Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC hijacked


  • This topic is locked This topic is locked
19 replies to this topic

#1 newuser2

newuser2

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 28 March 2012 - 11:56 AM

Hello forums,

This evening whilst browsing on Firefox, my computer was taken over. Nothing visibly was affected, the hacker just looked at my tabs and desktop(without opening them) and typed "mish fahim :(" into the reply box on 4chan's /v/ board. The most recent item I had installed before this was a pirated version of Roller Coaster Tycoon 2 from mediafire. I had scanned it with Microsoft Security Essentials before extracting and installing.

It wasn't until I closed RCT2 that the hijack happened.


I've unplugged the computer from the network, ran a full system scan with MSE, ran a quick scan with MalwareBytes and made a log file from HijackThis.

MSE reported no virus's.
MalwareBytes reported a single trojan.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Video Library (Trojan.Agent) -> Data: C:\Windows\system32\rundll32.exe C:\Users\Nicolas\AppData\Local\Temp\Rpcqt.dll,Sets -> Quarantined and deleted successfully.


Now I am coming to you guys to make sure my system is safe to use again.


Thanks in advance for your help and looking forward to getting this sorted.

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:45 PM

Posted 28 March 2012 - 07:14 PM

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 newuser2

newuser2
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 28 March 2012 - 10:25 PM

Thanks Budapest.

Unable to run GMER because I use a 64bit OS.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Nicolas at 13:15:30 on 2012-03-29
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.8190.5975 [GMT 10:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe
C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe
C:\Windows\DAODx.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
D:\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Users\Nicolas\AppData\Local\Akamai\netsession_win.exe
C:\Users\Nicolas\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe
C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Steam] "D:\Steam\steam.exe" -silent
uRun: [Google Update] "C:\Users\Nicolas\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Akamai NetSession Interface] "C:\Users\Nicolas\AppData\Local\Akamai\netsession_win.exe"
mRun: [TurboV EVO] "C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe" -b
mRun: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Razer Mamba Elite Driver] C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRunOnce: [AOD] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe AutoTune
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMLDEV~1.LNK - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AD9A5F50-3E67-4A21-B9D1-5AEA71A5F59B} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO-X64: AMD SteadyVideo BHO - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [TurboV EVO] "C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe" -b
mRun-x64: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Razer Mamba Elite Driver] C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\poelqjzu.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Nicolas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Nicolas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-3-4 8704]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-2-14 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-5-4 96896]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-29 652360]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?]
R3 WFLR6654;WinFast DTV2000 H Plus (XC4000);C:\Windows\system32\drivers\wfeaglxt.sys --> C:\Windows\system32\drivers\wfeaglxt.sys [?]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS --> C:\Windows\system32\DRIVERS\PFC027.SYS [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-29 01:34:21 -------- d-----w- C:\Users\Nicolas\AppData\Local\Spotify
2012-03-29 01:33:24 -------- d-----w- C:\Users\Nicolas\AppData\Roaming\Spotify
2012-03-28 15:37:31 -------- d-----w- C:\Users\Nicolas\AppData\Roaming\Malwarebytes
2012-03-28 15:37:26 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-28 15:37:25 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-28 15:37:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-28 02:28:54 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B4DF290F-F0D1-4693-9727-17B07931BB6D}\mpengine.dll
2012-03-23 02:13:59 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-03-23 02:13:56 -------- d-----w- C:\Program Files\AMD
2012-03-23 02:13:53 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-03-18 10:09:19 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-18 06:04:35 -------- d-----w- C:\Users\Nicolas\AppData\Roaming\Groovr
2012-03-18 06:04:32 -------- d-----w- C:\Program Files (x86)\Groovr
2012-03-17 15:14:48 -------- d-----w- C:\Program Files (x86)\Winamp Detect
2012-03-17 14:29:36 -------- d-----w- C:\Users\Nicolas\AppData\Roaming\Rainmeter
2012-03-17 14:29:33 -------- d-----w- C:\Program Files\Rainmeter
2012-03-17 13:38:14 -------- d-----w- C:\Users\Nicolas\AppData\Roaming\FireShot
2012-03-17 11:53:52 -------- d-----w- C:\Program Files (x86)\World of Warcraft
2012-03-17 08:53:41 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7D46C013-7006-4BE9-A889-C0D6964B47A3}\gapaengine.dll
2012-03-17 08:50:39 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-03-17 08:50:27 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-03-16 15:08:34 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8C694280-7256-44C8-AAF1-848BEAFCA11B}\mpengine.dll
2012-03-14 17:03:08 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 17:03:08 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 17:03:07 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-13 21:51:57 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-13 21:51:56 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-13 21:51:55 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 20:17:08 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-13 20:17:08 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 20:17:08 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-13 20:17:07 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 20:17:07 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 20:17:07 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-13 20:17:07 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-03-13 20:17:07 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-06 10:42:00 -------- d-----w- C:\Users\Nicolas\AppData\Local\{6A1A8A4A-6EB8-42AF-BCAB-03D16DE929B9}
2012-03-04 12:41:26 -------- d-----w- C:\ProgramData\Hi-Rez Studios
2012-03-04 12:40:50 -------- d-----w- C:\Program Files (x86)\Hi-Rez Studios
2012-03-04 01:09:56 -------- d-----w- C:\Users\Nicolas\AppData\Roaming\RotMG.Production
2012-03-01 09:30:57 -------- d-----w- C:\Users\Nicolas\AppData\Local\{4F7B66B7-D6E4-4F51-8788-F44C14B01283}
2012-02-29 08:00:23 -------- d-----w- C:\Program Files (x86)\Grinding Gear Games
.
==================== Find3M ====================
.
2012-02-26 06:19:10 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-15 03:48:32 10856960 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-02-15 03:21:24 25839104 ----a-w- C:\Windows\System32\atio6axx.dll
2012-02-15 03:18:56 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-02-15 03:18:40 791040 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-02-15 03:17:04 957952 ----a-w- C:\Windows\System32\aticfx64.dll
2012-02-15 03:13:56 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-02-15 03:13:40 496128 ----a-w- C:\Windows\System32\atieclxx.exe
2012-02-15 03:13:00 235520 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-02-15 03:11:42 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-02-15 03:10:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-02-15 03:10:54 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-02-15 03:10:48 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-02-15 03:07:44 6200320 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-02-15 02:58:56 19392000 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-02-15 02:52:28 7646208 ----a-w- C:\Windows\System32\atidxx64.dll
2012-02-15 02:41:28 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-02-15 02:40:54 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-02-15 02:40:42 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-02-15 02:34:56 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-02-15 02:34:54 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-02-15 02:34:46 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-02-15 02:34:44 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-02-15 02:34:36 5954048 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-02-15 02:34:30 13859840 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-02-15 02:29:52 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-02-15 02:29:50 11561984 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-02-15 02:25:06 7551488 ----a-w- C:\Windows\System32\atiumd64.dll
2012-02-15 02:16:38 58880 ----a-w- C:\Windows\System32\coinst.dll
2012-02-15 02:14:00 512000 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-02-15 02:13:50 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-02-15 02:13:36 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-02-15 02:13:32 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-02-15 02:13:32 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-02-15 02:13:28 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2012-02-15 02:13:20 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-02-15 02:13:12 327680 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-02-15 02:12:22 43008 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-02-15 02:12:14 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-02-15 02:12:08 39936 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-02-15 02:12:00 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-02-15 02:11:22 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-02-14 12:05:32 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-02-14 12:05:26 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-02-14 12:05:20 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-02-14 12:05:16 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-02-14 12:05:08 16507904 ----a-w- C:\Windows\System32\amdocl64.dll
2012-02-14 12:04:26 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-02-14 12:03:44 54272 ----a-w- C:\Windows\System32\OpenCL.dll
2012-02-14 12:03:38 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-30 20:02:26 21504 ----a-w- C:\Windows\System32\kdbsdk64.dll
2012-01-30 20:00:24 16896 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
.
============= FINISH: 13:18:55.37 ===============


Attached File  Attach.txt   10.69KB   1 downloads


Thanks again.

#4 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:45 AM

Posted 31 March 2012 - 10:40 AM

Hi,

Before I assist you, I would like you to remove all pirated software on your PC. Installing and using pirated software is illegal, immoral and can (as you have found out) be quite dangerous.

I also need to warn you, that if a hacker has been able to remotely control your PC then they may have made hidden or undetectable changes which we may not find or fix. This may leave your PC open to re-exploitation at a later date. The only 100% safe option here is to wipe your hard drive and reinstall Windows.

Let me know what you think.

Casey

Edited by Casey_boy, 31 March 2012 - 10:40 AM.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#5 newuser2

newuser2
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 31 March 2012 - 02:55 PM

Hi Casey_boy, there is no other pirated software on my computer. All other software is completely legal. RCT2 was pirated because it is no longer in production. Shallow excuse I know. Moving on.


I'm fine with having to do a complete reinstall but would rather avoid it because I have none of the original driver discs, nor do I have a windows disc anymore. Everything of personal value is stored on a seperate drive from Windows.

There is no foolproof way to detect if my computer has become a zombie on the botnet?

This is going to sound stupid.. Earlier I realised that I had left my computer running in Remote Access Mode with an open connection. I've since turned it off and have noticed no issue.



Thanks in advance for your help.

#6 newuser2

newuser2
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 01 April 2012 - 06:21 PM

I couldn't see an edit button, sorry.

Update: It happened again and typed the exact same thing.

OK, this post has an edit button my other's don't. -_-

Edited by newuser2, 01 April 2012 - 06:22 PM.


