Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Got Keylogger/sniffer and possible Rootkit [Solved]

Started by OneDesperateGuy , Aug 06 2014 07:21 PM
Keylogger Rootkit

  • This topic is locked This topic is locked

#1
OneDesperateGuy
Posted 06 August 2014 - 07:21 PM

OneDesperateGuy

    New Member

  • Member
  • Pip
  • 8 posts
Hello there Dear Geekstogo.com!
 
Yesterday I noticed that my router's password has been changed and I was unable to log in to it, and after a while I also noticed that the passwords of 2 of my hotmail accounts has been changed. I immediately freaked out and reset my router to set a new password(which I did) and then tried to do password retrieval on my hotmail accounts but the password got changed quickly again. 
I was using Avast antivirus free at the time and no malware was found.
 
I decided to unplug my router from the wall and turned of my computer to do a reformat the day after and also obtaining a new IP address from my ISP afterwards because I noticed that my password kept being changed.
 
** The day after ** 
 
I reformatted all my disk using a fresh live USB(which I made at my neighbor) with windows 7 ultimate SP 1 (the same OS I used before the reformat).
Everything went fine and I reset my router to set a password for admin and then downloaded Zone Alarms Firewall and Avg antivirus. 
After a full scan in AVG no infections was found and I double checked that I could get into my emails which I could, this made me think sweet IM safe now. I quickly began to download the programs I wanted but then I had to authorize my steam log on(they send a code to your registered mail) and I couldn't get into it. 
 
That's when I started to suspect a rootkit so I downloaded Comodo cleaning essentials and tried to do both a quick scan and a full scan but the program closed itself after 2-3 seconds.
I then tried to use rkill64 to terminate any malwares blocking comodo but rkill got stuck on  "Checking for processes to terminate:", I waited about minutes to no avail. 
Roguekiller reported a few registry keys that was suspicious so I deleted those[LOG FILE ATTACHED] but after a reboot they where restored.
Emsisoft anti-malware reported that I hade no infections.
Im attaching an aswMBR log too.
 
Im desperate and I need help so would be thrilled if I could get rid of this nasty stuff out of my computer.
~ Regards David
 
[Edit 1]
Oh i must say that on my skype i saw a few names on my friends list that i didn't know and that i haven't added so i quickly removed them all
[/EDIT 1]
 

 

OTL logfile created on: 2014-08-07 02:41:16 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\QuiP\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd
 
15,95 Gb Total Physical Memory | 12,50 Gb Available Physical Memory | 78,41% Memory free
31,89 Gb Paging File | 28,13 Gb Available in Paging File | 88,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 63,05 Gb Free Space | 56,45% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 465,30 Gb Free Space | 99,90% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 596,05 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Drive F: | 596,17 Gb Total Space | 596,05 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
 
