Savantskie
2013-03-04, 16:53
Hello, used to be a member here, and have asked a few questions in the past. You guys always helped me figure out a problem, and it's been quite a while since I've been here.
As of yesterday my Google Chrome browser started opening up a bunch of spoof Facebook tabs upon startup, and whenever it feels like it. It happens randomly and I think I may have caught it viewing a few friends pictures.
I have run Spybot S&D and removed several cookies that were keyloggers, and ran Avast! Anti-Virus boot time scan and got back nothing.
I remembered back in the day you guys used to use HiJackThis and ran a scan but it freaked out horribly, then I remembered there was a read before post and see you guys don't use that anymore. But figured the HiJackThis freak out was of important information.
Here is my DDS log:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Nate at 9:42:46 on 2013-03-04
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.12274.10565 [GMT -6:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo64.exe
C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
E:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
E:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Nate\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [SpybotSD TeaTimer] E:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Nate\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
StartupFolder: C:\Users\Nate\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNT AutoBackup.lnk - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\Nate\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Facebook Messenger.lnk - C:\Users\Nate\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Ultra Hal Assistant 6 Startup.lnk - C:\Program Files (x86)\Zabaware\Ultra Hal Assistant 6\HalAsst.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\convert-wma-to-mp3\YouTubeRipper.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{1BB1B788-34B9-49F9-ADE8-4AB05CFD9BE6} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A2326F75-B0BA-4708-A15F-F90CABBCF663} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{AC28AA42-E441-422F-A252-EDD91E58982A} : DHCPNameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-7-7 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-7-7 370288]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-7-10 254528]
R2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2012-8-14 43624]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-4-6 202752]
R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2012-5-10 57472]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-7-7 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-7-7 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-20 44808]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2012-8-23 21992]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-8-9 38608]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\Cyberlink\Shared files\RichVideo64.exe [2012-7-7 386344]
R2 SBSDWSCService;SBSD Security Center Service;E:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-30 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-2-9 383264]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2012-7-18 126952]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2012-7-18 390632]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\drivers\nvoclk64.sys [2009-9-15 42088]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2012-11-19 13368]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 wmamp3DriverV32;wmamp3DriverV32;C:\Windows\System32\drivers\wmamp3DriverV32.sys [2013-1-19 34088]
S2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2012-5-10 136616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-9-21 24608]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2012-7-7 25640]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-9-29 135584]
S3 GSService;GSService;C:\Windows\SysWOW64\GSService.exe [2013-1-19 252928]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-7-7 30528]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]
S3 LVUVC64;Logitech HD Webcam C615(UVC);C:\Windows\System32\drivers\LVUVC64.sys [2009-10-7 4763680]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [2012-10-23 33592]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2012-10-23 14136]
S3 NTIOLib_1_0_6;NTIOLib_1_0_6;C:\Program Files (x86)\Setup Files\Ms7693v1A0\NTIOLib_X64.sys [2011-1-6 11888]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2012-9-22 19032]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2012-9-22 12384]
S3 SMServer;SMServer;C:\Windows\SysWOW64\snmvtsvc.exe [2013-1-19 260608]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-27 1255736]
.
=============== Created Last 30 ================
.
2013-02-28 17:23:39 877856 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-02-28 17:23:39 6393120 ----a-w- C:\Windows\System32\nvcpl.dll
2013-02-28 17:23:39 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-02-28 17:23:39 3472672 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-02-28 17:23:39 3035306 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-02-28 17:23:39 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-02-28 17:23:31 61216 ----a-w- C:\Windows\System32\OpenCL.dll
2013-02-28 17:23:31 53024 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-02-28 17:23:27 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-02-21 18:59:18 -------- d-----w- C:\Users\Nate\AppData\Roaming\Origin
2013-02-21 18:59:18 -------- d-----w- C:\Program Files (x86)\Origin Games
2013-02-21 18:59:17 -------- d-----w- C:\Users\Nate\AppData\Local\Origin
2013-02-21 18:58:29 -------- d-----w- C:\ProgramData\Origin
2013-02-21 18:58:27 -------- d-----w- C:\Program Files (x86)\Origin
2013-02-21 17:00:14 -------- d-----w- C:\ProgramData\ts3overlay
2013-02-21 16:21:18 -------- d-----w- C:\Games
2013-02-21 15:34:58 -------- d-----r- C:\Users\Nate\Virtual Machines
2013-02-21 15:34:45 -------- d-----w- C:\Program Files\Windows XP Mode
2013-02-21 15:25:28 4096 ----a-w- C:\Windows\System32\drivers\pl-PL\vpchbus.sys.mui
2013-02-10 00:43:52 555808 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-02-04 23:14:03 -------- d-----w- C:\Users\Nate\AppData\Local\WMTools Downloaded Files
2013-02-04 23:03:49 -------- d-----w- C:\Program Files (x86)\Movie Maker 2.6
2013-02-04 22:38:16 -------- d-----w- C:\Users\Nate\AppData\Local\{93DC0CC0-FF9C-4D31-A66D-3B1B3E90292E}
2013-02-04 20:42:05 -------- d-----w- C:\ProgramData\ArcSoft
2013-02-04 20:42:01 -------- d-----w- C:\Users\Nate\AppData\Local\ArcSoft
.
