PDA

View Full Version : Can't remove Adware



Coiso
2012-10-07, 12:55
I recently got infected by an adware that every hour or so keeps opening a tabs to the same site.

I've run AVG, Malware Bytes, Spybot S&D, AD-Aware and TSSKiller with no results but the problem keeps happening.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Goncalo at 10:50:40 on 2012-10-07
Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1033.18.8078.4221 [GMT 1:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Users\Goncalo\AppData\Local\tuto4pc_pt_2\UpdateTutoriaisSlimbaHP.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\SVP\SVPMgr.exe
C:\Users\Goncalo\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Elantech\ETDGesture.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\TUTO4PC\tuto4pc_pt_2.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Windows\system32\igfxpers.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=122E505E94DA31A74FA7AB5070B47D77
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [SVPMgr] "C:\Program Files (x86)\SVP\SVPMgr.exe"
uRun: [googletalk] C:\Users\Goncalo\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ASUS InstantKey] C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Tutorials] "C:\Program Files (x86)\TUTO4PC\tuto4pc_pt_2.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRunOnce: [UpdateTutoriaisSlimbaHP.exe] C:\Users\Goncalo\AppData\Local\tuto4pc_pt_2\UpdateTutoriaisSlimbaHP.exe -runonce
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{909C6373-07B9-4DCF-9969-AB9F594C703A} : DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{99632570-2E68-49DF-9D6A-24E09C712F83} : NameServer = 212.55.154.174,212.55.154.190
TCP: Interfaces\{99632570-2E68-49DF-9D6A-24E09C712F83} : DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{99632570-2E68-49DF-9D6A-24E09C712F83}\44C496E6B6D2247303347313 : NameServer = 212.55.154.174,212.55.154.190
TCP: Interfaces\{99632570-2E68-49DF-9D6A-24E09C712F83}\44C496E6B6D2247303347313 : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{99632570-2E68-49DF-9D6A-24E09C712F83}\56465727F616D6 : DhcpNameServer = 193.136.28.10 193.136.28.9
TCP: Interfaces\{99632570-2E68-49DF-9D6A-24E09C712F83}\66565707E236F6E666562756E636961637 : NameServer = 212.55.154.174,212.55.154.190
TCP: Interfaces\{99632570-2E68-49DF-9D6A-24E09C712F83}\66565707E236F6E666562756E636961637 : DhcpNameServer = 172.31.255.253
TCP: Interfaces\{99632570-2E68-49DF-9D6A-24E09C712F83}\F437026596A796E686F63702D41696370264F66696E686F637 : DhcpNameServer = 192.168.1.254 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO-X64: Ad-Aware Security Add-on - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
TB-X64: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
mRun-x64: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun-x64: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun-x64: [ASUS InstantKey] C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
mRun-x64: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
mRun-x64: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Tutorials] "C:\Program Files (x86)\TUTO4PC\tuto4pc_pt_2.exe"
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRunOnce-x64: [UpdateTutoriaisSlimbaHP.exe] C:\Users\Goncalo\AppData\Local\tuto4pc_pt_2\UpdateTutoriaisSlimbaHP.exe -runonce
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Goncalo\AppData\Roaming\Mozilla\Firefox\Profiles\ykdxdtyc.default-1349567241827\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-9-10 8704]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\system32\DRIVERS\iusb3hcs.sys --> C:\Windows\system32\DRIVERS\iusb3hcs.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys --> C:\Windows\system32\drivers\avgtpx64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 nvkflt;nvkflt;C:\Windows\system32\DRIVERS\nvkflt.sys --> C:\Windows\system32\DRIVERS\nvkflt.sys [?]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-10-26 101112]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-9-20 1236368]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-4-13 277120]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-7-19 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-7-19 161560]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-9-10 1258856]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-10-6 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-8-30 382312]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-7-19 363800]
R2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [2012-8-31 927840]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2012-2-29 17152]
R3 AsusVBus;AsusVBus;C:\Windows\system32\DRIVERS\AsusVBus.sys --> C:\Windows\system32\DRIVERS\AsusVBus.sys [?]
R3 AsusVTouch;AsusVTouch;C:\Windows\system32\DRIVERS\AsusVTouch.sys --> C:\Windows\system32\DRIVERS\AsusVTouch.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\iusb3hub.sys --> C:\Windows\system32\DRIVERS\iusb3hub.sys [?]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\DRIVERS\iusb3xhc.sys --> C:\Windows\system32\DRIVERS\iusb3xhc.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
RUnknown ETD;ETD; [x]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/07/18 16:57:07;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-4-20 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-24 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-31 250288]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-5-8 276248]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-10-5 130976]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-24 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-31 114144]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-9-28 14544]
.
=============== Created Last 30 ================
.
2012-10-07 09:33:45 252712 ----a-w- C:\Windows\ETDUninst.dll
2012-10-06 23:12:32 -------- d-----w- C:\Users\Goncalo\AppData\Local\{7556E9BF-3957-46A8-A172-992B971750C8}
2012-10-06 23:09:10 -------- d-----w- C:\Users\Goncalo\AppData\Roaming\LavasoftStatistics
2012-10-06 22:49:23 60536 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2012-10-06 22:49:23 57976 ----a-w- C:\Windows\System32\drivers\sbredrv.sys
2012-10-06 22:49:23 45936 ----a-w- C:\Windows\System32\sbbd.exe
2012-10-06 22:49:22 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-10-06 22:49:12 -------- d-----w- C:\Users\Goncalo\AppData\Local\Downloaded Installations
2012-10-06 22:45:36 -------- d-----w- C:\ProgramData\blekko toolbars
2012-10-06 22:45:32 -------- d-----w- C:\Users\Goncalo\AppData\Local\adawarebp
2012-10-06 22:45:31 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-10-06 22:45:26 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2012-10-06 22:45:22 -------- d-----w- C:\Program Files (x86)\adawaretb
2012-10-06 22:44:39 -------- d-----w- C:\Users\Goncalo\AppData\Roaming\Ad-Aware Antivirus
2012-10-06 21:05:38 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-10-06 21:05:38 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-10-06 11:12:09 -------- d-----w- C:\Users\Goncalo\AppData\Local\{647CD744-8433-4069-9C5E-00DAE44090D4}
2012-10-05 23:11:46 -------- d-----w- C:\Users\Goncalo\AppData\Local\{391A3A0B-5EF0-40EB-B272-2EE281203655}
2012-10-05 22:03:52 -------- d-----w- C:\Users\Goncalo\AppData\Roaming\CPUControl
2012-10-05 22:03:51 -------- d-----w- C:\Program Files (x86)\CPU-Control
2012-10-05 21:42:42 -------- d-----w- C:\ProgramData\Futuremark
2012-10-05 21:39:10 -------- d-----w- C:\Program Files (x86)\Futuremark
2012-10-05 21:39:09 -------- d-----w- C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2012-10-05 21:39:09 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-10-05 21:27:17 -------- d-----w- C:\Users\Goncalo\AppData\Local\tuto4pc_pt_2
2012-10-05 21:27:17 -------- d-----w- C:\Program Files (x86)\TUTO4PC
2012-10-05 21:24:19 -------- d-----w- C:\Users\Goncalo\Heaven
2012-10-05 21:17:02 -------- d-----w- C:\Program Files\Unigine
2012-10-05 11:11:22 -------- d-----w- C:\Users\Goncalo\AppData\Local\{9C0DAFCD-4AA0-4814-8C5D-F571BCE18F62}
2012-10-04 23:10:59 -------- d-----w- C:\Users\Goncalo\AppData\Local\{F2EB7F83-17BD-4844-8CAA-77A0AD82B49E}
2012-10-04 18:14:43 -------- d-----w- C:\Users\Goncalo\AppData\Local\Diagnostics
2012-10-04 11:10:35 -------- d-----w- C:\Users\Goncalo\AppData\Local\{5173C465-B7C4-418D-91F6-87F7C06CB440}
2012-10-03 23:08:28 -------- d-----w- C:\Users\Goncalo\AppData\Local\{B2F61BF4-0FC2-40DA-8121-18C4142B90FE}
2012-10-03 11:08:16 -------- d-----w- C:\Users\Goncalo\AppData\Local\{112134C8-B974-439F-99C9-0B222122797C}
2012-10-02 23:07:49 -------- d-----w- C:\Users\Goncalo\AppData\Local\{2ADC62C5-B920-4230-9E31-265673FC5A79}
2012-10-02 11:07:25 -------- d-----w- C:\Users\Goncalo\AppData\Local\{A34BE99F-1766-4BEC-9FF8-A93FE5CB1CC6}
2012-10-01 22:04:50 -------- d-----w- C:\Users\Goncalo\AppData\Local\{E8922814-3F75-4AD1-9815-EDC5324278FF}
2012-10-01 10:04:27 -------- d-----w- C:\Users\Goncalo\AppData\Local\{DF4E7B58-A661-4D4E-8ED3-47FB6220FAC6}
2012-09-30 22:12:24 -------- d-----w- C:\Users\Goncalo\AppData\Local\SCE
2012-09-30 22:12:24 -------- d-----w- C:\Crash
2012-09-30 22:12:20 239960 ----a-w- C:\Windows\SysWow64\xactengine3_7.dll
2012-09-30 22:12:20 1907552 ----a-w- C:\Windows\System32\d3dcsx_43.dll
2012-09-30 22:12:20 1868128 ----a-w- C:\Windows\SysWow64\d3dcsx_43.dll
2012-09-30 22:12:20 176984 ----a-w- C:\Windows\System32\xactengine3_7.dll
2012-09-30 22:12:02 -------- d-----w- C:\Windows\SysWow64\directx
2012-09-30 22:04:02 -------- d-----w- C:\Users\Goncalo\AppData\Local\{BCB1536E-EBC7-4676-8E63-EF8A1D26EBFC}
2012-09-30 16:42:59 -------- d-----w- C:\Users\Goncalo\AppData\Roaming\gd.sos.McPixel
2012-09-30 10:03:38 -------- d-----w- C:\Users\Goncalo\AppData\Local\{03B95AA8-B6E3-4BB3-AC16-69944C4D1550}
2012-09-30 09:56:35 -------- d-----w- C:\Users\Goncalo\AppData\Roaming\CrystalIdea Software
2012-09-29 23:54:06 -------- d-----w- C:\Users\Goncalo\AppData\Local\Google
2012-09-29 22:03:19 -------- d-----w- C:\Users\Goncalo\AppData\Local\{5660ACDF-5B67-44DA-9923-4AA156090AB3}
2012-09-29 10:03:09 -------- d-----w- C:\Users\Goncalo\AppData\Local\{A39C96DA-82B4-47A0-AC27-559E059CC6A7}
2012-09-28 18:49:20 -------- d-----w- C:\Users\Goncalo\AppData\Local\Solid State Networks
2012-09-28 18:49:17 -------- d-----w- C:\Program Files (x86)\MeteorEntertainment
2012-09-28 13:54:03 -------- d-----w- C:\ProgramData\IObit
2012-09-28 13:54:03 -------- d-----w- C:\Program Files (x86)\IObit
2012-09-28 13:23:46 -------- d-----w- C:\Users\Goncalo\AppData\Local\{56314CAC-B895-49AC-B502-7F58ABCFB36A}
2012-09-27 23:09:02 -------- d-----w- C:\Users\Goncalo\AppData\Local\{E4755822-D125-4DDF-B90B-4CB5E38B76FE}
2012-09-27 11:08:50 -------- d-----w- C:\Users\Goncalo\AppData\Local\{73B575B6-7519-47DA-8D34-5B2562780E10}
2012-09-26 23:08:26 -------- d-----w- C:\Users\Goncalo\AppData\Local\{60612B46-D34A-43B3-AB32-5FA698515C3A}
2012-09-26 11:11:50 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-26 11:08:02 -------- d-----w- C:\Users\Goncalo\AppData\Local\{5E41037E-7E55-4B6B-9FA4-1890D542C3A1}
2012-09-25 21:32:33 -------- d-----w- C:\Users\Goncalo\AppData\Local\{0DFCF18D-8109-43BD-A785-0EFCF8ABA736}
2012-09-25 09:32:09 -------- d-----w- C:\Users\Goncalo\AppData\Local\{43A50178-279C-4297-B03F-BEF867E152CD}
2012-09-24 21:31:44 -------- d-----w- C:\Users\Goncalo\AppData\Local\{182798E4-CE0D-478B-AE89-BCECFF2A7615}
2012-09-24 09:31:20 -------- d-----w- C:\Users\Goncalo\AppData\Local\{25096F3A-F61A-4243-8FF7-DC10B48B3A54}
2012-09-23 14:21:51 -------- d-----w- C:\Users\Goncalo\AppData\Local\{35F02478-AEB8-4C67-909D-58CC68A0B0A6}
2012-09-22 23:49:13 -------- d-----w- C:\Users\Goncalo\AppData\Local\{8F46AA00-943F-4C25-BCC4-617E85EF1527}
2012-09-22 11:48:50 -------- d-----w- C:\Users\Goncalo\AppData\Local\{6F85EA7A-23B4-4D5D-B335-D2BC66513811}
2012-09-21 23:48:27 -------- d-----w- C:\Users\Goncalo\AppData\Local\{C8BD3CDD-4C16-4835-9636-70F8ABB66E9D}
2012-09-21 11:48:03 -------- d-----w- C:\Users\Goncalo\AppData\Local\{E7B5DA41-0E00-4303-BE69-47EB0D6AF1FE}
2012-09-21 09:58:34 -------- d-----w- C:\Users\Goncalo\.android
2012-09-21 09:58:33 -------- d-----w- C:\Users\Goncalo\AppData\Local\Eclipse
2012-09-21 09:58:05 -------- d-----w- C:\Users\Goncalo\workspace
2012-09-20 23:47:39 -------- d-----w- C:\Users\Goncalo\AppData\Local\{A1B1F0CD-8026-4122-BC40-9B9C0C81999C}
2012-09-20 22:03:03 -------- d-----w- C:\Fraps
2012-09-20 19:10:50 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-09-20 19:10:50 3266920 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-09-20 19:10:49 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-09-20 19:10:49 6198120 ----a-w- C:\Windows\System32\nvcpl.dll
2012-09-20 19:10:49 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-09-20 19:10:49 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-09-20 19:09:54 9066344 ----a-w- C:\Windows\System32\nvcuda.dll
2012-09-20 19:09:54 7626088 ----a-w- C:\Windows\SysWow64\nvcuda.dll
2012-09-20 19:09:54 26228072 ----a-w- C:\Windows\System32\nvoglv64.dll
2012-09-20 19:09:54 19828584 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2012-09-20 19:09:54 1760104 ----a-w- C:\Windows\System32\nvdispco64.dll
2012-09-20 19:09:54 14879080 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2012-09-20 19:09:54 1482600 ----a-w- C:\Windows\System32\nvdispgenco64.dll
2012-09-20 19:09:54 13391720 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2012-09-20 19:09:54 12465512 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2012-09-20 19:03:15 -------- d-----w- C:\Program Files (x86)\Driver Fusion
2012-09-20 11:47:14 -------- d-----w- C:\Users\Goncalo\AppData\Local\{25CA0F2D-FE38-451D-8675-CC984F305059}
2012-09-19 23:46:50 -------- d-----w- C:\Users\Goncalo\AppData\Local\{3763A1D7-7F43-498F-B1CB-8522E11A1BF0}
2012-09-19 16:42:20 -------- d-----w- C:\Users\Goncalo\AppData\Roaming\SVP 3.1
2012-09-19 16:39:00 -------- d-----w- C:\Users\Goncalo\AppData\Roaming\XBMC
2012-09-19 16:37:34 -------- d-----w- C:\Program Files (x86)\XBMC
2012-09-19 16:31:55 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack
2012-09-19 16:21:49 -------- d-----w- C:\Program Files (x86)\Haali
2012-09-19 16:21:41 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5
2012-09-19 16:21:36 -------- d-----w- C:\Program Files (x86)\SVP
2012-09-19 11:46:22 -------- d-----w- C:\Users\Goncalo\AppData\Local\{F5E63DF8-8123-4E83-919C-D2CB4E56FE5C}
2012-09-18 21:27:54 -------- d-----w- C:\Users\Goncalo\AppData\Local\{664D8F77-E2A8-4451-AE96-2B971AE37C14}
2012-09-18 19:09:56 -------- d-----w- C:\Users\Goncalo\AppData\Roaming\MAGIX
2012-09-18 17:40:55 -------- d-----w- C:\Users\Goncalo\AppData\Roaming\AVG
2012-09-18 17:40:24 -------- d-----w- C:\ProgramData\AVG
2012-09-18 17:40:21 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-09-18 14:29:52 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2012-09-18 09:27:30 -------- d-----w- C:\Users\Goncalo\AppData\Local\{79A01924-130A-4BEF-993C-DA29B700631C}
2012-09-17 21:27:06 -------- d-----w- C:\Users\Goncalo\AppData\Local\{612BFE27-82E0-4D14-A415-72EB62B0B516}
2012-09-17 12:49:21 -------- d-----w- C:\Users\Goncalo\AppData\Local\Apple Computer
2012-09-17 09:26:43 -------- d-----w- C:\Users\Goncalo\AppData\Local\{FC8470C6-0FD1-4F40-8D06-4EC922549C5D}
2012-09-16 21:26:19 -------- d-----w- C:\Users\Goncalo\AppData\Local\{C5CCEC34-8756-4EA9-B59D-DF13A5B78D5D}
2012-09-16 17:14:36 -------- d-----w- C:\Games
2012-09-16 09:25:56 -------- d-----w- C:\Users\Goncalo\AppData\Local\{0C96D4B3-B0FC-4913-B88C-D09FA66C2402}
2012-09-15 11:34:16 -------- d-----w- C:\Users\Goncalo\AppData\Local\{21330E4E-448A-4C23-911B-28C1474478A3}
2012-09-14 23:33:53 -------- d-----w- C:\Users\Goncalo\AppData\Local\{0C884162-78B7-42C4-9D67-F9D402421C2C}
2012-09-14 21:13:49 -------- d-----w- C:\ProgramData\VirtualizedApplications
2012-09-14 19:48:54 -------- d-----w- C:\Program Files (x86)\FTL
2012-09-14 19:41:58 -------- d-----r- C:\Users\Goncalo\Dropbox
2012-09-14 19:36:52 -------- d-----w- C:\Users\Goncalo\AppData\Roaming\Dropbox
2012-09-14 13:31:33 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2012-09-14 13:05:56 -------- d-----w- C:\Users\Goncalo\AppData\Local\SoftGrid Client
2012-09-14 13:05:55 -------- d-----w- C:\Users\Goncalo\AppData\Roaming\SoftGrid Client
2012-09-14 13:05:23 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-09-14 13:05:15 -------- d-----w- C:\Users\Goncalo\AppData\Roaming\TP
2012-09-14 11:33:30 -------- d-----w- C:\Users\Goncalo\AppData\Local\{C1C952A0-20E8-42A1-A400-49DD8C328E68}
2012-09-13 16:11:13 -------- d-----w- C:\Users\Goncalo\AppData\Local\{D4728DF1-B732-45D4-AAE4-A88103956A88}
2012-09-13 00:55:48 -------- d-----w- C:\Users\Goncalo\AppData\Local\{A4C52607-79A2-47B6-A593-0C17A7419C54}
2012-09-12 23:56:36 -------- d-----w- C:\teste
2012-09-12 12:55:23 -------- d-----w- C:\Users\Goncalo\AppData\Local\{F32BAF5E-420D-4D35-9FEB-5A41F1BF96F1}
2012-09-12 00:54:59 -------- d-----w- C:\Users\Goncalo\AppData\Local\{F6EBE051-1FE3-4078-8F12-5513D7BE3047}
2012-09-11 18:01:27 -------- d-----w- C:\Program Files (x86)\McPixel
2012-09-11 17:23:48 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-09-11 17:23:48 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-09-11 17:21:38 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-11 17:21:38 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-11 17:21:38 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-11 17:21:38 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-11 17:21:38 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-11 17:21:37 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-11 17:21:37 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-11 12:54:35 -------- d-----w- C:\Users\Goncalo\AppData\Local\{EEBBAD29-F294-4CB4-B13C-4218F7FDD412}
2012-09-11 00:54:11 -------- d-----w- C:\Users\Goncalo\AppData\Local\{99BC103D-1708-41BA-B95B-59D785875A47}
2012-09-10 18:55:20 -------- d-----w- C:\Windows\SysWow64\NV
2012-09-10 18:55:20 -------- d-----w- C:\Windows\System32\NV
2012-09-10 18:52:42 865640 ----a-w- C:\Windows\System32\nv3dappshext.dll
2012-09-10 18:52:42 55144 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2012-09-10 18:52:42 3487434 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-09-10 18:52:28 -------- d-----w- C:\temp
2012-09-10 18:52:24 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-09-10 18:51:46 971624 ----a-w- C:\Windows\System32\nvumdshimx.dll
2012-09-10 18:51:46 830312 ----a-w- C:\Windows\SysWow64\nvumdshim.dll
2012-09-10 18:51:46 2725224 ----a-w- C:\Windows\System32\nvapi64.dll
2012-09-10 18:51:46 247144 ----a-w- C:\Windows\System32\nvinitx.dll
2012-09-10 18:51:46 2422120 ----a-w- C:\Windows\SysWow64\nvapi.dll
2012-09-10 18:51:46 202600 ----a-w- C:\Windows\SysWow64\nvinit.dll
2012-09-10 18:51:46 18229096 ----a-w- C:\Windows\System32\nvd3dumx.dll
2012-09-10 18:51:46 15291752 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2012-09-10 17:58:40 -------- d-----w- C:\NVIDIA
2012-09-10 17:41:05 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-09-10 17:41:02 -------- d-----w- C:\Users\Goncalo\AppData\Roaming\DAEMON Tools Lite
2012-09-10 17:41:00 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2012-09-10 17:40:36 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2012-09-10 17:10:06 1391104 ----a-w- C:\apploc.msi
2012-09-10 15:59:33 -------- d-----w- C:\Users\Goncalo\AppData\Roaming\NVIDIA
2012-09-10 15:55:51 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-10 15:55:51 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-10 15:55:47 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-10 15:52:28 -------- d-----w- C:\Users\Goncalo\AppData\Roaming\.minecraft
2012-09-10 15:27:19 -------- d-----w- C:\ProgramData\Hi-Rez Studios
2012-09-10 15:27:17 -------- d-----w- C:\Program Files (x86)\Hi-Rez Studios
2012-09-10 14:27:43 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2012-09-10 12:50:22 -------- d-----w- C:\Users\Goncalo\AppData\Local\{41D382E4-B3D3-48BC-B5F7-4358DB4276F0}
2012-09-09 22:47:21 -------- d-----w- C:\Users\Goncalo\AppData\Local\{30D150EC-005A-404D-8CA4-E320271FFB50}
2012-09-09 10:46:57 -------- d-----w- C:\Users\Goncalo\AppData\Local\{90F20600-F790-4BA4-8E77-87797683144B}
2012-09-08 22:46:34 -------- d-----w- C:\Users\Goncalo\AppData\Local\{AF329743-90B2-4AD3-B13D-EA98F9DB7C4C}
2012-09-08 10:46:11 -------- d-----w- C:\Users\Goncalo\AppData\Local\{09B0E2F8-1D61-4C8A-BB91-E3AC1DC09732}
2012-09-07 22:45:48 -------- d-----w- C:\Users\Goncalo\AppData\Local\{6D82A1E3-F4F8-4196-B28D-D94785B431E8}
2012-09-07 19:15:14 -------- d-----w- C:\Users\Goncalo\AppData\Local\Gas Powered Games
2012-09-07 19:00:17 -------- d-----w- C:\Users\Goncalo\AppData\Local\My Games
2012-09-07 10:45:25 -------- d-----w- C:\Users\Goncalo\AppData\Local\{B8723670-B496-4C5B-A36E-02C595043510}
2012-09-07 10:45:25 -------- d-----w- C:\Users\Goncalo\AppData\Local\{8F91B6AE-9147-4FED-9518-C85A5BD59E35}
.
==================== Find3M ====================
.
2012-10-07 09:21:52 387 ----a-w- C:\Users\Goncalo\AppData\Roaming\sp_data.sys
2012-09-20 20:33:14 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-20 20:33:14 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-07 16:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-31 22:17:16 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-08-30 19:14:00 7397736 ----a-w- C:\Windows\System32\nvopencl.dll
2012-08-30 19:14:00 6109032 ----a-w- C:\Windows\SysWow64\nvopencl.dll
2012-08-30 19:14:00 355176 ----a-w- C:\Windows\System32\nvEncodeAPI64.dll
2012-08-30 19:14:00 308072 ----a-w- C:\Windows\SysWow64\nvEncodeAPI.dll
2012-08-30 19:14:00 30056 ----a-w- C:\Windows\System32\drivers\nvpciflt.sys
2012-08-30 19:14:00 284008 ----a-w- C:\Windows\System32\drivers\nvkflt.sys
2012-08-30 19:14:00 2745192 ----a-w- C:\Windows\System32\nvcuvid.dll
2012-08-30 19:14:00 2573672 ----a-w- C:\Windows\SysWow64\nvcuvid.dll
2012-08-30 19:14:00 25256296 ----a-w- C:\Windows\System32\nvcompiler.dll
2012-08-30 19:14:00 2216808 ----a-w- C:\Windows\System32\nvcuvenc.dll
2012-08-30 19:14:00 1866088 ----a-w- C:\Windows\SysWow64\nvcuvenc.dll
2012-08-30 19:14:00 17559912 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2012-08-30 13:46:46 71680 ----a-w- C:\Windows\System32\frapsv64.dll
2012-08-30 13:46:44 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll
2012-08-30 09:40:14 429416 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-08-24 14:43:16 384352 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-21 12:01:20 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-08-21 12:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 12:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-20 21:50:20 67272 ----a-w- C:\Windows\SysWow64\drivers\ArgusMonitor.sys
2012-07-26 02:21:28 291680 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-07-25 22:51:44 28104 ----a-w- C:\Windows\System32\xfcodec64.dll
2012-07-18 23:56:05 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-07-18 23:56:05 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-07-18 23:56:05 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2012-07-18 23:51:44 3058304 ----a-w- C:\Windows\AsScrPro.exe
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-09 12:42:56 4547984 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-07-09 12:42:54 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
.
============= FINISH: 10:51:28,48 ===============

After some extensive search I think the problem maybe some adware called tuto4pc though I have no idea how to remove it and would like some confirmation too.

Robybel
2012-10-09, 09:15
Hi and Welcome!! Coiso :)
My name is Robybel. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise, this will be a team effort.
This may cause a delay, but I will do my best to keep it as short as possible. Please bear with me, I will post back to you as soon as I can.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Vista and Windows 7 users:

These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

Having said that....Let's get going!! :thumbup:

Robybel
2012-10-10, 08:47
Hi Coiso ;)

I'm here

-----------------

-AdwCleaner-

Please download AdwCleaner ( http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner) by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

=============================== Next =======================================


http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
Please download GMER from one of the following locations, and save it to your desktop:

Main Mirror (http://gmer.net/download.php)
This version will download a randomly named file (Recommended)
Zip Mirror (http://gmer.net/gmer.zip)
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.



Extract the contents of the zipped file to desktop (applicable only to Zip mirror) .
Double click http://billy-oneal.com/forums/gmer/gmerRandomIcon.png or http://billy-oneal.com/forums/gmer/gmerDesktopIcon.png on your desktop.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
http://billy-oneal.com/forums/gmer/gmerNoDialog.png

http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg (http://www.geekstogo.com/misc/guide_icons/GMER_instructions.jpg)
Click the image to enlarge it

In the right panel, you will see several boxes that have been checked. Uncheck the following ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop, and attach it in your reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

On your next reply please post :

Adw Cleaner report
Gmer log

Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day! :)

Robybel
2012-10-13, 19:29
Hi Coiso
Still need help? :greeting:

oldman960
2012-10-15, 09:45
Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.