Computer Name: ENSATANSBURK | User Name: QuiP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014-08-07 02:40:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\QuiP\Downloads\OTL.exe
PRC - [2014-07-25 16:02:45 | 002,403,104 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014-07-25 16:02:40 | 001,720,608 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014-07-23 02:18:36 | 003,596,240 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2014-07-23 02:12:50 | 000,134,624 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2014-07-15 11:24:50 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014-07-10 15:34:10 | 003,244,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2014-07-10 15:33:16 | 005,187,088 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2014-07-10 15:23:36 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2014-07-10 15:21:06 | 000,366,096 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgscanx.exe
PRC - [2014-07-09 15:32:02 | 004,841,824 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
PRC - [2014-07-09 15:32:02 | 004,741,384 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2014-07-03 17:37:32 | 000,093,712 | ---- | M] (Check Point Software Technologies, Ltd.) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
PRC - [2014-07-02 19:44:41 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013-09-11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014-07-15 11:24:48 | 000,353,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppgooglenaclpluginchrome.dll
MOD - [2014-07-15 11:24:44 | 008,537,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
MOD - [2014-07-15 11:24:38 | 000,718,664 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
MOD - [2014-07-15 11:24:36 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
MOD - [2014-07-15 11:24:35 | 001,732,936 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014-07-25 16:02:38 | 018,956,064 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014-07-25 16:02:40 | 001,720,608 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014-07-23 02:18:36 | 003,596,240 | ---- | M] (Check Point Software Technologies Ltd.) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2014-07-16 04:28:18 | 000,542,912 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014-07-10 15:34:10 | 003,244,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014-07-10 15:23:36 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2014-07-09 15:32:02 | 004,741,384 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2014-07-03 17:37:32 | 000,093,712 | ---- | M] (Check Point Software Technologies, Ltd.) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService)
SRV - [2014-07-02 19:44:41 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014-04-03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-09-11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014-07-25 16:02:38 | 000,020,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2014-07-23 00:51:52 | 000,450,456 | ---- | M] (Check Point Software Technologies Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2014-07-02 23:29:29 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2014-06-30 12:43:02 | 000,152,344 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014-06-17 16:21:34 | 000,235,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014-06-17 16:07:12 | 000,328,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014-06-17 16:06:58 | 000,269,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2014-06-17 16:06:24 | 000,190,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014-06-17 16:06:22 | 000,242,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014-06-17 16:06:20 | 000,123,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014-06-17 16:06:06 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2014-03-31 18:42:44 | 000,040,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013-04-10 05:09:24 | 000,849,992 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013-01-11 19:02:34 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010-11-21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010-11-21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010-11-21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010-11-21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010-11-21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010-11-21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009-11-18 01:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014-08-07 01:58:51 | 000,029,160 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysWOW64\drivers\TrueSight.sys -- (TrueSight)
DRV - [2014-05-12 18:43:58 | 000,071,472 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
DRV - [2014-05-12 18:43:56 | 000,023,088 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys -- (a2util)
DRV - [2013-12-04 19:23:36 | 000,057,024 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys -- (cleanhlp)
DRV - [2013-09-30 18:23:02 | 000,045,208 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys -- (a2injectiondriver)
DRV - [2013-03-28 19:03:02 | 000,026,176 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 11 59 9D BF B4 B1 CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass: C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF - HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass: C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - plugin: Error reading preferences file
CHR - Extension: Google Wallet = C:\Users\QuiP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [LastApp] C:\Program Files (x86)\LastPass\lastapp_x64.exe (LastPass)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files (x86)\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [LastApp] C:\Program Files (x86)\LastPass\lastapp_x64.exe (LastPass)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies Ltd.)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_022FD2F439200E4B69863D41ACAB233E] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.54.122.204 81.26.226.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7B6AEC1-605C-4985-BB4E-F016735E9EF1}: DhcpNameServer = 195.54.122.204 81.26.226.3
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{098df64b-1da7-11e4-a74f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{098df64b-1da7-11e4-a74f-806e6f6e6963}\Shell\AutoRun\command - "" = G:\DVDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014-08-07 07:35:06 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2014-08-07 02:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Emsisoft
[2014-08-07 02:24:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2014-08-07 02:24:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2014-08-07 02:24:13 | 000,000,000 | ---D | C] -- C:\Users\QuiP\AppData\Local\Programs
[2014-08-07 02:18:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2014-08-07 02:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014-08-07 02:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014-08-07 02:14:53 | 000,000,000 | ---D | C] -- C:\Users\QuiP\AppData\Local\CrashDumps
[2014-08-07 02:09:38 | 000,000,000 | ---D | C] -- C:\Users\QuiP\Desktop\Logs
[2014-08-07 01:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014-08-07 01:38:36 | 001,062,136 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\QuiP\Desktop\rkill64-29699.exe
[2014-08-07 01:28:36 | 001,062,136 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\QuiP\Desktop\rkill64.exe
[2014-08-07 01:28:23 | 001,942,776 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\QuiP\Desktop\rkill.exe
[2014-08-07 01:23:57 | 004,181,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\QuiP\Desktop\tdsskiller.exe
[2014-08-07 01:22:59 | 000,000,000 | ---D | C] -- C:\Users\QuiP\Desktop\CCE
[2014-08-07 00:59:10 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014-08-07 00:53:40 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2014-08-07 00:10:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014-08-06 23:33:20 | 000,000,000 | ---D | C] -- C:\Users\QuiP\AppData\Roaming\Skype