==================== Find3M ====================
.
2012-12-19 05:42:00 31672 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-12-19 05:41:52 194488 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-12-18 08:31:25 1510328 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2012-12-16 16:52:02 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:40:45 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:25:27 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:25:19 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-07 05:41:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 05:35:34 2745856 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 05:04:20 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 04:57:38 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 03:21:08 45568 ----a-w- C:\Windows\SysWow64\oflc-nz.rs
.
============= FINISH: 9:43:08.20 ===============
aswMBR log:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-04 09:49:18
-----------------------------
09:49:18.192 OS Version: Windows x64 6.1.7600
09:49:18.192 Number of processors: 6 586 0xA00
09:49:18.192 ComputerName: DEATH UserName: Nate
09:49:18.752 Initialize success
09:49:18.810 AVAST engine defs: 13030400
09:49:23.639 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:49:23.641 Disk 0 Vendor: Corsair_Performance3_SSD 1.1 Size: 122104MB BusType: 11
09:49:23.642 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
09:49:23.644 Disk 1 Vendor: ST1000DL002-9TT153 CC32 Size: 953869MB BusType: 11
09:49:23.647 Disk 0 MBR read successfully
09:49:23.649 Disk 0 MBR scan
09:49:23.652 Disk 0 Windows 7 default MBR code
09:49:23.655 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 122102 MB offset 2048
09:49:23.661 Disk 0 scanning C:\Windows\system32\drivers
09:49:25.604 Service scanning
09:49:28.092 Service MSICDSetup D:\CDriver64.sys **LOCKED** 21
09:49:30.879 Modules scanning
09:49:30.885 Disk 0 trace - called modules:
09:49:30.890 ntoskrnp.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS halsli.dll msahci.sys
09:49:30.893 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800add1060]
09:49:30.897 3 CLASSPNP.SYS[fffff880013ce43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800ab70060]
09:49:31.327 AVAST engine scan C:\Windows
09:49:31.986 AVAST engine scan C:\Windows\system32
09:50:11.794 AVAST engine scan C:\Windows\system32\drivers
09:50:14.574 AVAST engine scan C:\Users\Nate
09:51:16.285 AVAST engine scan C:\ProgramData
09:51:24.854 Scan finished successfully
09:51:43.787 Disk 0 MBR has been saved successfully to "C:\Users\Nate\Desktop\MBR.dat"
09:51:43.792 The log file has been saved successfully to "C:\Users\Nate\Desktop\aswMBR.txt"
As of yesterday my Google Chrome browser started opening up a bunch of spoof Facebook tabs upon startup, and whenever it feels like it. It happens randomly and I think I may have caught it viewing a few friends pictures.
I have run Spybot S&D and removed several cookies that were keyloggers, and ran Avast! Anti-Virus boot time scan and got back nothing.
I remembered back in the day you guys used to use HiJackThis and ran a scan but it freaked out horribly, then I remembered there was a read before post and see you guys don't use that anymore. But figured the HiJackThis freak out was of important information.
Here is my DDS log:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Nate at 9:42:46 on 2013-03-04
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.12274.10565 [GMT -6:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo64.exe
C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
E:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
E:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Nate\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [SpybotSD TeaTimer] E:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Nate\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
StartupFolder: C:\Users\Nate\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNT AutoBackup.lnk - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\Nate\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Facebook Messenger.lnk - C:\Users\Nate\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Ultra Hal Assistant 6 Startup.lnk - C:\Program Files (x86)\Zabaware\Ultra Hal Assistant 6\HalAsst.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\convert-wma-to-mp3\YouTubeRipper.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{1BB1B788-34B9-49F9-ADE8-4AB05CFD9BE6} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A2326F75-B0BA-4708-A15F-F90CABBCF663} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{AC28AA42-E441-422F-A252-EDD91E58982A} : DHCPNameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-7-7 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-7-7 370288]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-7-10 254528]
R2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2012-8-14 43624]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-4-6 202752]
R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2012-5-10 57472]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-7-7 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-7-7 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-20 44808]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2012-8-23 21992]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-8-9 38608]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\Cyberlink\Shared files\RichVideo64.exe [2012-7-7 386344]
R2 SBSDWSCService;SBSD Security Center Service;E:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-30 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-2-9 383264]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2012-7-18 126952]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2012-7-18 390632]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\drivers\nvoclk64.sys [2009-9-15 42088]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2012-11-19 13368]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 wmamp3DriverV32;wmamp3DriverV32;C:\Windows\System32\drivers\wmamp3DriverV32.sys [2013-1-19 34088]
S2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2012-5-10 136616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-9-21 24608]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2012-7-7 25640]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-9-29 135584]
S3 GSService;GSService;C:\Windows\SysWOW64\GSService.exe [2013-1-19 252928]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-7-7 30528]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]
S3 LVUVC64;Logitech HD Webcam C615(UVC);C:\Windows\System32\drivers\LVUVC64.sys [2009-10-7 4763680]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [2012-10-23 33592]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2012-10-23 14136]
S3 NTIOLib_1_0_6;NTIOLib_1_0_6;C:\Program Files (x86)\Setup Files\Ms7693v1A0\NTIOLib_X64.sys [2011-1-6 11888]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2012-9-22 19032]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2012-9-22 12384]
S3 SMServer;SMServer;C:\Windows\SysWOW64\snmvtsvc.exe [2013-1-19 260608]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-27 1255736]
.
=============== Created Last 30 ================
.
2013-02-28 17:23:39 877856 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-02-28 17:23:39 6393120 ----a-w- C:\Windows\System32\nvcpl.dll
2013-02-28 17:23:39 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-02-28 17:23:39 3472672 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-02-28 17:23:39 3035306 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-02-28 17:23:39 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-02-28 17:23:31 61216 ----a-w- C:\Windows\System32\OpenCL.dll
2013-02-28 17:23:31 53024 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-02-28 17:23:27 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-02-21 18:59:18 -------- d-----w- C:\Users\Nate\AppData\Roaming\Origin
2013-02-21 18:59:18 -------- d-----w- C:\Program Files (x86)\Origin Games
2013-02-21 18:59:17 -------- d-----w- C:\Users\Nate\AppData\Local\Origin
2013-02-21 18:58:29 -------- d-----w- C:\ProgramData\Origin
2013-02-21 18:58:27 -------- d-----w- C:\Program Files (x86)\Origin
2013-02-21 17:00:14 -------- d-----w- C:\ProgramData\ts3overlay
2013-02-21 16:21:18 -------- d-----w- C:\Games
2013-02-21 15:34:58 -------- d-----r- C:\Users\Nate\Virtual Machines
2013-02-21 15:34:45 -------- d-----w- C:\Program Files\Windows XP Mode
2013-02-21 15:25:28 4096 ----a-w- C:\Windows\System32\drivers\pl-PL\vpchbus.sys.mui
2013-02-10 00:43:52 555808 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-02-04 23:14:03 -------- d-----w- C:\Users\Nate\AppData\Local\WMTools Downloaded Files
2013-02-04 23:03:49 -------- d-----w- C:\Program Files (x86)\Movie Maker 2.6
2013-02-04 22:38:16 -------- d-----w- C:\Users\Nate\AppData\Local\{93DC0CC0-FF9C-4D31-A66D-3B1B3E90292E}
2013-02-04 20:42:05 -------- d-----w- C:\ProgramData\ArcSoft
2013-02-04 20:42:01 -------- d-----w- C:\Users\Nate\AppData\Local\ArcSoft
.
==================== Find3M ====================
.
2012-12-19 05:42:00 31672 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-12-19 05:41:52 194488 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-12-18 08:31:25 1510328 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2012-12-16 16:52:02 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:40:45 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:25:27 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:25:19 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-07 05:41:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 05:35:34 2745856 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 05:04:20 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 04:57:38 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 03:21:08 45568 ----a-w- C:\Windows\SysWow64\oflc-nz.rs
.
============= FINISH: 9:43:08.20 ===============
aswMBR log:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-04 09:49:18
-----------------------------
09:49:18.192 OS Version: Windows x64 6.1.7600
09:49:18.192 Number of processors: 6 586 0xA00
09:49:18.192 ComputerName: DEATH UserName: Nate
09:49:18.752 Initialize success
09:49:18.810 AVAST engine defs: 13030400
09:49:23.639 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:49:23.641 Disk 0 Vendor: Corsair_Performance3_SSD 1.1 Size: 122104MB BusType: 11
09:49:23.642 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
09:49:23.644 Disk 1 Vendor: ST1000DL002-9TT153 CC32 Size: 953869MB BusType: 11
09:49:23.647 Disk 0 MBR read successfully
09:49:23.649 Disk 0 MBR scan
09:49:23.652 Disk 0 Windows 7 default MBR code
09:49:23.655 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 122102 MB offset 2048
09:49:23.661 Disk 0 scanning C:\Windows\system32\drivers
09:49:25.604 Service scanning
09:49:28.092 Service MSICDSetup D:\CDriver64.sys **LOCKED** 21
09:49:30.879 Modules scanning
09:49:30.885 Disk 0 trace - called modules:
09:49:30.890 ntoskrnp.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS halsli.dll msahci.sys
09:49:30.893 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800add1060]
09:49:30.897 3 CLASSPNP.SYS[fffff880013ce43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800ab70060]
09:49:31.327 AVAST engine scan C:\Windows
09:49:31.986 AVAST engine scan C:\Windows\system32
09:50:11.794 AVAST engine scan C:\Windows\system32\drivers
09:50:14.574 AVAST engine scan C:\Users\Nate
09:51:16.285 AVAST engine scan C:\ProgramData
09:51:24.854 Scan finished successfully
09:51:43.787 Disk 0 MBR has been saved successfully to "C:\Users\Nate\Desktop\MBR.dat"
09:51:43.792 The log file has been saved successfully to "C:\Users\Nate\Desktop\aswMBR.txt"