Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef infection


  • This topic is locked This topic is locked
4 replies to this topic

#1 frankth3frizz

frankth3frizz

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:59 AM

Posted 16 June 2012 - 08:52 PM

Seems like I had the sirefef, it has completely shut down my mse but I went into safemode and ran combofix and im not getting redirects any more and mse and mbam doesnt find anything. Just want to make sure everything is clean and traces are removed.

ComboFix 12-06-16.01 - Byron 06/16/2012 16:46:03.9.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8175.6431 [GMT -7:00]
Running from: s:\users\Byron\New folder\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{149159c9-750d-6dca-1786-6a83e9d9237b}\@
c:\windows\Installer\{149159c9-750d-6dca-1786-6a83e9d9237b}\L\00000004.@
c:\windows\Installer\{149159c9-750d-6dca-1786-6a83e9d9237b}\L\1afb2d56
c:\windows\Installer\{149159c9-750d-6dca-1786-6a83e9d9237b}\L\201d3dde
c:\windows\Installer\{149159c9-750d-6dca-1786-6a83e9d9237b}\U\00000004.@
c:\windows\Installer\{149159c9-750d-6dca-1786-6a83e9d9237b}\U\00000008.@
c:\windows\Installer\{149159c9-750d-6dca-1786-6a83e9d9237b}\U\000000cb.@
c:\windows\Installer\{149159c9-750d-6dca-1786-6a83e9d9237b}\U\80000000.@
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache64\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-16 to 2012-06-16 )))))))))))))))))))))))))))))))
.
.
2012-06-16 23:47 . 2012-06-16 23:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-16 23:44 . 2012-05-15 08:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2FF5F70-03C7-468B-8E25-CB32CC97CD9B}\mpengine.dll
2012-06-16 23:30 . 2012-06-16 23:30 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6C761E89-8B85-4330-B13A-3A5EA7536C70}\gapaengine.dll
2012-06-16 23:30 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{60E3C9B5-12B9-4149-B2C9-7383BA3C0BC1}\mpengine.dll
2012-06-16 23:29 . 2012-06-16 23:29 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-16 23:29 . 2012-06-16 23:29 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-16 23:08 . 2012-06-16 23:08 -------- d-----w- c:\users\Byron\AppData\Roaming\SUPERAntiSpyware.com
2012-06-16 23:08 . 2012-06-16 23:08 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-16 06:11 . 2012-06-16 06:11 -------- d-----w- c:\users\Byron\AppData\Local\Funcom
2012-06-16 06:11 . 2012-06-16 06:11 -------- d-----w- c:\programdata\media center programs
2012-06-16 06:11 . 2012-06-16 06:11 -------- d-----w- c:\program files (x86)\Funcom
2012-06-16 04:57 . 2012-06-16 04:57 -------- d-----w- c:\program files (x86)\Oracle
2012-06-14 06:28 . 2012-06-14 06:28 31744 ----a-w- c:\windows\system32\drivers\ANDROIDUSB.sys
2012-06-14 06:28 . 2012-06-14 06:28 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-06-14 06:25 . 2012-06-14 06:25 -------- d-----w- c:\users\Byron\AppData\Local\Wondershare
2012-06-14 06:25 . 2012-06-14 06:25 -------- d-----w- c:\program files (x86)\Common Files\Wondershare
2012-06-14 06:25 . 2012-06-14 06:26 -------- d-----w- c:\users\Byron\AppData\Roaming\Wondershare
2012-06-14 06:25 . 2012-06-14 07:18 -------- d-----w- c:\program files (x86)\Wondershare
2012-06-14 03:39 . 2012-06-14 03:48 -------- d-----w- c:\users\Byron\AppData\Roaming\redsn0w
2012-06-14 02:45 . 2012-06-14 05:05 -------- d-----w- c:\users\Byron\AppData\Local\libimobiledevice
2012-06-13 01:06 . 2012-06-13 01:06 -------- d-----w- c:\program files\iTunes
2012-06-13 01:06 . 2012-06-13 01:06 -------- d-----w- c:\program files (x86)\iTunes
2012-06-13 01:06 . 2012-06-13 01:06 -------- d-----w- c:\program files\iPod
2012-06-13 01:06 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 01:06 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 01:06 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-09 20:08 . 2012-06-14 05:48 -------- d-----w- c:\users\Byron\AppData\Local\Adobe
2012-06-08 23:05 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-08 23:05 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-08 23:05 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-08 23:05 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-08 23:05 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-08 23:05 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-08 23:05 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-08 23:05 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-08 23:05 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-06 20:30 . 2012-06-06 20:30 -------- d-----w- c:\users\Byron\AppData\Local\Apple Computer
2012-06-05 15:41 . 2012-06-05 15:41 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-06-05 15:41 . 2012-06-05 15:41 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-06-05 15:41 . 2012-06-05 15:41 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-06-05 15:41 . 2012-06-05 15:41 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-06-05 15:41 . 2012-06-05 15:41 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-06-05 15:41 . 2012-06-05 15:41 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-06-05 15:41 . 2012-06-05 15:41 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-06-05 15:41 . 2012-06-05 15:41 -------- d-----w- c:\program files (x86)\QuickTime
2012-06-05 15:40 . 2012-06-05 15:40 -------- d-----w- c:\users\Byron\AppData\Local\Apple
2012-06-03 02:06 . 2012-06-03 02:06 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-03 02:06 . 2012-05-05 02:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-02 00:45 . 2012-06-02 00:45 388096 ----a-r- c:\users\Byron\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-02 00:45 . 2012-06-02 00:45 -------- d-----w- c:\program files (x86)\Trend Micro
2012-06-01 08:17 . 2012-06-01 08:17 -------- d-----w- c:\program files (x86)\ESET
2012-06-01 08:15 . 2012-06-02 09:34 -------- d-----w- c:\windows\system32\MpEngineStore
2012-05-31 23:17 . 2012-05-31 23:17 -------- d-----w- c:\users\Byron\AppData\Local\European Bus Simulator 2012
2012-05-31 23:10 . 2012-05-31 23:10 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-05-31 22:58 . 2012-05-31 23:16 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-05-31 22:51 . 2012-05-31 23:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-31 11:39 . 2012-05-31 11:39 -------- d-----w- c:\programdata\Trymedia
2012-05-19 21:04 . 2010-06-14 20:26 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-05-19 21:04 . 2010-05-12 15:42 1467200 ----a-w- c:\windows\system32\msvcr100d.dll
2012-05-19 21:04 . 2010-03-18 15:36 827728 ----a-w- c:\windows\system32\msvcr100.dll
2012-05-19 21:04 . 2009-09-30 19:08 1892184 ----a-w- c:\windows\system32\d3dx9_42.dll
2012-05-19 21:04 . 2009-09-23 22:48 431936 ----a-w- c:\windows\system32\msvcp100.dll
2012-05-19 21:04 . 2009-05-20 21:23 4178264 ----a-w- c:\windows\system32\d3dx9_41.dll
2012-05-19 21:04 . 2008-10-30 17:57 3851784 ----a-w- c:\windows\system32\d3dx9_39.dll
2012-05-19 21:04 . 2005-04-05 19:57 104960 ----a-w- c:\windows\system32\mssp32.dll
2012-05-19 21:04 . 2011-09-08 21:44 16384 ----a-w- c:\windows\system32\c12.1.dll
2012-05-19 21:04 . 2007-07-20 00:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2012-05-19 21:04 . 2006-10-31 02:25 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2012-05-19 20:34 . 2010-05-12 16:42 631616 ----a-w- c:\windows\system32\msvcp100d.dll
2012-05-19 20:21 . 2012-05-19 20:21 -------- d-----w- c:\programdata\Nexon
2012-05-19 20:20 . 2012-05-19 20:20 -------- d-----w- c:\users\Byron\AppData\Local\master131
2012-05-18 17:10 . 2012-05-18 10:23 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-16 06:24 . 2012-02-11 03:02 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-06-16 06:24 . 2012-02-11 02:45 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-06-16 06:24 . 2012-02-11 02:45 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-06-16 05:03 . 2012-04-11 07:41 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-16 05:03 . 2012-02-10 07:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-18 19:02 . 2012-02-11 02:45 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-05-15 22:03 . 2012-05-15 22:03 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-05-11 17:35 . 2012-05-11 17:35 87616 ----a-w- c:\windows\system32\drivers\SIVX64.sys
2012-05-05 07:38 . 2012-04-14 11:38 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-05 02:29 . 2012-02-11 05:08 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-19 03:56 . 2012-04-19 03:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 03:56 . 2012-04-19 03:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-06 05:34 . 2012-04-06 05:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 05:34 . 2012-04-06 05:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 05:34 . 2012-04-06 05:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 05:33 . 2012-04-06 05:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 05:33 . 2012-04-06 05:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 05:33 . 2012-04-06 05:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-06 05:32 . 2012-04-06 05:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-01-19 17:50 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2012-01-19 17:49 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-01-19 17:46 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2012-01-19 16:58 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2012-01-19 17:28 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-01-19 17:20 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-01-19 17:12 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-01-19 17:03 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-01-19 17:09 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:17 . 2012-04-06 01:17 71680 ----a-w- c:\windows\system32\amdave64.dll
2012-04-06 01:16 . 2012-04-06 01:16 72704 ----a-w- c:\windows\SysWow64\amdave32.dll
2012-04-06 01:16 . 2012-04-06 01:16 72704 ----a-w- c:\windows\system32\atisamu64.dll
2012-04-06 01:16 . 2012-04-06 01:16 67584 ----a-w- c:\windows\atisamu32.dll
2012-04-06 01:11 . 2012-01-19 16:53 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-01-19 16:53 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2012-01-19 16:52 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-01-19 16:52 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-01-19 16:52 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-04-04 22:56 . 2012-02-10 08:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 09:16 . 2012-02-11 17:03 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-04-03 09:16 . 2012-02-11 17:03 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-04-03 09:16 . 2012-02-11 17:03 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-04-03 09:16 . 2012-02-11 17:03 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-03-30 11:35 . 2012-05-11 06:01 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-25 00:30 . 2012-02-10 06:54 30528 ----a-w- c:\windows\GVTDrv64.sys
2012-03-25 00:29 . 2012-03-18 03:11 25640 ----a-w- c:\windows\gdrv.sys
2012-03-25 00:29 . 2012-02-10 07:09 25640 ----a-w- c:\windows\etdrv.sys
2012-03-21 03:44 . 2012-03-21 03:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44 . 2012-03-21 03:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-20 06:44 . 2012-03-20 06:44 5888792 ----a-w- c:\windows\system32\GfxUI.exe
2012-03-20 06:44 . 2012-03-20 06:44 509720 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-03-20 06:44 . 2012-03-20 06:44 439064 ----a-w- c:\windows\system32\igfxpers.exe