[2014-08-06 23:33:20 | 000,000,000 | ---D | C] -- C:\Users\QuiP\AppData\Local\Skype
[2014-08-06 23:33:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014-08-06 23:33:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014-08-06 23:33:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2014-08-06 23:31:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2014-08-06 23:31:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2014-08-06 23:10:15 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2014-08-06 23:10:15 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2014-08-06 23:08:57 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2014-08-06 23:08:57 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014-08-06 23:08:57 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014-08-06 22:51:42 | 000,000,000 | ---D | C] -- C:\Users\QuiP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
[2014-08-06 22:51:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
[2014-08-06 22:51:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LastPass
[2014-08-06 22:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire
[2014-08-06 22:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FinalWire
[2014-08-06 22:37:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2014-08-06 22:36:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2014-08-06 22:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2014-08-06 22:34:57 | 000,000,000 | ---D | C] -- C:\Users\QuiP\AppData\Roaming\AVG2014
[2014-08-06 22:34:48 | 000,000,000 | ---D | C] -- C:\Users\QuiP\AppData\Roaming\TuneUp Software
[2014-08-06 22:34:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014-08-06 22:34:46 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014-08-06 22:34:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014-08-06 22:34:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2014-08-06 22:33:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014-08-06 22:33:40 | 000,000,000 | ---D | C] -- C:\Users\QuiP\AppData\Local\MFAData
[2014-08-06 22:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014-08-06 22:33:40 | 000,000,000 | ---D | C] -- C:\Users\QuiP\AppData\Local\Avg2014
[2014-08-06 22:31:00 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2014-08-06 22:31:00 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2014-08-06 22:31:00 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2014-08-06 22:31:00 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2014-08-06 22:31:00 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2014-08-06 22:31:00 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2014-08-06 22:30:55 | 000,000,000 | ---D | C] -- C:\Users\QuiP\AppData\Local\NVIDIA Corporation
[2014-08-06 22:30:55 | 000,000,000 | ---D | C] -- C:\Users\QuiP\AppData\Local\NVIDIA
[2014-08-06 22:30:54 | 001,715,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspbridge64.dll
[2014-08-06 22:30:54 | 001,291,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspbridge.dll
[2014-08-06 22:30:54 | 001,283,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2014-08-06 22:30:54 | 001,126,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2014-08-06 22:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2014-08-06 22:30:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2014-08-06 22:30:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2014-08-06 22:30:33 | 000,609,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2014-08-06 22:30:30 | 006,783,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2014-08-06 22:30:30 | 003,522,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2014-08-06 22:30:30 | 000,386,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2014-08-06 22:30:30 | 000,062,808 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2014-08-06 22:30:27 | 000,075,040 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2014-08-06 22:30:27 | 000,061,912 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2014-08-06 22:30:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2014-08-06 22:30:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2014-08-06 22:30:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014-08-06 22:30:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014-08-06 22:29:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2014-08-06 22:29:02 | 000,000,000 | ---D | C] -- C:\Users\QuiP\AppData\Local\Google
[2014-08-06 22:29:00 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2014-08-06 22:28:52 | 000,000,000 | ---D | C] -- C:\Users\QuiP\AppData\Local\Deployment
[2014-08-06 22:28:52 | 000,000,000 | ---D | C] -- C:\Users\QuiP\AppData\Local\Apps
[2014-08-06 22:28:44 | 031,512,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2014-08-06 22:28:44 | 024,196,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2014-08-06 22:28:44 | 022,994,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2014-08-06 22:28:44 | 018,626,304 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2014-08-06 22:28:44 | 017,555,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2014-08-06 22:28:44 | 016,122,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2014-08-06 22:28:44 | 015,294,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2014-08-06 22:28:44 | 014,498,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2014-08-06 22:28:44 | 013,922,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2014-08-06 22:28:44 | 013,835,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2014-08-06 22:28:44 | 011,283,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2014-08-06 22:28:44 | 011,222,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2014-08-06 22:28:44 | 004,247,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2014-08-06 22:28:44 | 003,989,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2014-08-06 22:28:44 | 003,196,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2014-08-06 22:28:44 | 002,814,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2014-08-06 22:28:44 | 001,890,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6434052.dll
[2014-08-06 22:28:44 | 001,539,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6434052.dll
[2014-08-06 22:28:44 | 001,515,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2014-08-06 22:28:44 | 000,965,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2014-08-06 22:28:44 | 000,944,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2014-08-06 22:28:44 | 000,907,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2014-08-06 22:28:44 | 000,903,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2014-08-06 22:28:44 | 000,869,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2014-08-06 22:28:44 | 000,846,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2014-08-06 22:28:44 | 000,502,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2014-08-06 22:28:44 | 000,418,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2014-08-06 22:28:44 | 000,391,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFROpenGL.dll
[2014-08-06 22:28:44 | 000,354,016 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2014-08-06 22:28:44 | 000,348,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFROpenGL.dll
[2014-08-06 22:28:44 | 000,305,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2014-08-06 22:28:44 | 000,197,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2014-08-06 22:28:44 | 000,166,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2014-08-06 22:28:44 | 000,146,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2014-08-06 22:28:44 | 000,040,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[2014-08-06 22:28:44 | 000,037,320 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvaudcap64v.dll