#7 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:45 AM

Posted 02 April 2012 - 06:07 AM

Hi,

Apologies for the delay.

there is no other pirated software on my computer. All other software is completely legal.


:thumbup2:

There is no foolproof way to detect if my computer has become a zombie on the botnet?


We'll run a few tools and should be able to pick anything up - I just have to give you that warning.

It happened again and typed the exact same thing.


Hmm. Let's get a look then.

this post has an edit button my other's don't. -_-


There's a board restriction which only allows regular members to edit their posts within a certain time period (helps stop spam).



:step1: We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#8 newuser2

newuser2
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 02 April 2012 - 07:30 AM

ComboFix 12-04-01.01 - Nicolas 02/04/2012 21:44:06.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.8190.6367 [GMT 10:00]
Running from: c:\users\Nicolas\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))
.
.
2012-04-02 12:04 . 2012-04-02 12:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-01 20:16 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6E57D380-7FEB-4186-8ADD-7415B5851235}\mpengine.dll
2012-04-01 02:03 . 2012-04-01 02:03 -------- d-----w- c:\programdata\Steam
2012-04-01 02:02 . 2012-04-01 02:03 -------- d-----w- c:\programdata\PopCap Games
2012-03-30 06:22 . 2012-03-30 06:22 -------- d-----w- c:\program files (x86)\uTorrent
2012-03-30 06:21 . 2012-04-01 23:58 -------- d-----w- c:\users\Nicolas\AppData\Roaming\uTorrent
2012-03-29 12:29 . 2012-03-29 12:29 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-29 12:29 . 2012-03-29 12:29 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-29 12:29 . 2012-03-29 12:29 -------- d-----w- c:\windows\system32\Macromed
2012-03-29 01:34 . 2012-03-29 01:34 -------- d-----w- c:\users\Nicolas\AppData\Local\Spotify
2012-03-29 01:33 . 2012-03-29 01:41 -------- d-----w- c:\users\Nicolas\AppData\Roaming\Spotify
2012-03-28 15:37 . 2012-03-28 15:37 -------- d-----w- c:\users\Nicolas\AppData\Roaming\Malwarebytes
2012-03-28 15:37 . 2012-03-28 15:37 -------- d-----w- c:\programdata\Malwarebytes
2012-03-28 15:37 . 2012-03-28 15:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-28 15:37 . 2011-12-10 05:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-23 02:24 . 2012-03-23 02:24 -------- d-----w- c:\programdata\ATI
2012-03-23 02:13 . 2012-03-23 02:13 -------- d-----w- c:\program files (x86)\AMD AVT
2012-03-23 02:13 . 2012-03-23 02:13 -------- d-----w- c:\program files\AMD
2012-03-23 02:13 . 2012-03-23 02:13 -------- d-----w- c:\program files (x86)\AMD APP
2012-03-18 10:09 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-18 06:04 . 2012-03-18 06:04 -------- d-----w- c:\users\Nicolas\AppData\Roaming\Groovr
2012-03-18 06:04 . 2012-03-18 06:04 -------- d-----w- c:\program files (x86)\Groovr
2012-03-17 15:14 . 2012-03-17 15:14 -------- d-----w- c:\program files (x86)\Winamp Detect
2012-03-17 15:14 . 2012-03-18 05:10 -------- d-----w- c:\users\Nicolas\AppData\Roaming\Winamp
2012-03-17 14:29 . 2012-03-17 14:29 -------- d-----w- c:\users\Nicolas\AppData\Roaming\Rainmeter
2012-03-17 14:29 . 2012-03-17 14:54 -------- d-----w- c:\program files\Rainmeter
2012-03-17 13:38 . 2012-03-17 13:38 -------- d-----w- c:\users\Nicolas\AppData\Roaming\FireShot
2012-03-17 11:53 . 2012-03-22 10:21 -------- d-----w- c:\program files (x86)\World of Warcraft
2012-03-17 08:53 . 2012-03-17 08:53 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7D46C013-7006-4BE9-A889-C0D6964B47A3}\gapaengine.dll
2012-03-17 08:50 . 2012-03-17 08:50 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-03-17 08:50 . 2012-03-17 08:50 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-16 15:08 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C694280-7256-44C8-AAF1-848BEAFCA11B}\mpengine.dll
2012-03-14 17:03 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 17:03 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 17:03 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 21:51 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 21:51 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 21:51 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 20:17 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 20:17 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 20:17 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 20:17 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-13 20:17 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 20:17 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 20:17 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 20:17 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-04 12:41 . 2012-03-05 05:03 -------- d-----w- c:\programdata\Hi-Rez Studios
2012-03-04 12:40 . 2012-03-04 12:41 -------- d-----w- c:\program files (x86)\Hi-Rez Studios
2012-03-04 01:09 . 2012-03-04 01:09 -------- d-----w- c:\users\Nicolas\AppData\Roaming\RotMG.Production
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-26 06:19 . 2010-10-29 15:40 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- c:\windows\system32\atio6axx.dll
2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-02-15 03:18 . 2012-02-15 03:18 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-02-15 03:17 . 2010-03-03 04:15 957952 ----a-w- c:\windows\system32\aticfx64.dll
2012-02-15 03:13 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-02-15 03:07 . 2012-02-15 03:07 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-02-15 02:52 . 2010-03-03 03:57 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-02-15 02:40 . 2012-02-15 02:40 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-02-15 02:34 . 2012-02-15 02:34 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll
2012-02-15 02:29 . 2012-02-15 02:29 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-02-15 02:25 . 2012-02-15 02:25 7551488 ----a-w- c:\windows\system32\atiumd64.dll
2012-02-15 02:16 . 2010-03-03 03:23 58880 ----a-w- c:\windows\system32\coinst.dll
2012-02-15 02:14 . 2012-02-15 02:14 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12 . 2010-03-03 03:06 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-02-15 02:12 . 2012-02-15 02:12 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-02-15 02:12 . 2010-03-03 03:06 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-02-15 02:12 . 2010-03-03 03:06 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-02-14 12:05 . 2012-02-14 12:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-02-14 12:05 . 2012-02-14 12:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-02-14 12:05 . 2012-02-14 12:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-02-14 12:05 . 2012-02-14 12:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-02-14 12:05 . 2012-02-14 12:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll
2012-02-14 12:04 . 2012-02-14 12:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-02-14 12:03 . 2012-02-14 12:03 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-14 12:03 . 2012-02-14 12:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-01-31 12:44 . 2010-05-07 08:14 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-30 20:02 . 2012-01-30 20:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-30 20:00 . 2012-01-30 20:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-01-04 10:44 . 2012-02-16 10:48 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 10:48 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
2012-02-13 06:44 69760 ----a-w- c:\program files (x86)\AMD\SteadyVideo\SteadyVideo.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\steam\steam.exe" [2011-12-18 1242448]
"Akamai NetSession Interface"="c:\users\Nicolas\AppData\Local\Akamai\netsession_win.exe" [2012-03-12 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TurboV EVO"="c:\program files\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-01-19 9900672]
"Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-01-24 5297072]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2009-12-24 36864]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Razer Blackwidow Driver"="c:\program files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe" [2011-05-16 887712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Razer Mamba Elite Driver"="c:\program files (x86)\Razer\Mamba\RazerMambaSysTray.exe" [2011-11-25 973720]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AOD"="c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" [2012-02-14 361984]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\Nicolas\AppData\Local\Temp\005F94A.tmp [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-14 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x]
S3 WFLR6654;WinFast DTV2000 H Plus (XC4000);c:\windows\system32\drivers\wfeaglxt.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 12:29]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1032277354-1736115652-2695881760-1000Core.job
- c:\users\Nicolas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-04 03:05]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1032277354-1736115652-2695881760-1000UA.job
- c:\users\Nicolas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-04 03:05]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
2012-02-13 06:44 81024 ----a-w- c:\program files\AMD\SteadyVideo\SteadyVideo.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\poelqjzu.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Steam App 107100 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 112100 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 15620 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 16810 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 19200 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 20570 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 22310 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 22320 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 22330 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 22340 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 22370 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 22380 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 25900 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 28050 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 3130 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 3160 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 3170 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 33460 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 34410 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 34420 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 36630 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 3900 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 3910 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 3920 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 3960 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 3980 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 3990 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 40920 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 40930 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 40950 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 40960 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 40970 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 40980 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 40990 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 41300 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 41500 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 42910 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 46200 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 46230 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 46250 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 46260 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 46270 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 46280 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 46290 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 46320 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 46330 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 46340 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 46360 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 46370 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 46380 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 46400 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 46410 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 46420 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 46430 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 46440 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 46450 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 48000 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 48220 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 49470 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 50120 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 50130 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 50620 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 56400 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 57650 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 630 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 63000 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 63900 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 63910 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 63960 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 64000 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 65800 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 7500 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 7610 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 7620 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 7650 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 7660 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 7670 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 7730 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 7760 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 7770 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 7780 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 7830 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 7840 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 7850 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 7860 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 8800 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 8850 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 8880 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 8890 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 8970 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 8980 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 9200 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 9800 - c:\program files (x86)\Steam\steam.exe
AddRemove-World of Logs Client - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Nicolas\AppData\Local\Temp\005F94A.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1032277354-1736115652-2695881760-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1032277354-1736115652-2695881760-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1032277354-1736115652-2695881760-1000\Software\SecuROM\License information*]
"datasecu"=hex:e9,51,2d,ab,e4,c4,c7,20,3b,d7,29,e9,db,28,e9,07,57,da,6e,b9,17,
3f,41,94,45,6f,9b,b0,71,e4,1a,c5,10,dd,a7,35,65,ac,c9,74,b6,e1,e4,1a,5f,29,\
"rkeysecu"=hex:5f,a3,af,ef,3a,ab,0f,a8,bc,56,bc,df,a3,3a,7f,82
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\00\19\048\1fT"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\DAODx.exe
c:\program files\ASUS\GPU Boost Driver\GpuBoostServer.exe
c:\program files\ASUS\TurboV EVO\TurboVHELP.exe
c:\fraps\fraps.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
.
**************************************************************************
.
Completion time: 2012-04-02 22:12:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-02 12:12
.
Pre-Run: 372,154,961,920 bytes free
Post-Run: 372,843,495,424 bytes free
.
- - End Of File - - 6F52B3CEC87D723DEEE3CE55D2A18587


Thanks again for your assistance, Casey_boy. Steam now refuses to load but is installed on my other hard drive. I assume it's because the registry was changed?

