky Lab ZAO) [AUTO] AVP
Service C:\Windows\system32\drivers\brfiltlo.sys (Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltLo
Service C:\Windows\system32\drivers\brfiltup.sys (Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltUp
Service C:\Windows\system32\drivers\brusbser.sys (Brother USB Serial Driver/Brother Industries Ltd.) [MANUAL] BrUsbSer
Service BTHPORT
Service C:\Users\Dad\AppData\Local\Temp\catchme.sys [MANUAL] catchme
Service C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel® PRO/1000 Adapter NDIS 6 deserialized driver/Intel Corporation) [MANUAL] E1G60
Service C:\Windows\System32\Drivers\ElbyCDIO.sys (ElbyCD Windows NT/2000/XP I/O driver/Elaborate Bytes AG) [SYSTEM] ElbyCDIO
Service C:\Windows\system32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) [MANUAL] flpydisk
Service C:\Windows\system32\drivers\RTKVHDA.sys (Realtek® High Definition Audio Function Driver/Realtek Semiconductor Corp.) [MANUAL] IntcAzAudAddService
Service system32\DRIVERS\ipinip.sys [MANUAL] IpInIp
Service C:\Windows\System32\Drivers\JmtFltr.sys [MANUAL] JmtFltr
Service C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) [BOOT] KL1
Service C:\Windows\system32\DRIVERS\kl2.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) [SYSTEM] kl2
Service C:\Windows\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) [SYSTEM] KLIF
Service C:\Windows\system32\DRIVERS\klim6.sys (Kaspersky Lab Intermediate Network Driver/Kaspersky Lab ZAO) [SYSTEM] KLIM6
Service C:\Windows\system32\DRIVERS\klmouflt.sys (KLMOUFLT Mouse Device Filter [fre_wlh_x86]/Kaspersky Lab) [MANUAL] klmouflt
Service C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe (Logitech Bluetooth Service/Logitech, Inc.) [MANUAL] LBTServ
Service C:\Windows\system32\DRIVERS\LHidFilt.Sys (Logitech HID Filter Driver./Logitech, Inc.) [MANUAL] LHidFilt
Service C:\Windows\system32\DRIVERS\LMouFilt.Sys (Logitech Mouse Filter Driver./Logitech, Inc.) [MANUAL] LMouFilt
Service C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) [MANUAL] MozillaMaintenance
Service MSDTC Bridge 3.0.0.0
Service MSDTC Bridge 4.0.0.0
Service C:\Windows\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [MANUAL] mssmbios
Service C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero BackItUp/Nero AG) [AUTO] Nero BackItUp Scheduler 3
Service C:\Windows\system32\DRIVERS\nvmfdx32.sys (NVIDIA MCP Networking Function Driver./NVIDIA Corporation) [MANUAL] NVENETFD
Service C:\Windows\system32\DRIVERS\nvlddmkm.sys (NVIDIA Windows Kernel Mode Driver, Version 310.70 /NVIDIA Corporation) [MANUAL] nvlddmkm
Service C:\Windows\nvflash.sys [AUTO] NVR0FLASHDev
Service C:\Windows\system32\drivers\nvstor.sys (NVIDIA® nForce™ Sata Performance Driver/NVIDIA Corporation) [BOOT] nvstor
Service C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA® nForce™ Sata Performance Driver/NVIDIA Corporation) [BOOT] nvstor32
Service C:\Windows\system32\nvvsvc.exe (NVIDIA Driver Helper Service, Version 310.70/NVIDIA Corporation) [AUTO] nvsvc
Service C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Settings Update Manager/NVIDIA Corporation) [AUTO] nvUpdatusService
Service system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt
Service system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd
Service C:\Windows\system32\IoctlSvc.exe (PLFlash DeviceIoControl Service/Prolific Technology Inc.) [AUTO] PLFlash DeviceIoControl Service