[2014-08-06 22:28:44 | 000,034,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2014-08-06 22:28:44 | 000,031,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2014-08-06 22:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2014-08-06 22:28:18 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2014-08-06 22:28:18 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2014-08-06 22:28:18 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2014-08-06 22:28:17 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2014-08-06 22:28:17 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2014-08-06 22:28:17 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2014-08-06 22:28:16 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2014-08-06 22:28:16 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2014-08-06 22:28:04 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2014-08-06 22:26:18 | 000,000,000 | ---D | C] -- C:\Users\QuiP\AppData\Local\Diagnostics
[2014-08-06 22:24:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2014-08-06 22:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2014-08-06 22:24:47 | 000,032,344 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\drivers\MBfilt64.sys
[2014-08-06 22:24:46 | 002,103,040 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2014-08-06 22:24:46 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2014-08-06 22:24:46 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2014-08-06 22:24:46 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2014-08-06 22:24:46 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2014-08-06 22:24:45 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2014-08-06 22:24:44 | 003,760,856 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2014-08-06 22:24:44 | 001,004,248 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2014-08-06 22:24:44 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2014-08-06 22:24:44 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll
[2014-08-06 22:24:43 | 002,795,224 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2014-08-06 22:24:43 | 001,662,024 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2014-08-06 22:24:43 | 001,284,680 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2014-08-06 22:24:43 | 000,613,448 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtDataProc64.dll
[2014-08-06 22:24:42 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2014-08-06 22:24:42 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2014-08-06 22:24:42 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2014-08-06 22:24:42 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2014-08-06 22:24:42 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2014-08-06 22:24:42 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2014-08-06 22:24:41 | 000,147,160 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2014-08-06 22:24:32 | 002,032,896 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll
[2014-08-06 22:24:32 | 000,920,320 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2014-08-06 22:24:31 | 001,139,992 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBAPO264.dll
[2014-08-06 22:24:31 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2014-08-06 22:24:31 | 000,083,072 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBWrp64.dll
[2014-08-06 22:24:30 | 000,947,480 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBAPO232.dll
[2014-08-06 22:24:28 | 002,736,160 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2014-08-06 22:24:26 | 000,208,072 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2014-08-06 22:24:26 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2014-08-06 22:24:26 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2014-08-06 22:24:24 | 002,080,472 | R--- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2014-08-06 22:24:24 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2014-08-06 22:24:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2014-08-06 22:23:51 | 000,849,992 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2014-08-06 22:23:51 | 000,108,104 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2014-08-06 22:23:51 | 000,073,800 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll
[2014-08-06 22:23:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2014-08-06 22:23:46 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2014-08-06 22:21:44 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2014-08-06 22:21:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2014-08-06 22:21:38 | 000,000,000 | ---D | C] -- C:\Intel
[2014-08-06 22:21:27 | 000,000,000 | ---D | C] -- C:\MSI
[2014-08-06 21:38:29 | 000,000,000 | R--D | C] -- C:\Users\QuiP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014-08-06 21:38:29 | 000,000,000 | R--D | C] -- C:\Users\QuiP\Searches
[2014-08-06 21:38:29 | 000,000,000 | R--D | C] -- C:\Users\QuiP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014-08-06 21:38:29 | 000,000,000 | -H-D | C] -- C:\Users\QuiP\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014-08-06 21:38:24 | 000,000,000 | ---D | C] -- C:\Users\QuiP\AppData\Roaming\Identities
[2014-08-06 21:38:23 | 000,000,000 | R--D | C] -- C:\Users\QuiP\Contacts
[2014-08-06 21:38:22 | 000,000,000 | ---D | C] -- C:\Users\QuiP\AppData\Local\VirtualStore
[2014-08-06 21:38:21 | 000,000,000 | --SD | C] -- C:\Users\QuiP\AppData\Roaming\Microsoft
[2014-08-06 21:38:21 | 000,000,000 | R--D | C] -- C:\Users\QuiP\Videos
[2014-08-06 21:38:21 | 000,000,000 | R--D | C] -- C:\Users\QuiP\Saved Games
[2014-08-06 21:38:21 | 000,000,000 | R--D | C] -- C:\Users\QuiP\Pictures
[2014-08-06 21:38:21 | 000,000,000 | R--D | C] -- C:\Users\QuiP\Music
[2014-08-06 21:38:21 | 000,000,000 | R--D | C] -- C:\Users\QuiP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014-08-06 21:38:21 | 000,000,000 | R--D | C] -- C:\Users\QuiP\Links
[2014-08-06 21:38:21 | 000,000,000 | R--D | C] -- C:\Users\QuiP\Favorites
[2014-08-06 21:38:21 | 000,000,000 | R--D | C] -- C:\Users\QuiP\Downloads
[2014-08-06 21:38:21 | 000,000,000 | R--D | C] -- C:\Users\QuiP\Documents
[2014-08-06 21:38:21 | 000,000,000 | R--D | C] -- C:\Users\QuiP\Desktop
[2014-08-06 21:38:21 | 000,000,000 | R--D | C] -- C:\Users\QuiP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014-08-06 21:38:21 | 000,000,000 | -HSD | C] -- C:\Users\QuiP\AppData\Local\Temporary Internet Files
[2014-08-06 21:38:21 | 000,000,000 | -HSD | C] -- C:\Users\QuiP\Templates
[2014-08-06 21:38:21 | 000,000,000 | -HSD | C] -- C:\Users\QuiP\Start Menu
[2014-08-06 21:38:21 | 000,000,000 | -HSD | C] -- C:\Users\QuiP\SendTo
[2014-08-06 21:38:21 | 000,000,000 | -HSD | C] -- C:\Users\QuiP\Recent
[2014-08-06 21:38:21 | 000,000,000 | -HSD | C] -- C:\Users\QuiP\PrintHood
[2014-08-06 21:38:21 | 000,000,000 | -HSD | C] -- C:\Users\QuiP\NetHood
[2014-08-06 21:38:21 | 000,000,000 | -HSD | C] -- C:\Users\QuiP\Documents\My Videos
[2014-08-06 21:38:21 | 000,000,000 | -HSD | C] -- C:\Users\QuiP\Documents\My Pictures
[2014-08-06 21:38:21 | 000,000,000 | -HSD | C] -- C:\Users\QuiP\Documents\My Music
[2014-08-06 21:38:21 | 000,000,000 | -HSD | C] -- C:\Users\QuiP\My Documents
[2014-08-06 21:38:21 | 000,000,000 | -HSD | C] -- C:\Users\QuiP\Local Settings
[2014-08-06 21:38:21 | 000,000,000 | -HSD | C] -- C:\Users\QuiP\AppData\Local\History
[2014-08-06 21:38:21 | 000,000,000 | -HSD | C] -- C:\Users\QuiP\Cookies
[2014-08-06 21:38:21 | 000,000,000 | -HSD | C] -- C:\Users\QuiP\Application Data
[2014-08-06 21:38:21 | 000,000,000 | -HSD | C] -- C:\Users\QuiP\AppData\Local\Application Data
[2014-08-06 21:38:21 | 000,000,000 | -H-D | C] -- C:\Users\QuiP\AppData
[2014-08-06 21:38:21 | 000,000,000 | ---D | C] -- C:\Users\QuiP\AppData\Local\Temp
[2014-08-06 21:38:21 | 000,000,000 | ---D | C] -- C:\Users\QuiP\AppData\Local\Microsoft
[2014-08-06 21:38:21 | 000,000,000 | ---D | C] -- C:\Users\QuiP\AppData\Roaming\Media Center Programs
[2014-08-06 21:38:20 | 000,000,000 | -HSD | C] -- C:\Recovery
[2014-08-06 21:38:18 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014-08-06 21:35:31 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2014-08-06 21:35:25 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2014-07-23 00:51:52 | 000,450,456 | ---- | C] (Check Point Software Technologies Ltd.) -- C:\Windows\SysNative\drivers\vsdatant.sys
 