#9 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:45 AM

Posted 02 April 2012 - 09:40 AM

Hi,

It looks like you may need to reinstall Steam - but I recommend you do that after we've finished cleaning.

:step1: Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


:step2: Please disable any CD emulation software (e.g. Daemon Tools) and run CF again. Details here: http://www.bleepingcomputer.com/forums/topic293569.html

Casey

Edited by Casey_boy, 02 April 2012 - 09:41 AM.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#10 newuser2

newuser2
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 02 April 2012 - 10:33 AM

uTorrent is gone.

I use Adblock and Adblock+ to keep flash and banner ads hidden/disabled.

I ran DeFogger again and here is the new CF log


ComboFix 12-04-01.01 - Nicolas 03/04/2012 1:03.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.8190.6317 [GMT 10:00]
Running from: c:\users\Nicolas\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))
.
.
2012-04-02 15:14 . 2012-04-02 15:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-01 02:03 . 2012-04-01 02:03 -------- d-----w- c:\programdata\Steam
2012-04-01 02:02 . 2012-04-01 02:03 -------- d-----w- c:\programdata\PopCap Games
2012-03-30 06:21 . 2012-04-02 14:53 -------- d-----w- c:\users\Nicolas\AppData\Roaming\uTorrent
2012-03-29 12:29 . 2012-03-29 12:29 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-29 12:29 . 2012-03-29 12:29 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-29 12:29 . 2012-03-29 12:29 -------- d-----w- c:\windows\system32\Macromed
2012-03-28 15:37 . 2012-03-28 15:37 -------- d-----w- c:\users\Nicolas\AppData\Roaming\Malwarebytes
2012-03-28 15:37 . 2012-03-28 15:37 -------- d-----w- c:\programdata\Malwarebytes
2012-03-28 15:37 . 2012-03-28 15:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-28 15:37 . 2011-12-10 05:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-23 02:24 . 2012-03-23 02:24 -------- d-----w- c:\programdata\ATI
2012-03-23 02:13 . 2012-03-23 02:13 -------- d-----w- c:\program files (x86)\AMD AVT
2012-03-23 02:13 . 2012-03-23 02:13 -------- d-----w- c:\program files\AMD
2012-03-23 02:13 . 2012-03-23 02:13 -------- d-----w- c:\program files (x86)\AMD APP
2012-03-18 10:09 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-18 06:04 . 2012-03-18 06:04 -------- d-----w- c:\users\Nicolas\AppData\Roaming\Groovr
2012-03-17 15:14 . 2012-03-17 15:14 -------- d-----w- c:\program files (x86)\Winamp Detect
2012-03-17 15:14 . 2012-03-18 05:10 -------- d-----w- c:\users\Nicolas\AppData\Roaming\Winamp
2012-03-17 13:38 . 2012-03-17 13:38 -------- d-----w- c:\users\Nicolas\AppData\Roaming\FireShot
2012-03-17 11:53 . 2012-03-22 10:21 -------- d-----w- c:\program files (x86)\World of Warcraft
2012-03-17 08:53 . 2012-03-17 08:53 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7D46C013-7006-4BE9-A889-C0D6964B47A3}\gapaengine.dll
2012-03-17 08:50 . 2012-03-17 08:50 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-03-17 08:50 . 2012-03-17 08:50 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-16 15:08 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C694280-7256-44C8-AAF1-848BEAFCA11B}\mpengine.dll
2012-03-14 17:03 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 17:03 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 17:03 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 21:51 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 21:51 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 21:51 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 20:17 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 20:17 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 20:17 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 20:17 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-13 20:17 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 20:17 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 20:17 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 20:17 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-04 12:41 . 2012-03-05 05:03 -------- d-----w- c:\programdata\Hi-Rez Studios
2012-03-04 12:40 . 2012-03-04 12:41 -------- d-----w- c:\program files (x86)\Hi-Rez Studios
2012-03-04 01:09 . 2012-03-04 01:09 -------- d-----w- c:\users\Nicolas\AppData\Roaming\RotMG.Production
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-26 06:19 . 2010-10-29 15:40 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- c:\windows\system32\atio6axx.dll
2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-02-15 03:18 . 2012-02-15 03:18 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-02-15 03:17 . 2010-03-03 04:15 957952 ----a-w- c:\windows\system32\aticfx64.dll
2012-02-15 03:13 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-02-15 03:07 . 2012-02-15 03:07 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-02-15 02:52 . 2010-03-03 03:57 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-02-15 02:40 . 2012-02-15 02:40 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-02-15 02:34 . 2012-02-15 02:34 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll
2012-02-15 02:29 . 2012-02-15 02:29 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-02-15 02:25 . 2012-02-15 02:25 7551488 ----a-w- c:\windows\system32\atiumd64.dll
2012-02-15 02:16 . 2010-03-03 03:23 58880 ----a-w- c:\windows\system32\coinst.dll
2012-02-15 02:14 . 2012-02-15 02:14 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12 . 2010-03-03 03:06 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-02-15 02:12 . 2012-02-15 02:12 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-02-15 02:12 . 2010-03-03 03:06 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-02-15 02:12 . 2010-03-03 03:06 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-02-14 12:05 . 2012-02-14 12:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-02-14 12:05 . 2012-02-14 12:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-02-14 12:05 . 2012-02-14 12:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-02-14 12:05 . 2012-02-14 12:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-02-14 12:05 . 2012-02-14 12:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll
2012-02-14 12:04 . 2012-02-14 12:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-02-14 12:03 . 2012-02-14 12:03 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-14 12:03 . 2012-02-14 12:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-01-31 12:44 . 2010-05-07 08:14 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-30 20:02 . 2012-01-30 20:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-30 20:00 . 2012-01-30 20:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-01-04 10:44 . 2012-02-16 10:48 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 10:48 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-02_12.06.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-05-05 05:48 . 2012-04-02 11:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-05 05:48 . 2012-04-02 15:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-05 05:48 . 2012-04-02 11:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-05 05:48 . 2012-04-02 15:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-02 12:05 . 2012-04-02 12:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-02 15:15 . 2012-04-02 15:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-02 15:15 . 2012-04-02 15:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-02 12:05 . 2012-04-02 12:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-04-02 12:05 262312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-02 15:14 262312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-05-07 14:47 . 2012-04-02 14:57 2355832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-05-07 14:47 . 2012-04-02 12:05 2355832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-08-29 02:19 . 2012-04-02 15:14 30275460 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1032277354-1736115652-2695881760-1000-8192.dat
- 2010-08-29 02:19 . 2012-04-02 12:05 30275460 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1032277354-1736115652-2695881760-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
2012-02-13 06:44 69760 ----a-w- c:\program files (x86)\AMD\SteadyVideo\SteadyVideo.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\steam\steam.exe" [2011-12-18 1242448]
"Akamai NetSession Interface"="c:\users\Nicolas\AppData\Local\Akamai\netsession_win.exe" [2012-03-12 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TurboV EVO"="c:\program files\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-01-19 9900672]
"Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-01-24 5297072]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2009-12-24 36864]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Razer Blackwidow Driver"="c:\program files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe" [2011-05-16 887712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Razer Mamba Elite Driver"="c:\program files (x86)\Razer\Mamba\RazerMambaSysTray.exe" [2011-11-25 973720]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AOD"="c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" [2012-02-14 361984]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\Nicolas\AppData\Local\Temp\005F94A.tmp [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-14 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x]
S3 WFLR6654;WinFast DTV2000 H Plus (XC4000);c:\windows\system32\drivers\wfeaglxt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 12:29]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1032277354-1736115652-2695881760-1000Core.job
- c:\users\Nicolas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-04 03:05]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1032277354-1736115652-2695881760-1000UA.job
- c:\users\Nicolas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-04 03:05]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
2012-02-13 06:44 81024 ----a-w- c:\program files\AMD\SteadyVideo\SteadyVideo.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\poelqjzu.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Nicolas\AppData\Local\Temp\005F94A.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1032277354-1736115652-2695881760-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1032277354-1736115652-2695881760-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1032277354-1736115652-2695881760-1000\Software\SecuROM\License information*]
"datasecu"=hex:e9,51,2d,ab,e4,c4,c7,20,3b,d7,29,e9,db,28,e9,07,57,da,6e,b9,17,
3f,41,94,45,6f,9b,b0,71,e4,1a,c5,10,dd,a7,35,65,ac,c9,74,b6,e1,e4,1a,5f,29,\
"rkeysecu"=hex:5f,a3,af,ef,3a,ab,0f,a8,bc,56,bc,df,a3,3a,7f,82
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\00\19\048\1fT"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\DAODx.exe
c:\program files\ASUS\GPU Boost Driver\GpuBoostServer.exe
c:\program files\ASUS\TurboV EVO\TurboVHELP.exe
c:\fraps\fraps.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
.
**************************************************************************
.
Completion time: 2012-04-03 01:21:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-02 15:21
ComboFix2.txt 2012-04-02 12:12
.
Pre-Run: 373,133,598,720 bytes free
Post-Run: 373,047,562,240 bytes free
.
- - End Of File - - 5EC584B3DA5D42520E97040960308F01



Is it safe to re-enable MBAM, MSE and Windows Firewall in between each scan?

#11 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:45 AM

Posted 02 April 2012 - 02:46 PM

Hi,

:step1: Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

:step2: We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#12 newuser2

newuser2
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 02 April 2012 - 04:08 PM

MTB Log

MiniToolBox by Farbar Version: 18-01-2012
Ran by Nicolas (administrator) on 03-04-2012 at 07:01:47
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global taskoffload=disabled
set interface interface="ethernet_9" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : NicksComputer
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 48-5B-39-0A-5A-DE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a140:1c8a:c4d7:387d%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, 3 April 2012 1:24:01 AM
Lease Expires . . . . . . . . . . : Wednesday, 4 April 2012 6:54:24 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 239622969
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-71-34-58-48-5B-39-0A-5A-DE
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:300f:de1:c458:65fc(Preferred)
Link-local IPv6 Address . . . . . : fe80::300f:de1:c458:65fc%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: NB6Plus4Wn.home
Address: 192.168.1.1

Name: google.com
Addresses: 2404:6800:4006:802::1001
74.125.237.65
74.125.237.66
74.125.237.67
74.125.237.68
74.125.237.69
74.125.237.70
74.125.237.71
74.125.237.72


Pinging google.com [74.125.237.65] with 32 bytes of data:
Reply from 74.125.237.65: bytes=32 time=53ms TTL=56
Reply from 74.125.237.65: bytes=32 time=54ms TTL=56

Ping statistics for 74.125.237.65:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 53ms, Maximum = 54ms, Average = 53ms
Server: NB6Plus4Wn.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=304ms TTL=54
Reply from 72.30.38.140: bytes=32 time=244ms TTL=54

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 244ms, Maximum = 304ms, Average = 274ms
Server: NB6Plus4Wn.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...48 5b 39 0a 5a de ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 276
192.168.1.2 255.255.255.255 On-link 192.168.1.2 276
192.168.1.255 255.255.255.255 On-link 192.168.1.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:4137:9e76:300f:de1:c458:65fc/128
On-link
10 276 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::300f:de1:c458:65fc/128
On-link
10 276 fe80::a140:1c8a:c4d7:387d/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link
===========================================================================
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/03/2012 03:47:00 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.
The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.

Error: (04/03/2012 01:24:23 AM) (Source: Bonjour Service) (User: )
Description: 472: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (04/03/2012 01:24:23 AM) (Source: Bonjour Service) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (04/02/2012 00:41:06 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (04/01/2012 04:52:22 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.
The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.

Error: (04/01/2012 05:24:41 AM) (Source: Application Error) (User: )
Description: Faulting application name: RazerMambaSysTray.exe, version: 2.0.0.8, time stamp: 0x4de60e11
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x006d0020
Faulting process id: 0xcac
Faulting application start time: 0xRazerMambaSysTray.exe0
Faulting application path: RazerMambaSysTray.exe1
Faulting module path: RazerMambaSysTray.exe2
Report Id: RazerMambaSysTray.exe3

Error: (03/31/2012 05:58:55 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.
The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.

Error: (03/30/2012 02:23:14 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.
The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.

Error: (03/29/2012 07:05:30 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.
The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.

Error: (03/29/2012 01:23:15 AM) (Source: MsiInstaller) (User: Nicolas)Nicolas
Description: Product: Windows Defender -- You do not need to install this software because Windows Defender is included in Windows Vista. You can access Windows Defender from the Security section of the Windows Control Panel.


System errors:
=============
Error: (04/03/2012 01:24:06 AM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.1 service failed to start due to the following error:
%%2

Error: (04/03/2012 01:21:23 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

Error: (04/03/2012 01:15:26 AM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%126

Error: (04/03/2012 01:15:21 AM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.1 service failed to start due to the following error:
%%2

Error: (04/03/2012 01:14:14 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (04/03/2012 01:08:28 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (04/03/2012 01:02:33 AM) (Source: Service Control Manager) (User: )
Description: The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (04/03/2012 00:58:34 AM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.1 service failed to start due to the following error:
%%2

Error: (04/02/2012 10:24:52 PM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.1 service failed to start due to the following error:
%%2

Error: (04/02/2012 10:11:41 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.


Microsoft Office Sessions:
=========================
Error: (04/03/2012 03:47:00 AM) (Source: SideBySide)(User: )
Description: imagingurn:schemas-microsoft-com:asm.v1^assemblyc:\program files\microsoft security client\MSESysprep.dllc:\program files\microsoft security client\MSESysprep.dll10

Error: (04/03/2012 01:24:23 AM) (Source: Bonjour Service)(User: )
Description: 472: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (04/03/2012 01:24:23 AM) (Source: Bonjour Service)(User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (04/02/2012 00:41:06 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (04/01/2012 04:52:22 PM) (Source: SideBySide)(User: )
Description: imagingurn:schemas-microsoft-com:asm.v1^assemblyc:\program files\microsoft security client\MSESysprep.dllc:\program files\microsoft security client\MSESysprep.dll10

Error: (04/01/2012 05:24:41 AM) (Source: Application Error)(User: )
Description: RazerMambaSysTray.exe2.0.0.84de60e11unknown0.0.0.000000000c0000005006d0020cac01cd0d59bde130e1C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exeunknown298faab3-7b67-11e1-ad86-485b390a5ade

Error: (03/31/2012 05:58:55 PM) (Source: SideBySide)(User: )
Description: imagingurn:schemas-microsoft-com:asm.v1^assemblyc:\program files\microsoft security client\MSESysprep.dllc:\program files\microsoft security client\MSESysprep.dll10

Error: (03/30/2012 02:23:14 AM) (Source: SideBySide)(User: )
Description: imagingurn:schemas-microsoft-com:asm.v1^assemblyc:\program files\microsoft security client\MSESysprep.dllc:\program files\microsoft security client\MSESysprep.dll10

Error: (03/29/2012 07:05:30 AM) (Source: SideBySide)(User: )
Description: imagingurn:schemas-microsoft-com:asm.v1^assemblyc:\program files\microsoft security client\MSESysprep.dllc:\program files\microsoft security client\MSESysprep.dll10

Error: (03/29/2012 01:23:15 AM) (Source: MsiInstaller)(User: Nicolas)Nicolas
Description: Product: Windows Defender -- You do not need to install this software because Windows Defender is included in Windows Vista. You can access Windows Defender from the Security section of the Windows Control Panel.(NULL)(NULL)(NULL)(NULL)(NULL)


=========================== Installed Programs ============================

7-Zip 4.65 (x64 edition) (Version: 4.65.00.0)
A Farewell to Dragons
A.I.M. Racing
Acrobat.com (Version: 2.1.0)
Acrobat.com (Version: 2.1.0.0)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 10 ActiveX (Version: 10.0.42.34)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.2.202.228)
Adobe Reader 9.4.6 (Version: 9.4.6)
Akamai NetSession Interface
Akamai NetSession Interface Service
Alien Swarm
Altitude
AMD Accelerated Video Transcoding (Version: 2.00.0001)
AMD APP SDK Runtime (Version: 10.0.898.1)
AMD Catalyst Install Manager (Version: 3.0.868.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2012.0214.2218.39913)
AMD Media Foundation Decoders (Version: 1.0.70214.2220)
AMD Steady Video Plug-In (Version: 2.04.0000)
AMD VISION Engine Control Center (Version: 2012.0214.2218.39913)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Avadon: The Black Fortress
Avencast
Axel & Pixel
Bastion
Batman: Arkham Asylum GOTY Edition
Batman: Arkham City™
BioShock
BioShock 2
Bonjour (Version: 3.0.0.10)
Borderlands
BOSS (Version: 1.9.1)
Call of Cthulhu: Dark Corners of the Earth
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2012.0214.2218.39913)
Catalyst Control Center InstallProxy (Version: 2012.0214.2218.39913)
Catalyst Control Center Localization All (Version: 2012.0214.2218.39913)
ccc-utility64 (Version: 2012.0214.2218.39913)
CCC Help Chinese Standard (Version: 2012.0214.2217.39913)
CCC Help Chinese Traditional (Version: 2012.0214.2217.39913)
CCC Help Czech (Version: 2012.0214.2217.39913)
CCC Help Danish (Version: 2012.0214.2217.39913)
CCC Help Dutch (Version: 2012.0214.2217.39913)
CCC Help English (Version: 2012.0214.2217.39913)
CCC Help Finnish (Version: 2012.0214.2217.39913)
CCC Help French (Version: 2012.0214.2217.39913)
CCC Help German (Version: 2012.0214.2217.39913)
CCC Help Greek (Version: 2012.0214.2217.39913)
CCC Help Hungarian (Version: 2012.0214.2217.39913)
CCC Help Italian (Version: 2012.0214.2217.39913)
CCC Help Japanese (Version: 2012.0214.2217.39913)
CCC Help Korean (Version: 2012.0214.2217.39913)
CCC Help Norwegian (Version: 2012.0214.2217.39913)
CCC Help Polish (Version: 2012.0214.2217.39913)
CCC Help Portuguese (Version: 2012.0214.2217.39913)
CCC Help Russian (Version: 2012.0214.2217.39913)
CCC Help Spanish (Version: 2012.0214.2217.39913)
CCC Help Swedish (Version: 2012.0214.2217.39913)
CCC Help Thai (Version: 2012.0214.2217.39913)
CCC Help Turkish (Version: 2012.0214.2217.39913)
Chrome: Specforce
CivCity: Rome
Core Damage 0.8h
Creation Kit
Cryostasis
D3DX10 (Version: 15.4.2368.0902)
Darksiders
Death to Spies: Moment of Truth
Death Track: Resurrection
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Deus Ex: Human Revolution
Diablo II
Dual-Core Optimizer (Version: 1.1.4.0169)
Dungeon Defenders
DUNGEONS - Steam Special Edition
EPU (Version: 1.02.10)
F.E.A.R. 2: Project Origin
F.E.A.R. 3
F.E.A.R.: Extraction Point
F.E.A.R.: Perseus Mandate
Fallout 3 - Game of the Year Edition
Fallout: New Vegas
Fantasy Wars
Fraps (remove only)
Freedom Force
Freedom Force vs. the 3rd Reich
From Dust
Future Wars
Google Chrome (Version: 18.0.1025.142)
GPU Boost Driver (Version: 1.01.07)
Grand Theft Auto III
Grand Theft Auto IV
Grand Theft Auto: Episodes from Liberty City
Grand Theft Auto: San Andreas
Grand Theft Auto: Vice City
Greed: Black Border
Grotesque Tactics: Evil Heroes
Guild Wars
Half-Life 2
Hi-Rez Studios Authenticate and Update Service (Version: 3.0.0.0)
HOARD
iTunes (Version: 10.5.3.3)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
JMicron JMB36X Driver (Version: 1.00.0000)
Junk Mail filter update (Version: 15.4.3502.0922)
Killing Floor
King's Bounty: Armored Princess
King's Bounty: Crossworlds
King's Bounty: The Legend
Left 4 Dead 2
LEGO Batman: The Videogame
Lego Harry Potter
LIMBO
Mafia
Mafia II
Magic: The Gathering — Duels of the Planeswalkers 2012
Magicka
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Men of War: Assault Squad
Men of War: Red Tide
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Corporation (Version: 9.0.30729.1)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0)
Microsoft IntelliType Pro 8.1 (Version: 8.15.406.0)
Microsoft LifeCam (Version: 3.22.270.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Search Enhancement Pack (Version: 3.0.133.0)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Word 2010 (Version: 14.0.6029.1000)
Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Might & Magic ® Heroes ® VI
MLB 2K10
MLB® Front Office Manager
Mozilla Firefox 11.0 (x86 en-GB) (Version: 11.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
NBA 2K10
NecroVisioN
NecrovisioN: Lost Company
Nexus Mod Manager (Version: 0.14.2)
NVIDIA PhysX (Version: 9.09.0814)
OpenAL
Overlord
Overlord II
Overlord: Raising Hell
Plants vs. Zombies: Game of the Year
Project64 1.6 (Version: 1.6)
Python 2.7 comtypes-0.6.2
Python 2.7 pywin32-216
Python 2.7.2 (Version: 2.7.2150)
QuickTime (Version: 7.70.80.34)
RAGE
Railroad Tycoon 2: Platinum
Railroad Tycoon 3
Razer BlackWidow Ultimate (Version: 1.04.04)
Razer Mamba (2012) Firmware Updater (Version: 1.07.00)
Razer Mamba (Version: 2.01.05)
Realm of the Mad God
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.15.201.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6037)
Reign: Conflict of Nations
Rig 'n' Roll
Rogue Warrior
Rusty Hearts
S.T.A.L.K.E.R.: Call of Pripyat
S.T.A.L.K.E.R.: Clear Sky
S.T.A.L.K.E.R.: Shadow of Chernobyl
Serious Sam 3 Bonus Content
Serious Sam 3: BFE
Serious Sam Classic: The First Encounter
Serious Sam Classic: The Second Encounter
Shattered Union
Sid Meier's Civilization III: Complete
Sid Meier's Civilization IV: Beyond the Sword
Sid Meier's Civilization IV: Colonization
Sid Meier's Civilization IV: Warlords
Sid Meier's Pirates!
Sid Meier's Railroads! (Version: 1.00)
Sid Meier's Railroads! (Version: 1.10)
Space Rangers
Space Rangers 2: Reboot
Speccy (Version: 1.14)
Star Wolves 2
Star Wolves 3: Civil War
StarCraft II (Version: 1.3.4.18701)
Steam (Version: 1.0.0.0)
Streets of Moscow
Stronghold
Stronghold 2
Stronghold Crusader + Extreme
Stronghold Legends
System Requirements Lab CYRI (Version: 4.5.1.0)
Tank Universal
Team Fortress 2
Terminator Salvation
Terraria
The Elder Scrolls III: Morrowind
The Elder Scrolls IV: Oblivion
The Elder Scrolls V: Skyrim
The Lord of the Rings FREE Trial (Version: 1.00.0000)
The Lord of the Rings: War in the North
The Misadventures of P.B. Winterbottom
Theatre of War
Theatre of War 2: Africa 1943
Theatre of War 2: Kursk 1943
Theatre of War 3: Korea
TMPGEnc 4.0 XPress Special Trial Version (Version: 4.7.1.284)
Torchlight
Tribes Ascend Open Beta (Version: 0.1.848.1)
TurboV EVO (Version: 1.02.05)
Ubisoft Game Launcher (Version: 1.0.0.0)
UFO: Afterlight
Unity Web Player (Version: 2.6.0f7_29850)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Excel 2010 (KB2553439) 64-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2597091) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Ventrilo Client (Version: 3.0.5)
VLC media player 1.1.11 (Version: 1.1.11)
Wanted: Weapons of Fate
Warhammer® 40,000®: Dawn of War® II – Retribution™
Warhammer® 40,000™: Dawn of War® II
Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
Watchmen: The End Is Nigh
Watchmen: The End Is Nigh Part 2
Winamp (Version: 5.623 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinFast Multimedia Driver Installation (Version: 7.4.2.3)
World of Warcraft (Version: 4.3.3.15354)
Wrye Bash (Version: 2.9.5.5)
wxPython 2.8.12.1 (unicode) for Python 2.7 (Version: 2.8.12.1-unicode)
X-COM: Apocalypse
X-COM: Enforcer
X-COM: Interceptor
X-COM: Terror from the Deep
X-COM: UFO Defense
XIII Century

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 23%
Total physical RAM: 8190.18 MB
Available physical RAM: 6286.84 MB
Total Pagefile: 16378.55 MB
Available Pagefile: 13870.8 MB
Total Virtual: 4095.88 MB
Available Virtual: 3955.71 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:348.27 GB) NTFS
2 Drive d: (New Volume) (Fixed) (Total:1397.26 GB) (Free:257.75 GB) NTFS

========================= Users: ========================================

User accounts for \\NICKSCOMPUTER

Administrator Guest Nicolas

========================= Minidump Files ==================================

No minidump file found

**** End of log ****



OTL Log

OTL logfile created on: 3/04/2012 7:03:04 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Nicolas\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

8.00 Gb Total Physical Memory | 6.04 Gb Available Physical Memory | 75.51% Memory free
15.99 Gb Paging File | 13.41 Gb Available in Paging File | 83.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 348.27 Gb Free Space | 74.79% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 257.75 Gb Free Space | 18.45% Space Free | Partition Type: NTFS

Computer Name: NICKSCOMPUTER | User Name: Nicolas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/03 07:01:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Nicolas\Desktop\OTL.exe
PRC - [2012/03/21 18:44:56 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/03/13 14:36:40 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/03/13 05:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Nicolas\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/19 04:51:03 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Steam\Steam.exe
PRC - [2011/12/10 03:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011/11/25 15:03:24 | 000,973,720 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe
PRC - [2011/05/16 11:30:06 | 000,887,712 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe
PRC - [2010/06/15 11:54:22 | 002,320,304 | ---- | M] (Beepa P/L) -- C:\Fraps\fraps.exe
PRC - [2010/01/25 11:40:00 | 001,135,232 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe
PRC - [2010/01/19 20:40:56 | 009,900,672 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
PRC - [2010/01/19 16:43:02 | 001,060,992 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2009/12/28 23:33:02 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009/03/30 16:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
PRC - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/21 18:44:53 | 020,297,512 | ---- | M] () -- D:\Steam\bin\libcef.dll
MOD - [2012/03/21 18:44:51 | 000,907,048 | ---- | M] () -- D:\Steam\bin\chromehtml.dll
MOD - [2012/03/21 18:44:49 | 000,123,192 | ---- | M] () -- D:\Steam\bin\avutil-51.dll
MOD - [2012/03/21 18:44:47 | 000,190,776 | ---- | M] () -- D:\Steam\bin\avformat-53.dll
MOD - [2012/03/21 18:44:45 | 001,099,576 | ---- | M] () -- D:\Steam\bin\avcodec-53.dll
MOD - [2012/03/13 14:36:53 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/03/12 08:38:20 | 000,071,680 | ---- | M] () -- C:\Users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\poelqjzu.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\gecko11\WINNT_x86-msvc\SSSLauncher.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/12/31 18:29:36 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\TurboV EVO\HookKey32.dll
MOD - [2009/03/30 16:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
MOD - [2008/12/10 20:04:54 | 000,253,952 | ---- | M] () -- C:\Program Files\ASUS\TurboV EVO\pngio.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/02/15 13:13:00 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/02/14 22:16:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 11:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/03/29 22:29:57 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/28 08:31:48 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2012/03/21 18:44:56 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/02/20 23:26:32 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/28 23:33:02 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/15 13:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/02/15 12:13:12 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/01/03 22:22:54 | 000,055,936 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/01/03 22:22:54 | 000,055,936 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/12/06 05:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 03:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/05/13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/05/12 16:59:46 | 000,154,624 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/04/12 13:01:38 | 000,052,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/03/21 13:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 16:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/05 00:08:01 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/11/20 23:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/05/20 15:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/29 00:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/24 18:31:07 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/08/10 13:26:00 | 000,474,496 | ---- | M] (Leadtek Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wfeaglxt.sys -- (WFLR6654) WinFast DTV2000 H Plus (XC4000)
DRV:64bit: - [2009/07/16 13:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 11:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2006/12/05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



IE - HKU\S-1-5-21-1032277354-1736115652-2695881760-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-1032277354-1736115652-2695881760-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 77 3B EC 81 B0 4E CC 01 [binary data]
IE - HKU\S-1-5-21-1032277354-1736115652-2695881760-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1032277354-1736115652-2695881760-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1032277354-1736115652-2695881760-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nicolas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nicolas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Nicolas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/17 23:31:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/18 01:14:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2012/03/17 23:31:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicolas\AppData\Roaming\mozilla\Extensions
[2012/03/17 23:40:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicolas\AppData\Roaming\mozilla\Firefox\Profiles\poelqjzu.default\extensions
[2012/03/17 23:36:36 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Nicolas\AppData\Roaming\mozilla\Firefox\Profiles\poelqjzu.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2012/03/17 23:40:07 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\Nicolas\AppData\Roaming\mozilla\Firefox\Profiles\poelqjzu.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2012/03/17 23:31:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\NICOLAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\POELQJZU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\NICOLAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\POELQJZU.DEFAULT\EXTENSIONS\SCRIPTISH@ERIKVOLD.COM.XPI
[2012/03/13 14:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/26 16:19:12 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/10 03:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/03/13 15:38:05 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/03/13 15:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/13 15:38:05 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/03/13 15:38:05 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/03/13 15:38:05 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Nicolas\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nicolas\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nicolas\AppData\Local\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.1_0\plugins/screen_capture.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Nicolas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Nicolas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.1_0\
CHR - Extension: YouTube = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Slinky Elegant = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln\19.4_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
CHR - Extension: AdBlock = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.22_0\
CHR - Extension: TinEye Reverse Image Search = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.1_0\
CHR - Extension: 4chan x = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihhokehpaghpcohlodffniandbhjngkd\2.29.1_0\
CHR - Extension: Gmail = C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/03 01:15:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-1032277354-1736115652-2695881760-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [Razer Mamba Elite Driver] C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-1032277354-1736115652-2695881760-1000..\Run: [Akamai NetSession Interface] C:\Users\Nicolas\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-1032277354-1736115652-2695881760-1000..\Run: [Steam] D:\Steam\steam.exe (Valve Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [AOD] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe AutoTune File not found
O4 - HKU\S-1-5-18..\RunOnce: [AOD] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe AutoTune File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1032277354-1736115652-2695881760-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1032277354-1736115652-2695881760-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD9A5F50-3E67-4A21-B9D1-5AEA71A5F59B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/03 07:01:03 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Nicolas\Desktop\OTL.exe
[2012/04/03 01:24:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/03 01:21:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/03 01:02:47 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/02 21:42:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/02 21:42:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/02 21:42:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/02 21:42:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/02 21:42:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/02 21:35:25 | 004,453,008 | R--- | C] (Swearware) -- C:\Users\Nicolas\Desktop\ComboFix.exe
[2012/04/02 10:34:49 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/04/01 12:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2012/04/01 12:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2012/03/30 17:24:31 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Monolith Productions
[2012/03/30 16:21:53 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\AppData\Roaming\uTorrent
[2012/03/29 22:29:57 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/03/29 22:29:57 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/03/29 22:29:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/03/29 13:14:49 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Nicolas\Desktop\dds.scr
[2012/03/29 01:37:31 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\AppData\Roaming\Malwarebytes
[2012/03/29 01:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/29 01:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/29 01:37:25 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/29 01:37:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/29 01:23:19 | 054,215,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/03/23 15:24:22 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\Documents\PDF
[2012/03/23 12:24:30 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/03/23 12:13:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/03/23 12:13:56 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2012/03/23 12:13:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/03/23 12:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/03/18 16:04:35 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\Documents\Groovr
[2012/03/18 16:04:35 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\AppData\Roaming\Groovr
[2012/03/18 01:14:48 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in
[2012/03/18 01:14:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2012/03/18 01:14:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2012/03/18 01:14:20 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\AppData\Roaming\Winamp
[2012/03/17 23:38:14 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\AppData\Roaming\FireShot
[2012/03/17 21:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2012/03/17 21:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2012/03/17 18:50:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/03/17 18:50:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/15 03:03:08 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/15 03:03:08 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/15 03:03:07 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/14 07:51:56 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/14 06:17:08 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/14 06:17:08 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/14 06:17:08 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/14 06:17:07 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/03/14 06:17:07 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/14 06:17:07 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/06 20:42:00 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\AppData\Local\{6A1A8A4A-6EB8-42AF-BCAB-03D16DE929B9}
[2012/03/04 22:41:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[2012/03/04 22:41:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios
[2012/03/04 22:40:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios
[2012/03/04 11:09:56 | 000,000,000 | ---D | C] -- C:\Users\Nicolas\AppData\Roaming\RotMG.Production

========== Files - Modified Within 30 Days ==========

[2012/04/03 07:01:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Nicolas\Desktop\OTL.exe
[2012/04/03 06:55:17 | 000,396,041 | ---- | M] () -- C:\Users\Nicolas\Desktop\MiniToolBox.exe
[2012/04/03 06:30:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/03 06:20:10 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1032277354-1736115652-2695881760-1000UA.job
[2012/04/03 01:31:40 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/03 01:31:40 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/03 01:23:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/03 01:23:50 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/03 01:15:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/04/02 21:36:05 | 004,453,008 | R--- | M] (Swearware) -- C:\Users\Nicolas\Desktop\ComboFix.exe
[2012/04/02 21:19:23 | 000,316,614 | ---- | M] () -- C:\Users\Nicolas\Desktop\inb4 bleep music.jpg
[2012/04/02 21:18:10 | 000,032,120 | ---- | M] () -- C:\Users\Nicolas\Desktop\fearfactory+.jpg
[2012/04/02 21:17:15 | 000,004,938 | ---- | M] () -- C:\Users\Nicolas\Desktop\nin.jpg
[2012/04/02 21:13:42 | 000,018,772 | ---- | M] () -- C:\Users\Nicolas\Desktop\Stone-Sour-Mission-Statement-New-Song-2010.jpg
[2012/04/02 21:13:01 | 000,152,904 | ---- | M] () -- C:\Users\Nicolas\Desktop\Diablo_II_-_Lord_of_Destruction_Coverart.png
[2012/04/02 21:12:07 | 000,015,807 | ---- | M] () -- C:\Users\Nicolas\Desktop\boy-playing-video-games-fun.jpg
[2012/04/02 21:11:28 | 000,027,675 | ---- | M] () -- C:\Users\Nicolas\Desktop\pureaucask.jpg
[2012/04/02 21:11:01 | 000,017,565 | ---- | M] () -- C:\Users\Nicolas\Desktop\2190644_W4_thumb.jpg
[2012/04/02 21:10:08 | 000,053,970 | ---- | M] () -- C:\Users\Nicolas\Desktop\Wa-win-cover.jpg
[2012/04/02 09:49:46 | 000,297,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/02 08:20:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1032277354-1736115652-2695881760-1000Core.job
[2012/04/01 06:16:41 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01005.Wdf
[2012/03/30 19:55:04 | 000,027,494 | ---- | M] () -- C:\Users\Nicolas\Desktop\yes captcha.jpg
[2012/03/29 22:29:57 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/03/29 22:29:57 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/03/29 13:14:53 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Nicolas\Desktop\dds.scr
[2012/03/29 13:10:36 | 000,000,188 | ---- | M] () -- C:\Users\Nicolas\defogger_reenable
[2012/03/29 13:10:06 | 000,050,477 | ---- | M] () -- C:\Users\Nicolas\Desktop\Defogger.exe
[2012/03/23 12:13:59 | 000,002,007 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
[2012/03/17 18:50:59 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/03/17 18:50:43 | 000,788,104 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/17 18:50:43 | 000,654,278 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/17 18:50:43 | 000,122,110 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/07 03:04:45 | 000,764,734 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/04 22:41:28 | 000,001,997 | ---- | M] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012/03/04 22:41:28 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Tribes Ascend Open Beta.lnk
[2012/03/04 16:23:04 | 054,215,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/03/04 12:39:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf

========== Files Created - No Company Name ==========

[2012/04/03 06:55:16 | 000,396,041 | ---- | C] () -- C:\Users\Nicolas\Desktop\MiniToolBox.exe
[2012/04/02 21:42:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/02 21:42:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/02 21:42:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/02 21:42:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/02 21:42:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/02 21:19:23 | 000,316,614 | ---- | C] () -- C:\Users\Nicolas\Desktop\inb4 bleep music.jpg
[2012/04/02 21:18:10 | 000,032,120 | ---- | C] () -- C:\Users\Nicolas\Desktop\fearfactory+.jpg
[2012/04/02 21:17:15 | 000,004,938 | ---- | C] () -- C:\Users\Nicolas\Desktop\nin.jpg
[2012/04/02 21:13:42 | 000,018,772 | ---- | C] () -- C:\Users\Nicolas\Desktop\Stone-Sour-Mission-Statement-New-Song-2010.jpg
[2012/04/02 21:13:01 | 000,152,904 | ---- | C] () -- C:\Users\Nicolas\Desktop\Diablo_II_-_Lord_of_Destruction_Coverart.png
[2012/04/02 21:12:07 | 000,015,807 | ---- | C] () -- C:\Users\Nicolas\Desktop\boy-playing-video-games-fun.jpg
[2012/04/02 21:11:28 | 000,027,675 | ---- | C] () -- C:\Users\Nicolas\Desktop\pureaucask.jpg
[2012/04/02 21:11:01 | 000,017,565 | ---- | C] () -- C:\Users\Nicolas\Desktop\2190644_W4_thumb.jpg
[2012/04/02 21:10:08 | 000,053,970 | ---- | C] () -- C:\Users\Nicolas\Desktop\Wa-win-cover.jpg
[2012/04/01 06:16:41 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01005.Wdf
[2012/03/30 19:55:04 | 000,027,494 | ---- | C] () -- C:\Users\Nicolas\Desktop\yes captcha.jpg
[2012/03/29 22:29:57 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/29 13:10:36 | 000,000,188 | ---- | C] () -- C:\Users\Nicolas\defogger_reenable
[2012/03/29 13:10:06 | 000,050,477 | ---- | C] () -- C:\Users\Nicolas\Desktop\Defogger.exe
[2012/03/23 12:13:59 | 000,002,007 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
[2012/03/17 23:31:10 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/17 18:50:59 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/03/17 18:50:35 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/04 22:41:28 | 000,001,997 | ---- | C] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012/03/04 22:41:28 | 000,001,988 | ---- | C] () -- C:\Users\Public\Desktop\Tribes Ascend Open Beta.lnk
[2012/03/04 12:39:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012/02/20 09:33:00 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\pywintypes27.dll
[2012/02/20 09:32:59 | 000,354,304 | ---- | C] () -- C:\Windows\SysWow64\pythoncom27.dll
[2012/02/20 09:32:59 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\pythoncomloader27.dll
[2012/02/15 12:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/15 12:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/14 22:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012/02/14 09:31:18 | 000,003,584 | ---- | C] () -- C:\Users\Nicolas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/13 08:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/07/28 23:39:31 | 000,000,600 | ---- | C] () -- C:\Users\Nicolas\AppData\Local\PUTTY.RND
[2011/02/12 01:50:32 | 000,788,104 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/28 11:11:50 | 000,000,002 | ---- | C] () -- C:\Windows\SysWow64\Dvbpws.dll
[2010/08/28 10:25:27 | 000,000,350 | ---- | C] () -- C:\Windows\SysWow64\AF15IRTBL.bin
[2010/08/28 10:23:55 | 000,000,401 | ---- | C] () -- C:\Windows\WFD_FindDevID.ini
[2010/08/28 10:23:54 | 000,000,401 | ---- | C] () -- C:\Windows\WFD_FindMceDev.ini
[2010/05/16 05:06:15 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/05/04 11:56:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/05/04 11:45:07 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/05/04 11:45:07 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/05/04 11:45:04 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/05/04 11:45:04 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/05/04 11:36:28 | 000,043,910 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/05/04 11:36:09 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/05/04 11:36:07 | 000,029,654 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

< End of report >




Extras Log

OTL Extras logfile created on: 3/04/2012 7:03:04 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Nicolas\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

8.00 Gb Total Physical Memory | 6.04 Gb Available Physical Memory | 75.51% Memory free
15.99 Gb Paging File | 13.41 Gb Available in Paging File | 83.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 348.27 Gb Free Space | 74.79% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 257.75 Gb Free Space | 18.45% Space Free | Partition Type: NTFS

Computer Name: NICKSCOMPUTER | User Name: Nicolas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1032277354-1736115652-2695881760-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0C818871-6337-17AC-CA8C-A3942F15D92A}" = AMD Accelerated Video Transcoding
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{353D1262-B2D2-AD87-EB5E-6B1395AF9FAE}" = AMD Catalyst Install Manager
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{446EE0D9-1F6B-42BF-8278-8D0B172BA15D}" = Microsoft IntelliType Pro 8.1
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{54FFD5AC-7350-52B9-FB8F-1A8A6CF1FB5B}" = AMD Media Foundation Decoders
"{551F4187-F029-4240-DEF9-836B5E43CB29}" = AMD Fuel
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-001B-0000-1000-0000000FF1CE}" = Microsoft Office Word 2010
"{90140000-001B-0000-1000-0000000FF1CE}_Office14.WORD_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.WORD_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.WORD_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.WORD_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.WORD_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.WORD_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.WORD_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.WORD_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.WORD_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.WORD_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{B69A7CBA-9139-7ACB-7564-4CD5D8C36E26}" = AMD Drag and Drop Transcoding
"{D6DDB606-CD15-98C7-AA65-6B617EE8CDA5}" = ccc-utility64
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Microsoft IntelliType Pro 8.1" = Microsoft IntelliType Pro 8.1
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.WORD" = Microsoft Word 2010
"Speccy" = Speccy

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{030C0401-52A9-BE86-D8A7-52C0DA203275}" = CCC Help Swedish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{283153BB-CEE6-EE9C-81E8-4350D73354BA}" = CCC Help Turkish
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2E295B5B-1AD4-4d36-97C2-A316084722CF}" = Python 2.7.2
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39445575-7D3A-52AA-152B-7F9423D1AE69}" = CCC Help German
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend Open Beta
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3C9A3282-9DAE-F492-13F4-6D4D664AC15F}" = CCC Help Spanish
"{418EC9DD-25EE-4C3F-8827-B7AA9B26405B}" = WinFast Multimedia Driver Installation
"{44E1DE63-C8FA-4C70-B4AA-0C49A947ACDE}" = Sid Meier's Railroads!
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5236FA8C-4B70-E30E-93EF-F7D3A5E468C7}" = CCC Help Greek
"{586F0E27-0BC5-34DE-AA0B-96D14397910E}" = CCC Help Russian
"{5AF7EA0B-F009-CC00-E446-C2286AF80471}" = CCC Help Czech
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5FC116F2-4508-A6FC-15FB-C64F05AB0F26}" = CCC Help Chinese Traditional
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{685ACA56-004C-4F80-2BC0-951BF278C03F}" = CCC Help Chinese Standard
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D1AFFC2-AC60-BC3B-2DC9-0D80A1E9CB16}" = CCC Help Thai
"{70D50D17-F7B7-45E6-96C8-28AC3E1DBD29}" = TMPGEnc 4.0 XPress Special Trial Version
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79CFDE3C-4602-85B2-ACF6-83D897B8B33A}" = CCC Help Korean
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8972B1C8-B899-0AA0-8596-BFC9AE3311F1}" = CCC Help Finnish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92BE4E1B-AEFD-DA72-B805-948290A4BB13}" = CCC Help Hungarian
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{9526B61A-1C35-96D1-531B-C8DB1D36C336}" = CCC Help Danish
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A295F81-04C8-FB18-2D1C-A33AA8A442CA}" = CCC Help French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B3C8C8EF-77E0-1C0D-1CFA-A39E2E898311}" = CCC Help Italian
"{B5AD9952-F716-9862-7ED7-734E0328CF7C}" = AMD VISION Engine Control Center
"{B8887E02-C910-4498-A7C0-186ABFDCD110}" = GPU Boost Driver
"{BF60B320-3AA3-4DFB-B542-BDA6D4F1A60E}" = Razer Mamba
"{C0E69600-E8D1-784D-829C-788D91D65051}" = CCC Help Polish
"{C37B1C57-DD9B-D1E0-B933-8EA8D56E2222}" = CCC Help Norwegian
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CA3A3F20-566B-ABB1-A541-3D93C0D09EE5}" = CCC Help Japanese
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C4485B-16EB-31A8-C2DE-D778E8E4628B}" = Catalyst Control Center Localization All
"{DAF650C8-AFE5-3460-E1C4-B9716D2DA5D2}" = Catalyst Control Center InstallProxy
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0C6F271-FE15-B2D5-FF42-BCA40700DC51}" = CCC Help English
"{E1D0A4DC-97BD-CE37-3E89-87D3337E55CA}" = CCC Help Dutch
"{E3AC9740-66D4-412F-AE55-DD0428F78175}" = Razer BlackWidow Ultimate
"{E6FA341F-8840-6B18-5BCE-C7CCEBDFE516}" = Catalyst Control Center Graphics Previews Common
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED15763E-A6ED-56D2-B0B5-C7D22D4CE248}" = CCC Help Portuguese
"{EE3FBD3C-782E-4A90-9507-0ECFE1FECCE4}" = Sid Meier's Railroads!
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FBE577F7-8181-48EC-9676-6257228C18FF}" = Razer Mamba (2012) Firmware Updater
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Akamai" = Akamai NetSession Interface Service
"BOSS" = BOSS
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"comtypes-py2.7" = Python 2.7 comtypes-0.6.2
"Core Damage 0.8h" = Core Damage 0.8h
"Diablo II" = Diablo II
"Fraps" = Fraps (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Mozilla Firefox 11.0 (x86 en-GB)" = Mozilla Firefox 11.0 (x86 en-GB)
"OpenAL" = OpenAL
"pywin32-py2.7" = Python 2.7 pywin32-216
"StarCraft II" = StarCraft II
"Steam App 105600" = Terraria
"Steam App 107100" = Bastion
"Steam App 112100" = Avadon: The Black Fortress
"Steam App 11450" = Overlord
"Steam App 12100" = Grand Theft Auto III
"Steam App 12110" = Grand Theft Auto: Vice City
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 1250" = Killing Floor
"Steam App 12710" = Overlord: Raising Hell
"Steam App 12810" = Overlord II
"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
"Steam App 16450" = F.E.A.R. 2: Project Origin
"Steam App 16810" = Sid Meier's Civilization IV: Colonization
"Steam App 19200" = Tank Universal
"Steam App 200210" = Realm of the Mad God
"Steam App 200330" = Serious Sam 3 Bonus Content
"Steam App 202480" = Creation Kit
"Steam App 20510" = S.T.A.L.K.E.R.: Clear Sky
"Steam App 20570" = Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
"Steam App 21000" = LEGO Batman: The Videogame
"Steam App 21010" = Watchmen: The End Is Nigh
"Steam App 21030" = Watchmen: The End Is Nigh Part 2
"Steam App 21070" = Wanted: Weapons of Fate
"Steam App 21080" = Terminator Salvation
"Steam App 21090" = F.E.A.R.
"Steam App 21100" = F.E.A.R. 3
"Steam App 21110" = F.E.A.R.: Extraction Point
"Steam App 21120" = F.E.A.R.: Perseus Mandate
"Steam App 21130" = Lego Harry Potter
"Steam App 220" = Half-Life 2
"Steam App 22310" = Rogue Warrior
"Steam App 22320" = The Elder Scrolls III: Morrowind
"Steam App 22330" = The Elder Scrolls IV: Oblivion
"Steam App 22340" = Call of Cthulhu: Dark Corners of the Earth
"Steam App 22370" = Fallout 3 - Game of the Year Edition
"Steam App 22380" = Fallout: New Vegas
"Steam App 25900" = King's Bounty: The Legend
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 29720" = Guild Wars
"Steam App 3130" = Men of War: Red Tide
"Steam App 3160" = A Farewell to Dragons
"Steam App 3170" = King's Bounty: Armored Princess
"Steam App 32800" = The Lord of the Rings: War in the North
"Steam App 33460" = From Dust
"Steam App 34410" = Death to Spies: Moment of Truth
"Steam App 34420" = XIII Century
"Steam App 35140" = Batman: Arkham Asylum GOTY Edition
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 36630" = Rusty Hearts
"Steam App 3900" = Sid Meier's Civilization IV
"Steam App 3910" = Sid Meier's Civilization III: Complete
"Steam App 3920" = Sid Meier's Pirates!
"Steam App 3960" = Shattered Union
"Steam App 3980" = CivCity: Rome
"Steam App 3990" = Sid Meier's Civilization IV: Warlords
"Steam App 40920" = NBA 2K10
"Steam App 40930" = The Misadventures of P.B. Winterbottom
"Steam App 40950" = Stronghold
"Steam App 40960" = Stronghold 2
"Steam App 40970" = Stronghold Crusader + Extreme
"Steam App 40980" = Stronghold Legends
"Steam App 40990" = Mafia
"Steam App 41050" = Serious Sam Classic: The First Encounter
"Steam App 41060" = Serious Sam Classic: The Second Encounter
"Steam App 41070" = Serious Sam 3: BFE
"Steam App 41300" = Altitude
"Steam App 41500" = Torchlight
"Steam App 41700" = S.T.A.L.K.E.R.: Call of Pripyat
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 4500" = S.T.A.L.K.E.R.: Shadow of Chernobyl
"Steam App 46200" = A.I.M. Racing
"Steam App 46230" = Streets of Moscow
"Steam App 46250" = NecrovisioN: Lost Company
"Steam App 46260" = Star Wolves 3: Civil War
"Steam App 46270" = Star Wolves
"Steam App 46280" = Star Wolves 2
"Steam App 46290" = Theatre of War
"Steam App 46320" = Space Rangers
"Steam App 46330" = Space Rangers 2: Reboot
"Steam App 46340" = Theatre of War 2: Africa 1943
"Steam App 46360" = Theatre of War 2: Kursk 1943
"Steam App 46370" = Rig 'n' Roll
"Steam App 46380" = Reign: Conflict of Nations
"Steam App 46400" = Greed: Black Border
"Steam App 46410" = Avencast
"Steam App 46420" = Chrome
"Steam App 46430" = Chrome: Specforce
"Steam App 46440" = Future Wars
"Steam App 46450" = Grotesque Tactics: Evil Heroes
"Steam App 48000" = LIMBO
"Steam App 48220" = Might & Magic ® Heroes ® VI
"Steam App 49470" = Magic: The Gathering — Duels of the Planeswalkers 2012
"Steam App 50120" = MLB 2K10
"Steam App 50130" = Mafia II
"Steam App 50620" = Darksiders
"Steam App 550" = Left 4 Dead 2
"Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™
"Steam App 57400" = Batman: Arkham City™
"Steam App 57650" = DUNGEONS - Steam Special Edition
"Steam App 630" = Alien Swarm
"Steam App 63000" = HOARD
"Steam App 63900" = Fantasy Wars
"Steam App 63910" = King's Bounty: Crossworlds
"Steam App 63960" = Theatre of War 3: Korea
"Steam App 64000" = Men of War: Assault Squad
"Steam App 65800" = Dungeon Defenders
"Steam App 70" = Half-Life
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 7500" = UFO: Afterlight
"Steam App 7610" = Railroad Tycoon 3
"Steam App 7620" = Railroad Tycoon 2: Platinum
"Steam App 7650" = X-COM: Terror from the Deep
"Steam App 7660" = X-COM: Apocalypse
"Steam App 7670" = BioShock
"Steam App 7730" = X-COM: Interceptor
"Steam App 7760" = X-COM: UFO Defense
"Steam App 7770" = X-COM: Enforcer
"Steam App 7780" = MLB® Front Office Manager
"Steam App 7830" = Men of War
"Steam App 7840" = Death Track: Resurrection
"Steam App 7850" = Cryostasis
"Steam App 7860" = NecroVisioN
"Steam App 8800" = Sid Meier's Civilization IV: Beyond the Sword
"Steam App 8850" = BioShock 2
"Steam App 8880" = Freedom Force
"Steam App 8890" = Freedom Force vs. the 3rd Reich
"Steam App 8970" = Axel & Pixel
"Steam App 8980" = Borderlands
"Steam App 9200" = RAGE
"Steam App 9800" = Death to Spies
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Wrye Bash" = Wrye Bash
"wxPython2.8-unicode-py27_is1" = wxPython 2.8.12.1 (unicode) for Python 2.7

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1032277354-1736115652-2695881760-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >






UPDATE
I don't think it's a hijacker or that I'm on a botnet.

I was playing Diablo 2 20 minutes ago and buttons started being pressed, so I exited out and opened notepad.

This is what was typed


Tisba7 3ala '7air Facebook. Ana mish fahim :(



"Ana mish fahim :(" is something I wrote on an arabic friends wall and "Tisba7 3ala '7air Facebook" as my own status update. It roughly translates into "I don't understand" and "Goodnight Facebook".

I wrote both of those sentences on the 18th March. MSE found 3 attemped WoW keyloggers between the 22nd and 25th March.

I'm led to believe that it's either a keylogger, or a fault in my keyboard/motherboard.

I have not updated my motherboard drivers in over a year, nor have I flashed the BIOS.



Looking forward to hearing from you soon Casey.

Edited by newuser2, 03 April 2012 - 03:13 AM.


#13 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:45 AM

Posted 03 April 2012 - 04:32 PM

Hmm. I'm struggling to find anything in your logs, but keyloggers can be difficult to spot. I don't know why a keylogger would then type the text it has logged though.

Do you have the scan logs for MSE when it detected those?

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#14 newuser2

newuser2
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 03 April 2012 - 07:59 PM

No I don't have the actual logs, but I do have the histories. All 3 have the name PWS:Win32/WoWSteal.BC


containerfile:C:\Users\Nicolas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P477G1VB\0[1].rar
file:C:\Users\Nicolas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P477G1VB\0[1].rar->(PECompact2 v2.50+)->(VFS:HIMYM.DLL)

file:C:\Users\Nicolas\AppData\Local\Temp\HIMYM.DLL

file:C:\Users\Nicolas\AppData\Local\Temp\HIMYM.DLL
process:pid:4000
regkey:HKCU@S-1-5-21-1032277354-1736115652-2695881760-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Disker
runkey:HKCU@S-1-5-21-1032277354-1736115652-2695881760-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Disker



A friend suggested to me that I may have stealth recorded a keyboard macro and that I've accidentally been pressing it or my keyboard memory buffer is haunted. I wasn't able to test the macro theory as I had way too many macros and they never list in the Razer firmware so it has been reset back to default.

#15 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:45 AM

Posted 04 April 2012 - 02:25 AM

OK, well I'm "out of town" for today and much of tomorrow, so I recommend you use the PC and keyboard (for non-personal and non-confidential stuff e.g. no sites that require a password) and see if the problem reoccurs after resetting your keyboard firmware.

Edit: I would also change your passwords on a clean PC - just to be safe.

Let's see if it happens again.

Casey

Edited by Casey_boy, 04 April 2012 - 02:25 AM.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users