2012-03-20 06:44 . 2012-03-20 06:44 398616 ----a-w- c:\windows\system32\hkcmd.exe
2012-03-20 06:44 . 2012-03-20 06:44 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-03-20 06:44 . 2012-03-20 06:44 250136 ----a-w- c:\windows\system32\igfxext.exe
2012-03-20 06:44 . 2012-03-20 06:44 184600 ----a-w- c:\windows\system32\difx64.exe
2012-03-20 06:44 . 2012-03-20 06:44 170264 ----a-w- c:\windows\system32\igfxtray.exe
2012-03-20 06:42 . 2012-03-20 06:42 90112 ----a-w- c:\windows\system32\igfxCoIn_v2696.dll
2012-03-20 06:32 . 2012-03-20 06:32 14745600 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-03-20 06:31 . 2012-03-20 06:31 8087040 ----a-w- c:\windows\system32\igdumd64.dll
2012-03-20 06:31 . 2012-03-20 06:31 79360 ----a-w- c:\windows\system32\igdde64.dll
2012-03-20 06:26 . 2012-03-20 06:26 6120960 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-03-20 06:25 . 2012-03-20 06:25 58880 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-03-20 06:22 . 2012-03-20 06:22 9605632 ----a-w- c:\windows\system32\igd10umd64.dll
2012-03-20 06:11 . 2012-03-20 06:11 7795200 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-03-20 05:31 . 2012-03-20 05:31 18137088 ----a-w- c:\windows\system32\ig4icd64.dll
2012-03-20 05:21 . 2012-03-20 05:21 13212672 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-03-20 05:18 . 2012-03-20 05:18 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-03-20 05:18 . 2012-03-20 05:18 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-03-20 05:18 . 2012-03-20 05:18 438272 ----a-w- c:\windows\system32\igfxrsky.lrc
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-06-01 506712]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"Mionix NAOS 5000"="c:\program files (x86)\Mionix\NAOS 5000 Laser Gaming Mouse\NAOS_Monitor.EXE" [2011-02-19 184320]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"Wondershare Helper Compact"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-03-27 1686528]
.
c:\users\Byron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDock\ObjectDock.exe [2012-5-10 3581680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Core Temp.lnk - c:\program files\Core Temp\Core Temp.exe [2012-2-10 848336]
MobileGo Service.lnk - c:\program files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe [2012-6-13 96144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 yalamuvy;yalamuvy;c:\windows\system32\drivers\yalamuvy.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 257224]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-20 276248]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 cpuz134;cpuz134;c:\users\Byron\AppData\Local\Temp\HBCD\PCWizard\pcwiz_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-03-25 25640]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-04-26 135584]
R3 GPU-Z;GPU-Z;c:\users\Byron\AppData\Local\Temp\GPU-Z.sys [x]
R3 Gun;Gun;c:\program files (x86)\Game\SoftnyxGame\GunBoundIS\Gun64.sys [2012-03-18 45176]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-03-25 30528]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Ser2ph;Microsoft USB GPS driver;c:\windows\system32\DRIVERS\ser2ph64.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13592]
S0 mvs91xx;mvs91xx;c:\windows\system32\DRIVERS\mvs91xx.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AllShare;SAMSUNG AllShare Service;c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-07-17 6638080]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 iRacingService;iRacing.com Helper Service;c:\program files (x86)\iRacing\iRacingService.exe [2012-05-06 516264]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-20 386344]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
S3 ALSysIO;ALSysIO;c:\users\Byron\AppData\Local\Temp\ALSysIO64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2012-05-14 10568]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 05:03]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-710198752-149296124-4269579256-1000Core.job
- c:\users\Byron\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 07:56]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-710198752-149296124-4269579256-1000UA.job
- c:\users\Byron\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 07:56]
.
2012-06-16 c:\windows\Tasks\RtlLanOptimizerVistaStart.job
- c:\program files (x86)\Realtek\LanOptimizer\LanOptimizer.exe [2012-03-25 08:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-21 12632168]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-07-13 2264168]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://battlelog.battlefield.com/bf3/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Cleano - s:\users\Byron\Downloads\Cleano.exe
AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-PolarClock3 - c:\windows\system32\PolarClock3.scr
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
.
.
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_Ž\00\00Ž\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~Ž\00\00Ž\00\00\00\00Ž\00\00\00\00\00\00\00\00‘’“"
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-710198752-149296124-4269579256-1000\Software\SecuROM\License information*]
"datasecu"=hex:62,1d,d6,2f,a5,ff,b0,55,7b,07,64,5c,92,af,ff,68,7c,ae,1f,01,bf,
30,03,f4,5a,74,a1,92,54,b4,db,c0,80,89,b8,6b,c7,20,e0,96,01,10,b1,9d,83,4f,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
.
**************************************************************************
.
Completion time: 2012-06-16 16:50:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-16 23:50
ComboFix2.txt 2012-06-02 23:21
.
Pre-Run: 22,730,076,160 bytes free
Post-Run: 22,659,592,192 bytes free
.
- - End Of File - - D320F8FAB4F176B86354D25AEA27FF5D

Edited by jntkwx, 18 June 2012 - 09:25 AM.
Removed code tags (easier to read)


BC AdBot (Login to Remove)

 


#2 frankth3frizz

frankth3frizz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:59 AM

Posted 16 June 2012 - 08:56 PM

OTL scan

OTL logfile created on: 6/16/2012 6:52:43 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = S:\Users\Byron\New folder
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 5.09 Gb Available Physical Memory | 63.70% Memory free
14.98 Gb Paging File | 12.03 Gb Available in Paging File | 80.30% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.79 Gb Total Space | 21.51 Gb Free Space | 19.25% Space Free | Partition Type: NTFS
Drive D: | 500.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive S: | 931.51 Gb Total Space | 557.05 Gb Free Space | 59.80% Space Free | Partition Type: NTFS

Computer Name: BYRON-PC | User Name: Byron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/16 17:15:01 | 000,595,968 | ---- | M] (OldTimer Tools) -- S:\Users\Byron\New folder\OTL.exe
PRC - [2012/05/30 21:20:02 | 000,096,144 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
PRC - [2012/05/18 12:02:17 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/05/14 02:28:36 | 000,405,832 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
PRC - [2012/05/10 22:40:18 | 003,581,680 | ---- | M] (Stardock) -- C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
PRC - [2012/05/05 18:48:14 | 000,516,264 | R--- | M] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) -- C:\Program Files (x86)\iRacing\iRacingService.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/04/03 22:53:54 | 001,496,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/27 11:01:34 | 001,686,528 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
PRC - [2011/12/07 04:42:16 | 000,018,432 | R--- | M] (http://www.hiren.info) -- D:\HBCD\HBCDMenu.exe
PRC - [2011/09/14 01:05:16 | 000,805,480 | ---- | M] (Realtek Semiconductor) -- C:\Program Files (x86)\Realtek\LanOptimizer\LanOptimizer.exe
PRC - [2011/02/18 20:56:22 | 000,184,320 | ---- | M] (Mionix) -- C:\Program Files (x86)\Mionix\NAOS 5000 Laser Gaming Mouse\NAOS_Monitor.EXE
PRC - [2010/11/20 20:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/07/16 18:23:30 | 006,638,080 | ---- | M] () -- C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
PRC - [2010/06/09 16:15:34 | 000,417,906 | ---- | M] () -- C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/13 03:20:33 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/07 01:14:43 | 000,441,880 | ---- | M] () -- C:\Users\Byron\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll
MOD - [2012/06/07 01:14:42 | 003,922,456 | ---- | M] () -- C:\Users\Byron\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012/06/07 01:13:27 | 000,553,496 | ---- | M] () -- C:\Users\Byron\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll
MOD - [2012/06/07 01:13:26 | 000,117,784 | ---- | M] () -- C:\Users\Byron\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll
MOD - [2012/06/07 01:13:16 | 000,134,696 | ---- | M] () -- C:\Users\Byron\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012/06/07 01:13:15 | 000,250,408 | ---- | M] () -- C:\Users\Byron\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012/06/07 01:13:14 | 002,375,720 | ---- | M] () -- C:\Users\Byron\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2012/06/07 00:23:19 | 009,252,040 | ---- | M] () -- C:\Users\Byron\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
MOD - [2012/05/14 02:28:36 | 000,405,832 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
MOD - [2012/05/11 01:09:24 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/11 01:09:24 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll
MOD - [2012/05/11 01:09:24 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll
MOD - [2012/05/11 01:09:02 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/11 01:09:00 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/11 01:09:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/11 01:08:57 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/01 07:06:16 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
MOD - [2012/05/01 07:06:10 | 000,335,872 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
MOD - [2012/05/01 07:05:54 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll
MOD - [2012/05/01 07:05:44 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll
MOD - [2012/05/01 07:05:36 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll
MOD - [2012/04/03 22:53:52 | 000,249,232 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll
MOD - [2011/09/14 01:20:54 | 000,139,776 | ---- | M] () -- C:\Program Files (x86)\Realtek\LanOptimizer\gep.dll
MOD - [2011/04/30 08:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
MOD - [2010/11/20 20:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/11/03 22:35:36 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Mionix\NAOS 5000 Laser Gaming Mouse\hiddriver.dll
MOD - [2009/06/10 14:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2007/04/24 15:22:12 | 000,112,400 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\DockShellHook.dll
MOD - [2007/04/21 13:47:52 | 000,059,592 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\zlib.dll
MOD - [2007/04/19 14:23:48 | 000,095,944 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\CrashRpt.dll
MOD - [2002/11/19 14:11:40 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Common Files\Stardock\ODimg.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/05 19:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/08/19 17:43:23 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64) Cyberlink RichVideo64 Service(CRVS)
SRV:64bit: - [2010/04/06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/15 22:03:50 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/18 12:02:17 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/05/05 18:48:14 | 000,516,264 | R--- | M] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) [Auto | Running] -- C:\Program Files (x86)\iRacing\iRacingService.exe -- (iRacingService)
SRV - [2012/04/26 15:03:36 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel®
SRV - [2012/02/11 00:54:22 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/17 16:12:52 | 000,013,592 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2011/08/07 05:40:00 | 003,804,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/07/16 18:23:30 | 006,638,080 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (AllShare)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/13 23:28:27 | 000,031,744 | ---- | M] (HTC1124 Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2012/04/05 22:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 18:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 05:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/10/17 15:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/09/21 11:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011/09/14 03:16:12 | 000,032,360 | ---- | M] (NT Kernel Resources) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ndisrd.sys -- (ndisrd)
DRV:64bit: - [2011/07/28 20:40:00 | 000,079,104 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/07/28 20:40:00 | 000,056,960 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/05/31 20:16:50 | 000,535,656 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/14 02:29:46 | 000,313,136 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/15 09:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2011/01/10 19:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/12/16 15:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/14 10:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/04/27 17:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 17:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2010/04/27 17:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 15:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 15:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/03/12 22:25:28 | 000,089,600 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2ph64.sys -- (Ser2ph)
DRV - [2012/05/14 02:28:36 | 000,010,568 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2012/03/24 17:30:13 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2012/03/24 17:29:57 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012/03/24 17:29:57 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2012/03/18 13:41:47 | 000,045,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Game\SoftnyxGame\GunboundIS\Gun64.sys -- (Gun)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://battlelog.battlefield.com/bf3/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 A8 BF EC CC 30 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Program Files (x86)\Roblox\Versions\version-d2e4e6e567c64738\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Byron\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Byron\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/09 00:27:22 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Byron\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Byron\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Byron\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Byron\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Program Files (x86)\Roblox\Versions\version-d2e4e6e567c64738\\NPRobloxProxy.dll
CHR - plugin: WEBZEN Browser Extension (Enabled) = C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Byron\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube to mp3 Converter = C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahijimgmemmfimebeephpfpgiefjcima\1.1_0\
CHR - Extension: Missing e = C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid\2.9.17_0\
CHR - Extension: James White = C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\
CHR - Extension: YouTube = C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Pixlr-o-matic = C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj\1.2_0\
CHR - Extension: Video2Mp3 Converter = C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\eibkblbnadlohphpedkbokpejcokkohj\1.1.1_0\
CHR - Extension: Instachrome = C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\fldildgghjoohccppflaohodcnmlacpb\1.5.7.1_0\
CHR - Extension: AdBlock = C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.36_0\
CHR - Extension: InstaBrowser = C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ighkeghglkbljjmoineeppdkailinjii\1.10.1_0\
CHR - Extension: Webcam Toy = C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.2.2_0\
CHR - Extension: XKit = C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\njfldncgkajmfaalmbipngfkicdfjaip\5.8_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
CHR - Extension: Gmail = C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/16 16:49:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Mionix NAOS 5000] C:\Program Files (x86)\Mionix\NAOS 5000 Laser Gaming Mouse\NAOS_Monitor.EXE (Mionix)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Wondershare Helper Compact] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - Startup: C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - SS:\Program Files (x86)\VMware\x64\vsocklib.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - SS:\Program Files (x86)\VMware\x64\vsocklib.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBF582FE-0907-4A5F-8E8F-195B78C05463}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/07 04:42:16 | 000,000,128 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/16 17:27:13 | 000,000,000 | ---D | C] -- S:\Users\Byron\New folder\redsn0w_win_0.9.12b2
[2012/06/16 17:26:15 | 000,000,000 | ---D | C] -- S:\Users\Byron\New folder\redsn0w_win_0.9.6rc16
[2012/06/16 17:23:26 | 000,000,000 | ---D | C] -- S:\Users\Byron\New folder\redsn0w_win_0.9.6rc14
[2012/06/16 17:17:52 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- S:\Users\Byron\New folder\TDSSKiller.exe
[2012/06/16 17:15:07 | 000,595,968 | ---- | C] (OldTimer Tools) -- S:\Users\Byron\New folder\OTL.exe
[2012/06/16 17:13:52 | 004,559,558 | ---- | C] (Swearware) -- S:\Users\Byron\New folder\ComboFix.exe
[2012/06/16 16:50:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/16 16:49:25 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/06/16 16:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/16 16:29:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/06/16 16:08:31 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Roaming\SUPERAntiSpyware.com
[2012/06/16 16:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/06/15 23:11:16 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Local\Funcom
[2012/06/15 23:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\media center programs
[2012/06/15 23:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funcom
[2012/06/15 23:11:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funcom
[2012/06/15 21:57:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/14 00:17:54 | 000,000,000 | ---D | C] -- s:\Users\Byron\Documents\iMate
[2012/06/13 23:30:45 | 000,000,000 | ---D | C] -- s:\Users\Byron\Documents\Wondershare
[2012/06/13 23:28:27 | 001,490,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01007.dll
[2012/06/13 23:28:27 | 000,031,744 | ---- | C] (HTC1124 Inc) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys
[2012/06/13 23:25:54 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Local\Wondershare
[2012/06/13 23:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2012/06/13 23:25:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wondershare
[2012/06/13 23:25:51 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Roaming\Wondershare
[2012/06/13 23:25:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare
[2012/06/13 20:39:37 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Roaming\redsn0w
[2012/06/13 19:45:25 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Local\libimobiledevice
[2012/06/13 03:00:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/13 03:00:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/13 03:00:18 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/13 03:00:18 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/13 03:00:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/13 03:00:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/13 03:00:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/13 03:00:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/13 03:00:16 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/13 03:00:16 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/13 03:00:16 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/13 03:00:16 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/13 03:00:16 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/12 18:06:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/12 18:06:05 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/12 18:06:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/06/12 18:06:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/12 18:06:01 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/12 18:06:01 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/12 18:06:01 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/12 18:05:58 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/12 18:05:58 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/12 18:05:58 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/12 18:05:57 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/12 18:05:56 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/12 18:05:56 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/09 13:08:13 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Local\Adobe
[2012/06/08 16:05:21 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/08 16:05:21 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/08 16:05:21 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/08 16:05:19 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/08 16:05:19 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/08 16:05:19 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/08 16:05:19 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/08 16:05:19 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/06 13:30:09 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Local\Apple Computer
[2012/06/05 08:41:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/05 08:41:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/06/05 08:40:00 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Local\Apple
[2012/06/03 07:57:58 | 000,000,000 | ---D | C] -- s:\Users\Byron\Documents\Outlook Files
[2012/06/02 19:06:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/02 19:06:34 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/06/02 19:06:34 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/06/02 19:06:32 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/06/02 19:06:32 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/06/01 17:45:12 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/06/01 17:45:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/06/01 01:17:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/06/01 01:15:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2012/05/31 16:17:02 | 000,000,000 | ---D | C] -- s:\Users\Byron\Documents\European Bus Simulator 2012
[2012/05/31 16:17:02 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Local\European Bus Simulator 2012
[2012/05/31 16:10:47 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/05/31 15:58:22 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
[2012/05/31 15:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/05/31 15:49:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/31 15:05:11 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Local\{C921C65A-2D97-4B00-91FB-318525FC960B}
[2012/05/31 15:05:00 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Local\{7AE0FB93-559D-4524-9FC3-2270E81FEDB1}
[2012/05/31 04:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2012/05/31 04:39:44 | 000,000,000 | ---D | C] -- s:\Users\Byron\Documents\Trucks & Trailers
[2012/05/30 18:12:12 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Local\{41FF9F2E-CE08-4690-9DCE-84299BCFBEA5}
[2012/05/27 09:55:36 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Local\{FA7E4D6D-AAAC-4A98-B61C-C8B3D6833EB5}
[2012/05/27 09:55:25 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Local\{BD7DBFA2-1319-4BAF-98A9-F4D3453E8CE2}
[2012/05/19 14:04:46 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_41.dll
[2012/05/19 14:04:46 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_39.dll
[2012/05/19 14:04:46 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2012/05/19 14:04:46 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_42.dll
[2012/05/19 14:04:46 | 001,467,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100d.dll
[2012/05/19 14:04:46 | 000,827,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100.dll
[2012/05/19 14:04:46 | 000,431,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp100.dll
[2012/05/19 14:04:45 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2012/05/19 14:04:45 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2012/05/19 14:04:45 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2012/05/19 13:39:00 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Local\{50C3BF68-18C1-4587-91D5-D87B04FA07BA}
[2012/05/19 13:38:49 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Local\{4319874A-5B52-420F-B8D7-2935D3185551}
[2012/05/19 13:34:45 | 000,631,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp100d.dll
[2012/05/19 13:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2012/05/19 13:20:46 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Local\master131
[2012/05/19 13:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
[2012/05/19 13:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2012/05/18 10:55:49 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Local\{64852377-B3BF-400D-9DFA-597DF200BC8A}
[2012/05/18 10:55:38 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Local\{89A12A0C-54E0-478C-9B2C-EBFCC9626FB7}
[2012/05/18 10:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
[2012/05/17 21:50:08 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Local\{58C85D35-177A-4DCE-9A38-DBDBF5CA2DF3}

========== Files - Modified Within 30 Days ==========

[2012/06/16 18:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/16 18:06:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-710198752-149296124-4269579256-1000UA.job
[2012/06/16 17:15:01 | 000,595,968 | ---- | M] (OldTimer Tools) -- S:\Users\Byron\New folder\OTL.exe
[2012/06/16 17:13:44 | 004,559,558 | ---- | M] (Swearware) -- S:\Users\Byron\New folder\ComboFix.exe
[2012/06/16 16:57:32 | 000,786,486 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/16 16:57:32 | 000,665,138 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/16 16:57:32 | 000,122,906 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/16 16:55:25 | 000,031,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/16 16:55:25 | 000,031,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/16 16:49:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/16 16:49:24 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\RtlLanOptimizerVistaStart.job
[2012/06/16 16:48:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/16 16:47:48 | 000,000,141 | ---- | M] () -- C:\Users\Byron\AppData\Roaming\Network Monitor II_Traffic.ini
[2012/06/16 16:29:46 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/16 16:29:41 | 000,800,080 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/16 13:06:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-710198752-149296124-4269579256-1000Core.job
[2012/06/15 23:24:14 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/06/15 23:24:14 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/06/15 23:24:04 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/06/15 23:11:02 | 000,001,203 | ---- | M] () -- C:\Users\Public\Desktop\The Secret World.lnk
[2012/06/15 22:03:50 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/15 22:03:50 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/15 15:15:16 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- S:\Users\Byron\New folder\TDSSKiller.exe
[2012/06/13 23:28:35 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
[2012/06/13 23:28:27 | 001,490,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01007.dll
[2012/06/13 23:28:27 | 000,031,744 | ---- | M] (HTC1124 Inc) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys
[2012/06/13 23:25:53 | 000,002,236 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk
[2012/06/13 23:25:53 | 000,002,193 | ---- | M] () -- C:\Users\Byron\Application Data\Microsoft\Internet Explorer\Quick Launch\Wondershare MobileGo for Android.lnk
[2012/06/13 03:19:14 | 004,977,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/02 15:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/02 15:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/02 15:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/02 15:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/02 15:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/02 15:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/05/31 16:16:27 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
[2012/05/18 12:02:17 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/05/18 03:23:31 | 003,130,440 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/05/17 22:48:52 | 000,007,658 | ---- | M] () -- C:\Users\Byron\AppData\Local\resmon.resmoncfg
[2012/05/17 19:06:48 | 002,311,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/05/17 18:58:39 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/05/17 18:58:15 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/05/17 18:55:22 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/05/17 18:55:06 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

========== Files Created - No Company Name ==========

[2012/06/16 17:25:11 | 017,932,288 | ---- | C] () -- S:\Users\Byron\New folder\redsn0w.exe
[2012/06/16 16:29:42 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/15 23:11:02 | 000,001,203 | ---- | C] () -- C:\Users\Public\Desktop\The Secret World.lnk
[2012/06/13 23:28:35 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
[2012/06/13 23:25:53 | 000,002,236 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk
[2012/06/13 23:25:53 | 000,002,193 | ---- | C] () -- C:\Users\Byron\Application Data\Microsoft\Internet Explorer\Quick Launch\Wondershare MobileGo for Android.lnk
[2012/05/19 14:04:46 | 000,104,960 | ---- | C] () -- C:\Windows\SysNative\mssp32.dll
[2012/05/19 14:04:45 | 000,016,384 | ---- | C] () -- C:\Windows\SysNative\c12.1.dll
[2012/05/18 10:10:45 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/05/15 02:08:56 | 000,000,514 | ---- | C] () -- C:\Users\Byron\AppData\Roaming\GPU Monitor_GPU0_Settings.ini
[2012/04/24 11:26:14 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll
[2012/04/24 11:26:14 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\muengine.dll
[2012/04/18 10:39:31 | 003,360,624 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/04/03 03:01:33 | 000,000,141 | ---- | C] () -- C:\Users\Byron\AppData\Roaming\Network Monitor II_Traffic.ini
[2012/04/03 02:58:47 | 000,001,780 | ---- | C] () -- C:\Users\Byron\AppData\Roaming\System Monitor II_CPU0_Settings.ini
[2012/03/19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/03/19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/03/16 01:22:55 | 000,000,000 | ---- | C] () -- C:\Windows\3d clock.ini
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/02/20 22:07:31 | 000,003,584 | ---- | C] () -- C:\Users\Byron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/19 20:12:13 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/02/14 19:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 19:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/14 18:47:06 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/14 18:47:06 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/02/13 00:42:48 | 000,000,512 | ---- | C] () -- C:\Users\Byron\AppData\Roaming\GPU Monitor_GPU1_Settings.ini
[2012/02/10 19:45:37 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/02/10 19:45:36 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/02/10 19:36:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/02/10 08:42:32 | 000,000,275 | ---- | C] () -- C:\Users\Byron\AppData\Roaming\System Uptime Full Plus_Settings.ini
[2012/02/10 08:03:46 | 000,000,339 | ---- | C] () -- C:\Users\Byron\AppData\Roaming\Drives Meter_Settings.ini
[2012/02/10 08:02:51 | 000,000,352 | ---- | C] () -- C:\Users\Byron\AppData\Roaming\Network Meter_Settings.ini
[2012/02/10 08:01:38 | 000,000,412 | ---- | C] () -- C:\Users\Byron\AppData\Roaming\All CPU Meter_Settings.ini
[2012/02/10 01:22:13 | 000,037,232 | ---- | C] () -- C:\Windows\ASScrProlog.exe
[2012/02/10 01:22:10 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2012/02/10 01:21:54 | 000,001,531 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/02/10 00:41:42 | 000,800,080 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/10 00:01:20 | 000,007,658 | ---- | C] () -- C:\Users\Byron\AppData\Local\resmon.resmoncfg
[2012/02/09 23:54:10 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012/02/09 23:52:06 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2012/02/09 23:49:17 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/02/09 23:47:46 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/19 06:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2011/09/12 16:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 296 bytes -> C:\Mount:$WIMMOUNTDATA

< End of report >

Edited by jntkwx, 18 June 2012 - 09:25 AM.
Removed code tags (easier to read)


#3 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:59 AM

Posted 18 June 2012 - 09:30 AM

Hi frankth3frizz,


:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code boxes (unless explicitly asked to)
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

 


Posted Image One or more of the identified infections (in this case, ZeroAccess) is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

:step1: FRST

Please download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

- OR -

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
:step2: Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

In your next reply, please include:
  • FRST log
  • FSS log
  • How's your computer running now? Please be as descriptive as possible.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:59 AM

Posted 21 June 2012 - 01:14 PM

Hi frankth3frizz,

It has been three days since my last post. Do you still need help?

If you do, please follow my previous instructions. :thumbup2:
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:59 AM

Posted 23 June 2012 - 08:17 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users