========== Files - Modified Within 30 Days ==========
 
[2014-08-07 02:35:00 | 000,000,990 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-08-07 02:24:33 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2014-08-07 02:18:47 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014-08-07 02:11:28 | 000,000,986 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-08-07 02:11:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-08-07 02:11:19 | 4250,959,870 | -HS- | M] () -- C:\hiberfil.sys
[2014-08-07 02:10:53 | 000,016,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-08-07 02:10:53 | 000,016,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-08-07 01:58:51 | 000,029,160 | ---- | M] () -- C:\Windows\SysWow64\drivers\TrueSight.sys
[2014-08-07 01:40:48 | 004,806,744 | ---- | M] () -- C:\Users\QuiP\Desktop\RogueKiller.exe
[2014-08-07 01:38:36 | 001,062,136 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\QuiP\Desktop\rkill64-29699.exe
[2014-08-07 01:28:36 | 001,062,136 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\QuiP\Desktop\rkill64.exe
[2014-08-07 01:28:28 | 001,942,776 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\QuiP\Desktop\rkill.exe
[2014-08-07 01:24:05 | 004,181,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\QuiP\Desktop\tdsskiller.exe
[2014-08-07 01:22:56 | 025,543,261 | ---- | M] () -- C:\Users\QuiP\Desktop\cce_2.5.242177.201_x64.zip
[2014-08-07 00:59:44 | 000,787,420 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014-08-07 00:59:44 | 000,654,086 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014-08-07 00:59:44 | 000,121,958 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014-08-07 00:59:34 | 000,765,992 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014-08-06 23:33:18 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014-08-06 23:31:32 | 000,000,680 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2014-08-06 22:51:42 | 000,001,192 | ---- | M] () -- C:\Users\Public\Desktop\My LastPass Vault.lnk
[2014-08-06 22:40:26 | 000,431,395 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2014-08-06 22:37:36 | 000,001,179 | ---- | M] () -- C:\Users\QuiP\Desktop\AIDA64 Extreme.lnk
[2014-08-06 22:37:05 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2014-08-06 22:34:48 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014-08-06 22:31:47 | 000,002,279 | ---- | M] () -- C:\Users\QuiP\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014-08-06 22:30:31 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014-08-06 22:26:46 | 000,001,441 | ---- | M] () -- C:\Users\QuiP\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014-08-06 21:37:34 | 000,266,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014-08-06 21:37:10 | 000,116,385 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2014-08-06 21:37:10 | 000,116,385 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2014-08-06 21:35:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2014-07-25 16:01:55 | 001,291,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspbridge.dll
[2014-07-25 16:01:55 | 001,126,480 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2014-07-25 16:01:32 | 001,715,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspbridge64.dll
[2014-07-25 16:01:32 | 001,283,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2014-07-23 00:51:52 | 000,450,456 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Windows\SysNative\drivers\vsdatant.sys
 