Service C:\Windows\system32\DRIVERS\WUSB20XP.sys (PRISM Wireless NDIS 5.1 Driver/Cisco-Linksys, LLC.) [MANUAL] PRISM_A02
Service C:\Windows\system32\drivers\rdpencdd.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPENCDD
Service C:\Windows\system32\DRIVERS\rzhidmap.sys (Filter Driver for Razer Interface/Razer USA Ltd) [MANUAL] rzhidmap
Service C:\Windows\system32\DRIVERS\rzjoystk.sys (Razer JoyStick Device/Razer USA Ltd) [MANUAL] rzjoystk
Service C:\Windows\system32\DRIVERS\RzSynapse.sys (Razer Synapse Engine/Razer USA Ltd) [MANUAL] RzSynapse
Service C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (MemeoDashboardService/Memeo) [AUTO] SeagateDashboardService
Service (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [AUTO] secdrv
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelService 3.0.0.0
Service C:\Windows\system32\drivers\sffp_sd.sys (Small Form Factor SD Protocol Driver/Microsoft Corporation) [MANUAL] sffp_sd
Service C:\Program Files\Skype\Updater\Updater.exe (Skype Updater Service/Skype Technologies) [AUTO] SkypeUpdate
Service SMSvcHost 3.0.0.0
Service SMSvcHost 4.0.0.0
Service C:\Windows\system32\DRIVERS\snapman.sys (Acronis Snapshot API/Acronis) [BOOT] snapman
Service C:\Windows\system32\DRIVERS\sscdbus.sys (SAMSUNG USB Composite Device Driver/MCCI) [MANUAL] sscdbus
Service C:\Windows\system32\DRIVERS\sscdmdfl.sys (SAMSUNG CDMA Modem Filter Driver/MCCI) [MANUAL] sscdmdfl
Service C:\Windows\system32\DRIVERS\sscdmdm.sys (SAMSUNG CDMA Modem WDM/MCCI) [MANUAL] sscdmdm
Service C:\Windows\system32\DRIVERS\sscdserd.sys (SAMSUNG CDMA Modem Diagnostic Serial Port Device Driver/MCCI) [MANUAL] sscdserd
Service C:\Program [MANUAL] Steam Client Service
Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Stereo Vision Control Panel API Server/NVIDIA Corporation) [AUTO] Stereo Service
Service C:\Windows\system32\DRIVERS\tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) [BOOT] tdrpman
Service C:\Windows\system32\DRIVERS\tifsfilt.sys (Acronis True Image File System Filter/Acronis) [AUTO] tifsfilter
Service C:\Windows\system32\DRIVERS\timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) [BOOT] timounter
Service C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [AUTO] TryAndDecideService
Service C:\Windows\System32\Drivers\usbicp.sys (UsbIsp/Motorola) [MANUAL] uisp
Service C:\Windows\system32\DRIVERS\VClone.sys (VirtualCloneCD Driver/Elaborate Bytes AG) [MANUAL] VClone
Service C:\Windows\system32\DRIVERS\vgapnp.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [MANUAL] vga
Service C:\Windows\system32\DRIVERS\vhidmini.sys (Virtual Hid Device/Windows ® Codename Longhorn DDK provider) [MANUAL] vhidmini
Service Windows Workflow Foundation 3.0.0.0
Service Windows Workflow Foundation 4.0.0.0
Service C:\??\C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys [MANUAL] WinRing0_1_2_0
Service C:\Windows\system32\drivers\WmBEnum.sys (Logitech WingMan Virtual Bus Enumerator Driver/Logitech Inc.) [MANUAL] WmBEnum
Service C:\Windows\system32\drivers\WmFilter.sys (Logitech WingMan Hid Filter Driver/Logitech Inc.) [MANUAL] WmFilter
Service C:\Windows\system32\drivers\WmVirHid.sys (Logitech WingMan Virtual Hid Device Driver/Logitech Inc.) [MANUAL] WmVirHid
Service C:\Windows\system32\drivers\WmXlCore.sys (Logitech WingMan Translation Driver/Logitech Inc.) [MANUAL] WmXlCore
Service WSearchIdxPi
Service C:\Windows\system32\drivers\ymidusbw.sys (USB-MIDI Driver/Yamaha Corporation) [MANUAL] YMIDUSBW

---- EOF - GMER 1.0.15 ----



I am not having the problems with prompts to create SOL files or random browser opening, I am still having problems with exceedingly long shut down times---10 mins plus.
  • 0

#18
Jintan
Posted 28 December 2012 - 04:33 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Nothing of note in either Gmer log. Slow shutdowns usually means problem startups.

Go here and download and install the free trial version of Revo's Uninstaller, and see if that shows F-Secure PSC Prerequisites to complete the removal there.

Leave the default setting of "Moderate" for each uninstall, and it is okay to use "Select All" to Delete what Revo finds.

--------

Go here and follow the steps to disable Windows Defender. Fairly useless, and can cause problems.

--------

Go to Start Search, type msconfig in the Start Search box. Msconfig will appear at the top of the Menu. Rightclick on it and choose "Run as administrator".

When the msconfig display opens, click the Startup tab, Then click the Enable All button (you can change things back after we are done with this step).

Uncheck 1/2 of the startups listed there. Then click Apply and OK and allow the reboot.

Fully reboot, then do a Shutdown, and see if the slowness was eliminated. If so, you have reduced the field of culprits to one-half.

If you still have the problem, open msconfig again, but this time recheck the startups you had unchecked, then uncheck the other 1/2. And again Apply/OK and reboot.

This is a process of elimination. If the problem source is a startup, you will have narrowed it down to being in 1/2 of the msconfig list. Make sure the 1/2 that did not cause problems remain checked, then cut the other group in half again. Then again uncheck one half of that, Apply/OK and reboot. See which new 1/2 holds the problem startup.

Repeat those steps until you identify the problem startup.
  • 0

#19
Synthergy
Posted 28 December 2012 - 07:35 PM

Synthergy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
F-Secure PSC Requisites did not populate on that list either

I already turned Windows Defender off like you asked before...I followed your instruction to do so again and it says it is disabled.

Running msconfig as admin, I unchecked half, but oddly enough, even though I unchecked Kaspersky, it was there on startup. I ran the msconfig again as administrator and it showed Kaspersky as being checked...I repeated the procedue---no change...
  • 0

#20
Jintan
Posted 28 December 2012 - 07:44 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Kaspersky has some self-protection module. Why not ignore it for now, but try splitting in half the rest etc.
  • 0

#21
Jintan
Posted 28 December 2012 - 07:46 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
No, I reread your post and see maybe I misunderstood. So unchecking either halve made no change on shut downs?
  • 0

#22
Synthergy
Posted 29 December 2012 - 02:00 PM

Synthergy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I unchecked one half, then the other--no change... Then I unchecked all, still no change...
  • 0

#23
Jintan
Posted 29 December 2012 - 03:18 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
I am not familiar with Kaspersky, as far as what key/registration info to save to reinstall it, but I suggest you consider uninstalling it, reboot, and check for improvements. May be time to switch to a different antivirus program, but only uninstalling it will tell. And if malware has damaged it, uninstalling/reinstalling is the only way to correct for that.
  • 0

#24
Synthergy
Posted 30 December 2012 - 11:26 AM

Synthergy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Ok...Complete uninstall/complete re-install.... no change. However, when I attempted to open Windows Mail, Kaspersky Anti-Spam options window opened up---each time I tried to set the options for Spam and Probable Spam to "Move to Folder", Windows Mail crashed. I left them on "Ignore", Windows Mail crashed once more, but upon reopening, I encountered no problems.

On a different note, I have disabled nVidia control panel in the startup menu using msconfig--but it opens on each reboot. In addition, if I close it in the taskbar, after several minutes, it reopens, without any attempt to personalize or modify any video/graphics settings.
  • 0

#25
Jintan
Posted 30 December 2012 - 04:48 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
You uninstalled your antivirus program and there was no positive change at all? Unusual, as the antivirus program has to slow things down, by the nature of what it does.

Run and post a new regular Gmer scan please.
  • 0

Advertisements

#26
Synthergy
Posted 31 December 2012 - 06:08 AM

Synthergy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Here is the new Gmer log....

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-12-31 06:05:59
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000059 ST350063 rev.3.AA
Running: nyw5wdfr.exe; Driver: C:\Users\Dad\AppData\Local\Temp\uwldapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x9163128A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x9164B342]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x9164B678]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x9164B9EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x91631D04]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x9164B02A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x91632276]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x91632164]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x9164B4E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x91631046]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x9163238E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x916318BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x9164B5B0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x9163274E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x91631D46]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x91633750]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x91632840]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x91632DAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwNotifyChangeKey [0x91649840]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x91632308]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x916321F0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x916314C4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x91632B90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x91632420]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x916313B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x9163255C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryObject [0x91649A38]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x916330D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x916329E0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x9164B7DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x9164B72A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x9164B848]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x916335F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x9164B1B2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x91631BA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x916325FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x91633222]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x91633316]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x91633450]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x91632670]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x91631664]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x916315BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x91632F8A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x91631750]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x91631A2A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x916324A6]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 119 836DF7DC 4 Bytes [8A, 12, 63, 91]
.text ntkrnlpa.exe!KeSetEvent + 13D 836DF800 8 Bytes [42, B3, 64, 91, 78, B6, 64, ...]
.text ntkrnlpa.exe!KeSetEvent + 181 836DF844 4 Bytes [EE, B9, 64, 91]
.text ntkrnlpa.exe!KeSetEvent + 1A9 836DF86C 4 Bytes [04, 1D, 63, 91]
.text ntkrnlpa.exe!KeSetEvent + 1C1 836DF884 4 Bytes [2A, B0, 64, 91]
.text ...

---- EOF - GMER 1.0.15 ----
  • 0

#27
Jintan
Posted 31 December 2012 - 04:35 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Kaspersky still loading there. Likely corrupted. Go here and download kavremover.exe and run that, being sure to follow all prompts. Reboot after, and run a new OTL and Gmer scan, and post those logs please.

Also post back if you see improvements then.
  • 0

#28
Synthergy
Posted 01 January 2013 - 09:32 AM

Synthergy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
OTL---

OTL logfile created on: 1/1/2013 7:36:54 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dad\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 64.38% Memory free
5.71 Gb Paging File | 4.76 Gb Available in Paging File | 83.32% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 425.71 Gb Total Space | 308.86 Gb Free Space | 72.55% Space Free | Partition Type: NTFS

Computer Name: DAD-PC | User Name: Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/20 04:00:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Downloads\OTL.exe
PRC - [2012/12/03 09:39:40 | 001,259,880 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/11/30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/11/30 22:38:02 | 001,821,032 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/11/30 22:38:02 | 000,865,128 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/07/19 12:37:16 | 000,978,840 | ---- | M] (Razer USA Ltd) -- C:\Program Files\Razer\Nostromo\RazerNostromoSysTray.exe
PRC - [2011/06/01 10:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2010/11/09 14:08:58 | 000,146,000 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2010/10/28 17:32:48 | 001,352,272 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2010/04/09 02:42:28 | 000,163,944 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/07 20:46:28 | 000,492,600 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2007/09/07 20:04:16 | 000,905,056 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2007/09/07 20:00:52 | 000,140,568 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2007/09/07 20:00:50 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/09/07 19:59:40 | 002,595,480 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2007/09/07 00:44:40 | 001,328,408 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\fox.dll


========== Services (SafeList) ==========

SRV - [2012/12/21 00:09:38 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/12/20 00:46:49 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/10 20:07:55 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/03 09:39:40 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/11/30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/06/01 10:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2010/10/28 04:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/07 20:46:28 | 000,492,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007/09/07 20:00:50 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\nvflash.sys -- (NVR0FLASHDev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Dad\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/12/03 09:39:40 | 009,373,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/11/13 21:53:00 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2011/07/14 16:18:52 | 000,127,360 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RzSynapse.sys -- (RzSynapse)
DRV - [2011/03/24 13:35:36 | 000,016,896 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rzjoystk.sys -- (rzjoystk)
DRV - [2011/03/24 13:35:36 | 000,005,120 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rzhidmap.sys -- (rzhidmap)
DRV - [2010/08/24 11:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/08/24 11:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/04/27 16:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2010/04/27 16:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2010/04/27 16:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2010/04/27 14:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2010/04/09 01:32:36 | 000,215,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/08/04 12:15:36 | 000,033,736 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ymidusbw.sys -- (YMIDUSBW)
DRV - [2009/04/10 23:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2008/03/16 11:04:01 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/03/16 11:04:00 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2008/03/16 11:03:55 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2008/03/16 11:03:45 | 000,368,736 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2008/01/19 00:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/09/27 13:46:12 | 000,048,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\JmtFltr.sys -- (JmtFltr)
DRV - [2007/09/19 16:01:06 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vhidmini.sys -- (vhidmini)
DRV - [2007/01/15 16:35:18 | 001,032,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2005/12/22 03:23:26 | 000,014,592 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBICP.sys -- (uisp)
DRV - [2005/08/17 06:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2005/08/17 06:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 06:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 06:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2004/01/07 16:04:00 | 000,339,488 | ---- | M] (Cisco-Linksys, LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WUSB20XP.sys -- (PRISM_A02)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ixquick.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.reverbnat.../chrisgallegos"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/09/18 12:06:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/10 20:07:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/10 20:07:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/10 20:07:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/10 20:07:41 | 000,000,000 | ---D | M]

[2011/05/11 21:17:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Extensions
[2012/10/29 14:10:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\itudw2am.default\extensions
[2012/12/10 20:07:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/10 20:07:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/12/10 20:07:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/12/10 20:07:34 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2012/12/10 20:07:35 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak
[2012/12/10 20:07:35 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak2
[2012/12/10 20:07:37 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2012/12/10 20:07:37 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak
[2012/12/10 20:07:38 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak2
[2012/12/10 20:07:55 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/30 10:19:02 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/17 15:38:21 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/12/23 18:01:08 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [Razer Nostromo Driver] C:\Program Files\Razer\Nostromo\RazerNostromoSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} https://browsercheck....com/qbc_ax.cab (Qualys BrowserCheck)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15822B5B-75B6-4058-93C1-C5D00BDBEF11}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/01 07:17:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/12/28 19:09:59 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\VS Revo Group
[2012/12/28 19:09:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2012/12/28 19:09:55 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2012/12/28 19:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/12/24 09:30:52 | 009,373,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2012/12/24 09:11:11 | 009,373,032 | ---- | C] (NVIDIA Corporation) -- C:\nvlddmkm.sys
[2012/12/23 18:03:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/23 18:03:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/23 18:03:10 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\temp
[2012/12/23 17:48:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/12/23 17:48:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/12/23 17:48:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/12/23 17:48:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/23 17:48:24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/12/23 17:45:48 | 005,012,686 | R--- | C] (Swearware) -- C:\Users\Dad\Desktop\ComboFix.exe
[2012/12/21 20:29:48 | 000,000,000 | ---D | C] -- C:\Users\Dad\Desktop\RK_Quarantine
[2012/12/21 05:30:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/12/21 05:30:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/12/21 05:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/12/21 05:05:46 | 001,011,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll
[2012/12/21 05:05:46 | 000,889,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco32.dll
[2012/12/21 05:05:45 | 020,335,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2012/12/21 05:05:44 | 012,603,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2012/12/21 05:05:44 | 006,149,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2012/12/21 05:05:43 | 009,373,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.old
[2012/12/21 05:05:42 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2012/12/21 05:05:42 | 007,819,016 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2012/12/21 05:05:42 | 001,874,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2012/12/21 05:05:41 | 015,122,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2012/12/21 05:05:40 | 002,606,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2012/12/21 05:05:40 | 002,496,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2012/12/21 04:30:36 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/12/21 04:30:36 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/12/21 03:48:33 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012/12/21 01:45:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2012/12/21 00:08:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/12/21 00:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2012/12/20 11:06:18 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2012/12/20 10:46:43 | 003,984,744 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2012/12/20 10:46:43 | 002,869,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2012/12/20 10:46:43 | 000,108,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2012/12/20 10:46:43 | 000,062,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2012/12/20 08:35:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/12/20 08:35:10 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/12/20 08:34:46 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/12/20 08:34:45 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/12/20 08:34:45 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/12/20 08:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/12/20 00:46:49 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/12/20 00:46:49 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/12/15 16:27:11 | 000,000,000 | ---D | C] -- C:\Users\Dad\Desktop\DunDefCinematics
[2012/12/11 17:34:06 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/12/11 17:34:05 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/12/11 17:34:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/12/11 17:34:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/12/11 17:34:05 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/12/11 17:34:04 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/12/11 17:34:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/12/11 17:34:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/12/11 17:30:48 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012/12/11 17:30:36 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012/12/11 17:30:36 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012/12/11 17:30:36 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll
[2012/12/11 17:30:35 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012/12/11 17:30:35 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012/12/11 16:21:29 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/12/11 16:21:23 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012/12/11 16:21:23 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe
[2012/12/11 16:21:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/12/10 20:07:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/01 07:31:14 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/01 07:31:14 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/01 07:31:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/01 07:31:07 | 2951,131,136 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/31 00:54:23 | 266,791,754 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/12/28 19:09:56 | 000,001,049 | ---- | M] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2012/12/28 19:09:56 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2012/12/28 13:14:01 | 000,001,356 | ---- | M] () -- C:\Users\Dad\AppData\Local\d3d9caps.dat
[2012/12/28 04:11:48 | 000,000,534 | ---- | M] () -- C:\Users\Dad\Desktop\nyw5wdfr - Shortcut.lnk
[2012/12/23 18:01:08 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/12/23 17:45:55 | 005,012,686 | R--- | M] (Swearware) -- C:\Users\Dad\Desktop\ComboFix.exe
[2012/12/21 20:45:49 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/21 05:52:32 | 000,571,006 | ---- | M] () -- C:\Users\Dad\Documents\cc_20121221_055208.reg
[2012/12/21 05:30:22 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/12/21 05:00:35 | 000,308,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/12/21 03:48:33 | 000,000,215 | ---- | M] () -- C:\Users\Dad\Desktop\Dungeon Defenders.url
[2012/12/21 00:08:38 | 000,000,746 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/12/20 08:34:18 | 000,093,640 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/12/20 08:34:14 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012/12/20 08:34:14 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/12/20 08:34:14 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/12/20 08:34:14 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/12/20 08:34:14 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/12/20 03:16:39 | 000,332,758 | ---- | M] () -- C:\Users\Dad\AppData\Local\census.cache
[2012/12/20 03:15:16 | 000,200,069 | ---- | M] () -- C:\Users\Dad\AppData\Local\ars.cache
[2012/12/20 02:50:55 | 000,000,036 | ---- | M] () -- C:\Users\Dad\AppData\Local\housecall.guid.cache
[2012/12/20 00:46:49 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/12/20 00:46:49 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/12/19 14:01:46 | 000,643,060 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/19 14:01:46 | 000,119,910 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/16 07:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/12/16 04:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/12/03 09:39:40 | 020,335,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2012/12/03 09:39:40 | 017,559,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2012/12/03 09:39:40 | 015,122,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2012/12/03 09:39:40 | 012,603,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2012/12/03 09:39:40 | 009,373,032 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2012/12/03 09:39:40 | 009,373,032 | ---- | M] (NVIDIA Corporation) -- C:\nvlddmkm.sys
[2012/12/03 09:39:40 | 009,373,032 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.old
[2012/12/03 09:39:40 | 007,819,016 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2012/12/03 09:39:40 | 006,149,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2012/12/03 09:39:40 | 005,792,250 | ---- | M] () -- C:\Windows\System32\nvlddmkm.sy_
[2012/12/03 09:39:40 | 005,792,250 | ---- | M] () -- C:\nvlddmkm.sy_
[2012/12/03 09:39:40 | 002,606,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2012/12/03 09:39:40 | 002,496,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2012/12/03 09:39:40 | 001,874,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2012/12/03 09:39:40 | 001,011,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll
[2012/12/03 09:39:40 | 000,889,192 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco32.dll
[2012/12/03 09:39:40 | 000,011,545 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/28 19:09:56 | 000,001,049 | ---- | C] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2012/12/28 19:09:56 | 000,001,025 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2012/12/28 04:11:48 | 000,000,534 | ---- | C] () -- C:\Users\Dad\Desktop\nyw5wdfr - Shortcut.lnk
[2012/12/24 09:11:11 | 005,792,250 | ---- | C] () -- C:\nvlddmkm.sy_
[2012/12/24 08:26:27 | 266,791,754 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/12/23 17:48:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/12/23 17:48:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/12/23 17:48:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/12/23 17:48:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/12/23 17:48:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/12/21 05:52:16 | 000,571,006 | ---- | C] () -- C:\Users\Dad\Documents\cc_20121221_055208.reg
[2012/12/21 05:30:22 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/12/21 05:05:40 | 000,011,545 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2012/12/21 03:48:33 | 000,000,215 | ---- | C] () -- C:\Users\Dad\Desktop\Dungeon Defenders.url
[2012/12/21 00:08:38 | 000,000,746 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/12/20 10:53:03 | 2951,131,136 | -HS- | C] () -- C:\hiberfil.sys
[2012/12/20 03:16:39 | 000,332,758 | ---- | C] () -- C:\Users\Dad\AppData\Local\census.cache
[2012/12/20 03:15:16 | 000,200,069 | ---- | C] () -- C:\Users\Dad\AppData\Local\ars.cache
[2012/12/20 02:50:55 | 000,000,036 | ---- | C] () -- C:\Users\Dad\AppData\Local\housecall.guid.cache
[2012/12/20 00:46:51 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/11 17:31:07 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/12/11 17:31:07 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/16 14:40:27 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/03/03 11:11:43 | 000,017,408 | ---- | C] () -- C:\Users\Dad\AppData\Local\WebpageIcons.db
[2011/05/05 23:23:19 | 000,000,084 | ---- | C] () -- C:\Windows\wininit.ini
[2011/02/15 21:05:19 | 000,000,552 | ---- | C] () -- C:\Users\Dad\AppData\Local\d3d8caps.dat
[2010/12/16 01:54:53 | 000,000,615 | ---- | C] () -- C:\Users\Dad\myotherdrive.properties
[2010/08/12 00:40:43 | 000,000,383 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\hexplorer.dat
[2010/08/12 00:40:43 | 000,000,013 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\mclip.dat
[2010/08/08 20:13:12 | 000,018,432 | ---- | C] () -- C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/15 19:17:16 | 000,001,356 | ---- | C] () -- C:\Users\Dad\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 06:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >




Gmer---

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2013-01-01 08:25:24
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000056 ST350063 rev.3.AA
Running: nyw5wdfr.exe; Driver: C:\Users\Dad\AppData\Local\Temp\uwldapow.sys


---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[4044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [749B7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [749FB4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [749BBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [749AF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [749B75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [749AE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [749E73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [749BDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [749AFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [749AFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749A71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74A3CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [749DC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [749AD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [749A6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [749A687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4044] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [749B2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


No improvements... matter of fact, system shutdown took even longer....
  • 0

#29
Jintan
Posted 01 January 2013 - 12:57 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
At least removing Kaspersky gives me a clearer shot at what all is involved now. I have seen those Gmer "explorer/gdi" results in past logs. Some type of graphics being run, but not sure what is the source.


Follow the steps here to download and run Malwarebytes Anti-Rootkit scan.
  • 0

#30
Synthergy
Posted 01 January 2013 - 06:50 PM

Synthergy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
After running mbar-----Scan Completed. No clean up necessary.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP