-
Hello, here you go.
ComboFix 14-03-19.01 - Mike 03/20/2014 16:11:11.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8080.6421 [GMT -4:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
Command switches used :: c:\users\Mike\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\Tasks\ArcadeParlor.job"
"c:\windows\Tasks\SLOW-PCfighter64-Mike-Notification.job"
"c:\windows\Tasks\SLOW-PCfighter64-Mike-Startup.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Fighters
c:\program files (x86)\Fighters\Tray\FightersTray.exe
c:\program files (x86)\Fighters\Tray\HTML\checking_for_updates.html
c:\program files (x86)\Fighters\Tray\HTML\done_lightbox.html
c:\program files (x86)\Fighters\Tray\HTML\error_lightbox.html
c:\program files (x86)\Fighters\Tray\HTML\gfx\bg_stretch.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\done_btn.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\done_btn_down.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\icon_complete.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\Icon_done.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\icon_error.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\Icon_fdf.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\icon_info.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\icon_info_active.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\icon_productname.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\icon_shield.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\Icon_slow.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\Icon_spam.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\Icon_spy.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\icon_support.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\icon_support_active.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\Icon_TKTRAY-UPD-RCPRO.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\Icon_TKTRAYAPP.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\Icon_virus.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\scrollbar\sb-v-scroll-next.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\scrollbar\sb-v-scroll-prev.png
c:\program files (x86)\Fighters\Tray\HTML\gfx\spinner.gif
c:\program files (x86)\Fighters\Tray\HTML\gfx\unipb.gif
c:\program files (x86)\Fighters\Tray\HTML\gfx\unipb_install.gif
c:\program files (x86)\Fighters\Tray\HTML\popup.css
c:\program files (x86)\Fighters\Tray\HTML\popup.html
c:\program files (x86)\Fighters\Tray\HTML\restart_lightbox.html
c:\program files (x86)\Fighters\Tray\HTML\update_manager.css
c:\program files (x86)\Fighters\Tray\HTML\Update_Manager.html
c:\program files (x86)\Fighters\Tray\HTML\uptodate_lightbox.html
c:\program files (x86)\Fighters\Tray\HTML\whitelabel.css
c:\program files (x86)\Fighters\Tray\MsgSys.exe
c:\program files (x86)\Fighters\Tray\notification\gfx\icon_close.png
c:\program files (x86)\Fighters\Tray\notification\gfx\icon_productname.png
c:\program files (x86)\Fighters\Tray\notification\gfx\popup_bubble.png
c:\program files (x86)\Fighters\Tray\notification\popup.css
c:\program files (x86)\Fighters\Tray\notification\popup.html
c:\program files (x86)\Fighters\Tray\sfhtml.dll
c:\program files (x86)\Fighters\Tray\SuiteClient.dll
c:\program files (x86)\Fighters\Tray\Translations\Language_AR.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_BG.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_CS.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_DA.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_DE.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_EL.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_EN.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_ES.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_FI.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_FR.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_HE.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_HR.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_HU.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_ID.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_IT.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_JA.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_KO.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_NL.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_NO.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_PL.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_PT.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_RO.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_RU.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_SV.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_TH.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_TR.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_TW.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_VI.xml
c:\program files (x86)\Fighters\Tray\Translations\Language_ZH.xml
c:\program files (x86)\Yahoo!
c:\program files (x86)\Yahoo!\Common\unyt.exe
c:\program files (x86)\Yahoo!\Common\unyt_wrap.exe
c:\program files (x86)\Yahoo!\Companion\Data\apps.html
c:\program files (x86)\Yahoo!\Companion\Data\cna.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_abt.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_act_ie_upg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_act_srch1.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_act_srch2.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_anstip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_anstipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_as.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_atb.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_auttip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_auttipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_bootip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_catb.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_clutip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_clutipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_cnf.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_cotb.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_ctb.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_fantip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_fantipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_fintip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_fintipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_flktip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_flktipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_grptip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_grptipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_loctip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_loctipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_logtip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_mailatip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_mailtip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_map.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_mlbtip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_mlbtipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_movtip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_movtipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_msgratip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_msgrtip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_mustip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_mustipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_nbatip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_nbatipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_newstip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_newstipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_newtip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_newtipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_nfltip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_nfltipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_opt.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_pub.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_shotip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_shotipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_srchtip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_tratip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_tratipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_upg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_upg8tip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_wctb.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_weatip.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_weatipg.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_wp.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_wp2.html
c:\program files (x86)\Yahoo!\Companion\Data\dlg_yq.html
c:\program files (x86)\Yahoo!\Companion\Data\loading.html
c:\program files (x86)\Yahoo!\Companion\Data\settings.html
c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\visic_coupon.dll
c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\ytbb.exe
c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\ytbn.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\Uninst_AutoUpdater.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Fighters
c:\program files\Fighters\SLOW-PCfighter\CommonToolkitSuite.cts
c:\program files\Fighters\SLOW-PCfighter\CommonToolkitSuiteLight_x64.dll
c:\program files\Fighters\SLOW-PCfighter\Documents\LicenseEN.rtf
c:\program files\Fighters\SLOW-PCfighter\Languages\language_BG.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_CS.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_DA.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_DE.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_EL.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_EN-US.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_EN.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_ES.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_FI.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_FR.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_HR.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_HU.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_ID.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_IT.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\language_JA.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_KO.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_NL.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_NO.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_PL.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_PT.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_RO.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_RU.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_SV.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_TH.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\language_TR.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_TW.xml
c:\program files\Fighters\SLOW-PCfighter\Languages\Language_ZH.xml
c:\program files\Fighters\SLOW-PCfighter\LogFilesCollector.exe
c:\program files\Fighters\SLOW-PCfighter\MachineId.exe
c:\program files\Fighters\SLOW-PCfighter\MachineIdGatewayx64.dll
c:\program files\Fighters\SLOW-PCfighter\MsgSys.exe
c:\program files\Fighters\SLOW-PCfighter\sfhtml.dll
c:\program files\Fighters\SLOW-PCfighter\SLOW-PCfighter64.exe
c:\program files\Fighters\SLOW-PCfighter\Sync.exe
c:\program files\Fighters\SLOW-PCfighter\Uninstall.exe
c:\program files\Fighters\SLOW-PCfighter\UpDates.exe
c:\programdata\Fighters
c:\programdata\Fighters\SLOW-PCfighter64\LOGS\LOGS_03_17_2014_00_30_33_AM.log
c:\programdata\Fighters\SLOW-PCfighter64\TipofDay_EN.xml
c:\programdata\Fighters\SLOW-PCfighter64\wxfdata.wxf
c:\programdata\Fighters\Tray\Configurations\RCPRO.xml
c:\programdata\Fighters\Tray\Configurations\TKTRAY.xml
c:\programdata\Fighters\Tray\Logs\CommonTrayInstaller.log.txt
c:\programdata\Fighters\Tray\Menu\DVPRO.ico
c:\programdata\Fighters\Tray\Menu\fdpro.ico
c:\programdata\Fighters\Tray\Menu\products_list.xml
c:\programdata\Fighters\Tray\Menu\pwpro.ico
c:\programdata\Fighters\Tray\Menu\rcpro.ico
c:\programdata\Fighters\Tray\Menu\sfpro.ico
c:\programdata\Fighters\Tray\Menu\swpro.ico
c:\programdata\Fighters\Tray\Menu\vfpro.ico
c:\users\Mike\AppData\Local\ArcadeParlor
c:\users\Mike\AppData\Local\ArcadeParlor\ap.config
c:\users\Mike\AppData\Local\ArcadeParlor\Arcadeparlor.dll
c:\users\Mike\AppData\Local\ArcadeParlor\broker.exe
c:\users\Mike\AppData\Local\ArcadeParlor\removal.exe
c:\users\Mike\AppData\Local\ArcadeParlor\versioncheck.exe
c:\users\Mike\AppData\Roaming\Fighters
c:\users\Mike\AppData\Roaming\Fighters\Suite\Logs\Client.log.txt
c:\users\Mike\AppData\Roaming\Fighters\Suite\Logs\MachineId.log.txt
c:\users\Mike\AppData\Roaming\Fighters\Tray\Logs\Tray.log.txt
c:\users\Mike\AppData\Roaming\Fighters\Tray\Menu\dlpro.ico
c:\users\Mike\AppData\Roaming\Fighters\Tray\Menu\dvpro.ico
c:\users\Mike\AppData\Roaming\Fighters\Tray\Menu\fdpro.ico
c:\users\Mike\AppData\Roaming\Fighters\Tray\Menu\products_list.xml
c:\users\Mike\AppData\Roaming\Fighters\Tray\Menu\pwpro.ico
c:\users\Mike\AppData\Roaming\Fighters\Tray\Menu\rcpro.ico
c:\users\Mike\AppData\Roaming\Fighters\Tray\Menu\sfpro.ico
c:\users\Mike\AppData\Roaming\Fighters\Tray\Menu\swpro.ico
c:\users\Mike\AppData\Roaming\Fighters\Tray\Menu\vfpro.ico
c:\users\Mike\AppData\Roaming\Fighters\Tray\Updates\TKTRAYINFO.list
c:\users\Mike\AppData\Roaming\Fighters\Tray\Updates\TKTRAYINFO.list_new
c:\users\Mike\AppData\Roaming\InstallX Search Protect for Yahoo
c:\users\Mike\AppData\Roaming\InstallX Search Protect for Yahoo\config.xml
c:\users\Mike\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe
c:\users\Mike\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.zip
c:\users\Mike\AppData\Roaming\InstallX Search Protect for Yahoo\SearchProtectorMonitor.log
c:\windows\Tasks\ArcadeParlor.job
c:\windows\Tasks\SLOW-PCfighter64-Mike-Notification.job
c:\windows\Tasks\SLOW-PCfighter64-Mike-Startup.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_YahooAUService
-------\Service_YahooAUService
.
.
((((((((((((((((((((((((( Files Created from 2014-02-20 to 2014-03-20 )))))))))))))))))))))))))))))))
.
.
2014-03-20 20:14 . 2014-03-20 20:14 -------- d-----w- c:\users\hedev\AppData\Local\temp
2014-03-20 20:14 . 2014-03-20 20:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-18 06:10 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{506DE174-866D-4001-9FFE-69D7B5909153}\mpengine.dll
2014-03-17 17:16 . 2014-03-18 02:49 -------- d-----w- C:\AdwCleaner
2014-03-17 04:59 . 2014-03-17 04:59 -------- d-----w- c:\program files (x86)\ERUNT
2014-03-17 04:20 . 2014-03-17 04:20 -------- d-----w- c:\programdata\Yahoo! Companion
2014-03-17 04:20 . 2014-03-17 04:20 -------- d-----w- c:\program files (x86)\7-Zip
2014-03-17 04:20 . 2014-03-17 04:20 -------- d-----w- c:\programdata\Yahoo!
2014-03-17 04:20 . 2014-03-17 04:20 -------- d-----w- c:\users\Mike\AppData\Roaming\Yahoo!
2014-03-12 01:32 . 2014-03-12 01:32 -------- d-----w- c:\users\Mike\AppData\Local\Skype
2014-03-12 01:32 . 2014-03-20 20:04 -------- d-----w- c:\users\Mike\AppData\Roaming\Skype
2014-03-12 01:32 . 2014-03-12 01:32 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-03-12 01:32 . 2014-03-12 01:32 -------- d-----r- c:\program files (x86)\Skype
2014-03-12 01:31 . 2014-03-12 01:32 -------- d-----w- c:\programdata\Skype
2014-03-11 22:01 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-11 22:01 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-11 22:01 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-11 22:01 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-11 21:53 . 2014-03-11 21:53 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2014-03-11 21:52 . 2014-03-04 11:32 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-02-26 18:31 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-02-26 18:31 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-02-25 12:20 . 2014-03-20 12:22 -------- d-----w- c:\program files (x86)\WarThunder - Copy
2014-02-19 16:32 . 2014-02-19 16:31 80184 ----a-w- c:\windows\system32\drivers\aswStm.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-11 22:22 . 2012-08-14 15:56 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-11 20:29 . 2012-08-13 21:21 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 20:29 . 2012-08-13 21:21 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-04 14:35 . 2014-02-06 22:40 17755424 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-03-04 14:35 . 2013-02-19 16:05 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-03-04 14:35 . 2012-08-27 22:02 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-03-04 14:35 . 2012-08-06 23:29 947808 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-03-04 14:35 . 2012-08-06 23:29 3093280 ----a-w- c:\windows\system32\nvapi64.dll
2014-03-04 14:35 . 2012-08-06 23:29 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-03-04 13:06 . 2012-08-06 23:29 6714312 ----a-w- c:\windows\system32\nvcpl.dll
2014-03-04 13:06 . 2012-08-06 23:29 3497816 ----a-w- c:\windows\system32\nvsvc64.dll
2014-03-04 13:05 . 2012-08-06 23:29 922968 ----a-w- c:\windows\system32\nvvsvc.exe
2014-03-04 13:05 . 2012-08-06 23:29 64968 ----a-w- c:\windows\system32\nvshext.dll
2014-03-04 13:05 . 2012-08-06 23:29 386336 ----a-w- c:\windows\system32\nvmctray.dll
2014-03-04 13:05 . 2012-08-06 23:29 3649185 ----a-w- c:\windows\system32\nvcoproc.bin
2014-02-19 16:31 . 2013-04-20 21:30 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-02-19 16:31 . 2012-08-14 11:35 421704 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-02-19 16:31 . 2012-08-14 11:35 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-19 16:31 . 2012-08-14 11:35 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-02-19 16:31 . 2012-08-14 11:35 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-02-19 16:31 . 2012-08-14 11:35 43152 ----a-w- c:\windows\avastSS.scr
2013-12-24 23:09 . 2014-02-13 21:00 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-12-24 22:48 . 2014-02-13 21:00 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-12-21 09:53 . 2014-02-14 00:41 548864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-21 08:56 . 2014-02-14 00:41 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-19 3767096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 17:27 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-13 20:29]
.
2014-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-06 23:10]
.
2014-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-06 23:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-19 16:31 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-12 7560296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{39AD0726-986D-40F9-972B-E3BFA24B7745} - c:\users\Mike\AppData\Local\ArcadeParlor\Arcadeparlor.dll
Toolbar-Locked - (no file)
AddRemove-Yahoo! Companion - c:\users\Mike\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe
AddRemove-Yahoo! Toolbar - c:\progra~2\Yahoo!\Common\UNYT_W~1.EXE
AddRemove-{B74443DB-5A88-4583-860A-F0D06EF399E3} - c:\users\Mike\AppData\Local\ArcadeParlor\removal.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-03-20 16:17:43 - machine was rebooted
ComboFix-quarantined-files.txt 2014-03-20 20:17
ComboFix2.txt 2014-03-19 21:39
.
Pre-Run: 818,845,560,832 bytes free
Post-Run: 818,458,382,336 bytes free
.
- - End Of File - - 8950DF8704DA43848B5C99282595CCCE
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521
Run by Mike at 16:19:17 on 2014-03-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8080.6648 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Dwm.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
BHO: ArcadeParlor Games: {39AD0726-986D-40F9-972B-E3BFA24B7745} -
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0725DADC-CAD9-4867-8745-00681411B8DC} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-20 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-4-20 207904]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-8-6 16152]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-8-14 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2012-8-14 421704]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-8-14 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-2-19 50344]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-6 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-8-6 161560]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-2 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-7-30 15129376]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-3-11 411936]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-8-6 363800]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-17 26136]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-8-6 355096]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-8-6 786200]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-2-6 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-8-6 646248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-2-19 80184]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-11 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-29 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-17 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-11-29 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-1 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2014-03-20 20:15:36 -------- d-sh--w- C:\$RECYCLE.BIN
2014-03-19 21:35:35 98816 ----a-w- C:\Windows\sed.exe
2014-03-19 21:35:35 256000 ----a-w- C:\Windows\PEV.exe
2014-03-19 21:35:35 208896 ----a-w- C:\Windows\MBR.exe
2014-03-18 06:10:35 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{506DE174-866D-4001-9FFE-69D7B5909153}\mpengine.dll
2014-03-17 17:16:31 -------- d-----w- C:\AdwCleaner
2014-03-12 01:32:13 -------- d-----w- C:\Users\Mike\AppData\Local\Skype
2014-03-12 01:32:01 -------- d-----r- C:\Program Files (x86)\Skype
2014-03-11 22:01:48 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-11 22:01:47 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-11 22:01:47 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-11 22:01:47 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-11 21:52:58 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-02-26 18:31:34 6574592 ----a-w- C:\Windows\System32\mstscax.dll
2014-02-26 18:31:34 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-02-25 12:20:42 -------- d-----w- C:\Program Files (x86)\WarThunder - Copy
2014-02-19 16:32:00 80184 ----a-w- C:\Windows\System32\drivers\aswStm.sys
.
==================== Find3M ====================
.
2014-03-11 20:29:06 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 20:29:06 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-04 13:06:00 6714312 ----a-w- C:\Windows\System32\nvcpl.dll
2014-03-04 13:06:00 3497816 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-03-04 13:05:58 922968 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-03-04 13:05:58 64968 ----a-w- C:\Windows\System32\nvshext.dll
2014-03-04 13:05:57 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2014-03-04 13:05:53 3649185 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-19 16:31:59 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-02-19 16:31:59 43152 ----a-w- C:\Windows\avastSS.scr
2014-02-19 16:31:59 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-02-19 16:31:59 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-21 09:53:45 548864 ----a-w- C:\Windows\System32\vbscript.dll
2013-12-21 08:56:47 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
.
============= FINISH: 16:19:22.59 ===============
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