========== Files Created - No Company Name ==========
 
[2014-08-07 02:24:33 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2014-08-07 02:18:47 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014-08-07 01:51:39 | 000,029,160 | ---- | C] () -- C:\Windows\SysWow64\drivers\TrueSight.sys
[2014-08-07 01:40:47 | 004,806,744 | ---- | C] () -- C:\Users\QuiP\Desktop\RogueKiller.exe
[2014-08-07 01:22:52 | 025,543,261 | ---- | C] () -- C:\Users\QuiP\Desktop\cce_2.5.242177.201_x64.zip
[2014-08-06 23:33:18 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014-08-06 23:31:32 | 000,000,680 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2014-08-06 22:51:42 | 000,001,192 | ---- | C] () -- C:\Users\Public\Desktop\My LastPass Vault.lnk
[2014-08-06 22:37:36 | 000,001,179 | ---- | C] () -- C:\Users\QuiP\Desktop\AIDA64 Extreme.lnk
[2014-08-06 22:37:09 | 000,431,395 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2014-08-06 22:37:05 | 000,000,762 | ---- | C] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2014-08-06 22:34:48 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014-08-06 22:30:30 | 003,826,628 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2014-08-06 22:30:20 | 000,002,279 | ---- | C] () -- C:\Users\QuiP\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014-08-06 22:30:20 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014-08-06 22:30:09 | 000,000,990 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-08-06 22:30:09 | 000,000,986 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-08-06 22:29:58 | 000,765,992 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014-08-06 22:28:44 | 000,026,353 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2014-08-06 22:26:46 | 000,001,441 | ---- | C] () -- C:\Users\QuiP\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014-08-06 22:24:42 | 000,615,249 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2014-08-06 21:38:31 | 000,001,413 | ---- | C] () -- C:\Users\QuiP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2014-08-06 21:38:30 | 000,001,447 | ---- | C] () -- C:\Users\QuiP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014-08-06 21:38:21 | 000,000,290 | ---- | C] () -- C:\Users\QuiP\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014-08-06 21:38:21 | 000,000,272 | ---- | C] () -- C:\Users\QuiP\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014-08-06 21:37:09 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2014-08-06 21:37:08 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2014-08-06 21:35:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2014-08-06 21:35:25 | 4250,959,870 | -HS- | C] () -- C:\hiberfil.sys
 
========== ZeroAccess Check ==========
 
[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010-11-21 05:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010-11-21 05:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
< End of report >

Attached Files


Edited by OneDesperateGuy, 06 August 2014 - 07:32 PM.

  • 0

Advertisements

#2
Biscuithd
Posted 07 August 2014 - 06:06 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Would you take the RK, aswMBR and MBR files and post them the way you did the OTL scans and I'll have a look.


  • 0

#3
OneDesperateGuy
Posted 07 August 2014 - 06:10 AM

OneDesperateGuy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Unfortunately I'm at work and won't be home for about 6 hours but i'll do it as soon as possible can.
  • 0

#4
Biscuithd
Posted 07 August 2014 - 06:12 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Sounds good. I'll have some time to look this evening, so it will work out well.


  • 0

#5
Biscuithd
Posted 07 August 2014 - 06:24 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I did want to make a few comments/questions.

 

The router, is it wireless? If so, it can easily be changed from outside your computer.

 

Hotmail, again, easily changed from outside you computer.

 

There is a huge data breach that we are all trying to get our hands around and understand. What I know right now is that in excess of 1 billion user Id's and passwords have been exposed. I presume that they are being used as well, which means that might be how/why your HotMail account was changed. To be honest, HotMail (it's Outlook.com now) never was very secure. I use it, but then I don't have anything via email that I care all that much about from a security perspective. There are many articles, here is just one of them


  • 0

#6
OneDesperateGuy
Posted 07 August 2014 - 07:04 AM

OneDesperateGuy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Yes the router is wireless and yeah the only thing important thing i got on my outlook.com is my steam verify.

I'll test to do a factory reset on the router and then shut down the wireless, if the password gets changed we'll know that it's not a sniffing attack.

Edited by OneDesperateGuy, 07 August 2014 - 07:05 AM.

  • 0

#7
OneDesperateGuy
Posted 09 August 2014 - 04:50 AM

OneDesperateGuy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

First of all im sorry for not posting this earlier but i had to go away for a few days on a buisness trip.

 

Here comes the logs: 

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-08-07 02:14:57
-----------------------------
02:14:57.512    OS Version: Windows x64 6.1.7601 Service Pack 1
02:14:57.512    Number of processors: 8 586 0x3C03
02:14:57.512    ComputerName: ENSATANSBURK  UserName: QuiP
02:14:57.795    Initialize success
02:14:57.795    VM: initialized successfully
02:14:57.799    VM: Intel CPU supported 
02:15:01.475    VM: supported disk I/O ataport.SYS
02:15:14.301    AVAST engine defs: 14080601
02:15:16.070    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
02:15:16.071    Disk 0 Vendor: Samsung_SSD_840_EVO_500GB EXT0BB6Q Size: 476940MB BusType: 11
02:15:16.072    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
02:15:16.073    Disk 1 Vendor: WDC_WD6400AAKS-00A7B2 01.03B01 Size: 610480MB BusType: 11
02:15:16.074    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-2
02:15:16.075    Disk 2 Vendor: WDC_WD6400AAKS-00A7B2 01.03B01 Size: 610480MB BusType: 11
02:15:16.076    Disk 3 (boot) \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP0T0L0-0
02:15:16.078    Disk 3 Vendor: KINGSTON_SH103S3120G 502ABBF0 Size: 114473MB BusType: 11
02:15:16.112    VM: Disk 3 MBR read successfully
02:15:16.114    Disk 3 MBR scan
02:15:16.117    Disk 3 Windows 7 default MBR code
02:15:16.123    Disk 3 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
02:15:16.129    Disk 3 default boot code
02:15:16.137    Disk 3 Partition 2 00     07    HPFS/NTFS NTFS       114371 MB offset 206848
02:15:16.184    Disk 3 scanning C:\Windows\system32\drivers
02:15:20.331    Service scanning
02:15:22.046    Service MSICDSetup G:\CDriver64.sys **LOCKED** 21
02:15:22.343    Service NTIOLib_1_0_C G:\NTIOLib_X64.sys **LOCKED** 21
02:15:25.106    Modules scanning
02:15:25.109    Disk 3 trace - called modules:
02:15:25.114    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
02:15:25.117    1 nt!IofCallDriver -> \Device\Harddisk3\DR3[0xfffffa800d71d060]
02:15:25.119    3 CLASSPNP.SYS[fffff8800195c43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800d250680]
02:15:25.367    AVAST engine scan C:\Windows
02:15:26.280    AVAST engine scan C:\Windows\system32
02:16:07.891    AVAST engine scan C:\Windows\system32\drivers
02:16:10.148    AVAST engine scan C:\Users\QuiP
02:16:15.573    AVAST engine scan C:\ProgramData
02:16:16.237    Scan finished successfully
02:16:23.722    Disk 3 MBR has been saved successfully to "C:\Users\QuiP\Desktop\Logs\MBR.dat"
02:16:23.724    The log file has been saved successfully to "C:\Users\QuiP\Desktop\Logs\aswMBR.txt"
 
 

HitmanPro 3.7.9.221
www.hitmanpro.com
 
   Computer name . . . . : ENSATANSBURK
   Windows . . . . . . . : 6.1.1.7601.X64/8
   User name . . . . . . : EnSatansBurk\QuiP
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2014-08-07 02:18:47
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 56s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 24
 
   Objects scanned . . . : 939 000
   Files scanned . . . . : 13 000
   Remnants scanned  . . : 167 994 files / 758 006 keys
 
Cookies _____________________________________________________________________
 
   C:\Users\QuiP\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\QuiP\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\QuiP\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\QuiP\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\QuiP\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\QuiP\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\QuiP\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\QuiP\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas4.emediate.eu
   C:\Users\QuiP\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas8.emediate.eu
   C:\Users\QuiP\AppData\Local\Google\Chrome\User Data\Default\Cookies:expertsexchange.112.2o7.net
   C:\Users\QuiP\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\QuiP\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
   C:\Users\QuiP\AppData\Local\Google\Chrome\User Data\Default\Cookies:msnportal.112.2o7.net
   C:\Users\QuiP\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\QuiP\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\QuiP\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\QuiP\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww251.smartadserver.com
   C:\Users\QuiP\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   C:\Users\QuiP\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\QuiP\AppData\Roaming\Microsoft\Windows\Cookies\quip@atdmt[2].txt
   C:\Users\QuiP\AppData\Roaming\Microsoft\Windows\Cookies\quip@burstnet[2].txt
   C:\Users\QuiP\AppData\Roaming\Microsoft\Windows\Cookies\quip@doubleclick[2].txt
   C:\Users\QuiP\AppData\Roaming\Microsoft\Windows\Cookies\quip@media6degrees[1].txt
   C:\Users\QuiP\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
 
 
 
 
 
 
 
 
 

RogueKiller V9.2.4.0 [Jul 11 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : QuiP [Admin rights]
Mode : Scan -- Date : 08/07/2014  03:07:17
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 10 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswMBR -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswVmm -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswMBR -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswVmm -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 195.54.122.204 81.26.226.3  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 195.54.122.204 81.26.226.3  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 81.26.227.3 195.54.122.198  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D7B6AEC1-605C-4985-BB4E-F016735E9EF1} | DhcpNameServer : 195.54.122.204 81.26.226.3  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D7B6AEC1-605C-4985-BB4E-F016735E9EF1} | DhcpNameServer : 195.54.122.204 81.26.226.3  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{D7B6AEC1-605C-4985-BB4E-F016735E9EF1} | DhcpNameServer : 81.26.227.3 195.54.122.198  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 840 EVO 500GB ATA Device +++++
--- User ---
[MBR] 99256d98decee2328e21688344cb0723
[BSP] 0103a45d6b840ed1516a5441d52748c0 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: WDC WD6400AAKS-00A7B2 ATA Device +++++
--- User ---
[MBR] 3c0c42a1a36e2fad7e539a07ec630c9c
[BSP] e717f24d6d244c18e59b79e40ab2617d : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 610478 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: WDC WD6400AAKS-00A7B2 ATA Device +++++
--- User ---
[MBR] 926fe47886bc8d5f32abef94586bde5d
[BSP] 4eb6286e8240657cba3a325c7d167a91 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 610478 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive3: KINGSTON SH103S3120G ATA Device +++++
--- User ---
[MBR] 598f2384d0f8d50b4db811adaf572f40
[BSP] d6d0032e6c2e59bdee703b50d23b3c7c : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_DEL_08072014_015328.log - RKreport_DEL_08072014_015600.log - RKreport_DEL_08072014_015957.log - RKreport_SCN_08072014_015259.log
RKreport_SCN_08072014_015431.log - RKreport_SCN_08072014_015945.log

 


  • 0

#8
Biscuithd
Posted 09 August 2014 - 06:36 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

So, where do things sit with the router and the machine? These logs look ok.


  • 0

#9
OneDesperateGuy
Posted 09 August 2014 - 06:55 AM

OneDesperateGuy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
To be honest IM not sure, iv'e had the router running without wireless up for about 2 hours now and the password hasn't been changed yet. 
I have refrained from using any other service that requires login in fear of loosing them too.
 
What about those regkeys that rougekiller found? They're pointing towards some IP address aren't they?

Edited by OneDesperateGuy, 09 August 2014 - 06:55 AM.

  • 0

#10
Biscuithd
Posted 09 August 2014 - 07:12 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

What about those regkeys that rougekiller found? They're pointing towards some IP address aren't they?

Yes, after a fashion. Do you do any Gaming with this machine?


  • 0

Advertisements

#11
OneDesperateGuy
Posted 09 August 2014 - 07:19 AM

OneDesperateGuy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

The be completely honest thats pretty much the only thing i do with it.


  • 0

#12
Biscuithd
Posted 09 August 2014 - 07:20 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Well, there ya go! Those resolve to gaming-ish websites. They kind of are the same places that the PS3 folks hang out.


  • 0

#13
OneDesperateGuy
Posted 09 August 2014 - 07:28 AM

OneDesperateGuy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Ah i see, so whould you say that my computer is clean or is there anything else i could do?


  • 0

#14
Biscuithd
Posted 09 August 2014 - 07:29 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I think you're in pretty good shape. :thumbsup:


  • 0

#15
OneDesperateGuy
Posted 09 August 2014 - 07:42 AM

OneDesperateGuy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Superb! Thanks alot for your help biscuit! Now i'll just have to try to get my darn accounts back.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP